naftiko: 1.0.0-alpha2 info: label: OneLogin API — Users description: 'OneLogin API — Users. 14 operations. Lead operation: List users. Self-contained Naftiko capability covering one Onelogin business surface.' tags: - Onelogin - Users created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: ONELOGIN_API_KEY: ONELOGIN_API_KEY capability: consumes: - type: http namespace: onelogin-users baseUri: https://{subdomain}.onelogin.com description: OneLogin API — Users business capability. Self-contained, no shared references. resources: - name: api-1-users path: /api/1/users operations: - name: listusers method: GET description: List users outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: limit in: query type: integer - name: page in: query type: integer - name: createuser method: POST description: Create user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-1-users-id path: /api/1/users/{id} operations: - name: getuser method: GET description: Get user by ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateuser method: PUT description: Update user by ID outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleteuser method: DELETE description: Delete user by ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-1-users-id-apps path: /api/1/users/{id}/apps operations: - name: getuserapps method: GET description: Get apps for a user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-1-users-id-custom_attributes path: /api/1/users/{id}/custom_attributes operations: - name: setusercustomattribute method: PUT description: Set custom attribute outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-1-users-id-lock path: /api/1/users/{id}/lock operations: - name: lockuser method: POST description: Lock user account outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-1-users-id-logout path: /api/1/users/{id}/logout operations: - name: logoutuser method: POST description: Log user out outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-1-users-id-password path: /api/1/users/{id}/password operations: - name: setuserpassword method: PUT description: Set user password outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-1-users-id-roles path: /api/1/users/{id}/roles operations: - name: getuserroles method: GET description: Get roles for a user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: assignuserrole method: POST description: Assign role to user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-1-users-id-roles-role_id path: /api/1/users/{id}/roles/{role_id} operations: - name: removeuserrole method: DELETE description: Remove role from user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: api-1-users-id-state path: /api/1/users/{id}/state operations: - name: setuserstate method: PUT description: Set user state outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: bearer token: '{{env.ONELOGIN_API_KEY}}' exposes: - type: rest namespace: onelogin-users-rest port: 8080 description: REST adapter for OneLogin API — Users. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/1/users name: api-1-users description: REST surface for api-1-users. operations: - method: GET name: listusers description: List users call: onelogin-users.listusers with: limit: rest.limit page: rest.page outputParameters: - type: object mapping: $. - method: POST name: createuser description: Create user call: onelogin-users.createuser with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id} name: api-1-users-id description: REST surface for api-1-users-id. operations: - method: GET name: getuser description: Get user by ID call: onelogin-users.getuser outputParameters: - type: object mapping: $. - method: PUT name: updateuser description: Update user by ID call: onelogin-users.updateuser with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuser description: Delete user by ID call: onelogin-users.deleteuser outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id}/apps name: api-1-users-id-apps description: REST surface for api-1-users-id-apps. operations: - method: GET name: getuserapps description: Get apps for a user call: onelogin-users.getuserapps outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id}/custom-attributes name: api-1-users-id-custom-attributes description: REST surface for api-1-users-id-custom_attributes. operations: - method: PUT name: setusercustomattribute description: Set custom attribute call: onelogin-users.setusercustomattribute outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id}/lock name: api-1-users-id-lock description: REST surface for api-1-users-id-lock. operations: - method: POST name: lockuser description: Lock user account call: onelogin-users.lockuser outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id}/logout name: api-1-users-id-logout description: REST surface for api-1-users-id-logout. operations: - method: POST name: logoutuser description: Log user out call: onelogin-users.logoutuser outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id}/password name: api-1-users-id-password description: REST surface for api-1-users-id-password. operations: - method: PUT name: setuserpassword description: Set user password call: onelogin-users.setuserpassword outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id}/roles name: api-1-users-id-roles description: REST surface for api-1-users-id-roles. operations: - method: GET name: getuserroles description: Get roles for a user call: onelogin-users.getuserroles outputParameters: - type: object mapping: $. - method: POST name: assignuserrole description: Assign role to user call: onelogin-users.assignuserrole outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id}/roles/{role-id} name: api-1-users-id-roles-role-id description: REST surface for api-1-users-id-roles-role_id. operations: - method: DELETE name: removeuserrole description: Remove role from user call: onelogin-users.removeuserrole outputParameters: - type: object mapping: $. - path: /v1/api/1/users/{id}/state name: api-1-users-id-state description: REST surface for api-1-users-id-state. operations: - method: PUT name: setuserstate description: Set user state call: onelogin-users.setuserstate outputParameters: - type: object mapping: $. - type: mcp namespace: onelogin-users-mcp port: 9090 transport: http description: MCP adapter for OneLogin API — Users. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-users description: List users hints: readOnly: true destructive: false idempotent: true call: onelogin-users.listusers with: limit: tools.limit page: tools.page outputParameters: - type: object mapping: $. - name: create-user description: Create user hints: readOnly: false destructive: false idempotent: false call: onelogin-users.createuser with: body: tools.body outputParameters: - type: object mapping: $. - name: get-user-id description: Get user by ID hints: readOnly: true destructive: false idempotent: true call: onelogin-users.getuser outputParameters: - type: object mapping: $. - name: update-user-id description: Update user by ID hints: readOnly: false destructive: false idempotent: true call: onelogin-users.updateuser with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-user-id description: Delete user by ID hints: readOnly: false destructive: true idempotent: true call: onelogin-users.deleteuser outputParameters: - type: object mapping: $. - name: get-apps-user description: Get apps for a user hints: readOnly: true destructive: false idempotent: true call: onelogin-users.getuserapps outputParameters: - type: object mapping: $. - name: set-custom-attribute description: Set custom attribute hints: readOnly: false destructive: false idempotent: true call: onelogin-users.setusercustomattribute outputParameters: - type: object mapping: $. - name: lock-user-account description: Lock user account hints: readOnly: false destructive: false idempotent: false call: onelogin-users.lockuser outputParameters: - type: object mapping: $. - name: log-user-out description: Log user out hints: readOnly: false destructive: false idempotent: false call: onelogin-users.logoutuser outputParameters: - type: object mapping: $. - name: set-user-password description: Set user password hints: readOnly: false destructive: false idempotent: true call: onelogin-users.setuserpassword outputParameters: - type: object mapping: $. - name: get-roles-user description: Get roles for a user hints: readOnly: true destructive: false idempotent: true call: onelogin-users.getuserroles outputParameters: - type: object mapping: $. - name: assign-role-user description: Assign role to user hints: readOnly: false destructive: false idempotent: false call: onelogin-users.assignuserrole outputParameters: - type: object mapping: $. - name: remove-role-user description: Remove role from user hints: readOnly: false destructive: true idempotent: true call: onelogin-users.removeuserrole outputParameters: - type: object mapping: $. - name: set-user-state description: Set user state hints: readOnly: false destructive: false idempotent: true call: onelogin-users.setuserstate outputParameters: - type: object mapping: $.