naftiko: 1.0.0-alpha2 info: label: Ory Identities API — identity description: 'Ory Identities API — identity. 19 operations. Lead operation: List Identities. Self-contained Naftiko capability covering one Ory business surface.' tags: - Ory - identity created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: ORY_API_KEY: ORY_API_KEY capability: consumes: - type: http namespace: kratos-identity baseUri: '' description: Ory Identities API — identity business capability. Self-contained, no shared references. resources: - name: admin-identities path: /admin/identities operations: - name: listidentities method: GET description: List Identities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: per_page in: query type: integer description: Deprecated Items per Page - name: page in: query type: integer description: Deprecated Pagination Page - name: page_size in: query type: integer description: Page Size - name: page_token in: query type: string description: Next Page Token - name: consistency in: query type: string description: Read Consistency Level (preview) - name: ids in: query type: array description: Retrieve multiple identities by their IDs. - name: credentials_identifier in: query type: string description: CredentialsIdentifier is the identifier (username, email) of the credentials to look up using exact match. - name: preview_credentials_identifier_similar in: query type: string description: This is an EXPERIMENTAL parameter that WILL CHANGE. Do NOT rely on consistent, deterministic behavior. - name: include_credential in: query type: array description: Include Credentials in Response - name: organization_id in: query type: string description: List identities that belong to a specific organization. - name: batchpatchidentities method: PATCH description: Create multiple identities outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: createidentity method: POST description: Create an Identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: admin-identities-by-external-externalID path: /admin/identities/by/external/{externalID} operations: - name: getidentitybyexternalid method: GET description: Get an Identity by its External ID outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: externalID in: path type: string description: ExternalID must be set to the ID of identity you want to get required: true - name: include_credential in: query type: array description: Include Credentials in Response - name: admin-identities-id path: /admin/identities/{id} operations: - name: deleteidentity method: DELETE description: Delete an Identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID is the identity's ID. required: true - name: getidentity method: GET description: Get an Identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID must be set to the ID of identity you want to get required: true - name: include_credential in: query type: array description: Include Credentials in Response - name: patchidentity method: PATCH description: Patch an Identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID must be set to the ID of identity you want to update required: true - name: body in: body type: object description: Request body (JSON). required: false - name: updateidentity method: PUT description: Update an Identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID must be set to the ID of identity you want to update required: true - name: body in: body type: object description: Request body (JSON). required: false - name: admin-identities-id-credentials-type path: /admin/identities/{id}/credentials/{type} operations: - name: deleteidentitycredentials method: DELETE description: Delete a credential for a specific identity outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID is the identity's ID. required: true - name: type in: path type: string description: Type is the type of credentials to delete. required: true - name: identifier in: query type: string description: Identifier is the identifier of the OIDC/SAML credential to delete. - name: admin-identities-id-sessions path: /admin/identities/{id}/sessions operations: - name: deleteidentitysessions method: DELETE description: Delete & Invalidate an Identity's Sessions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID is the identity's ID. required: true - name: listidentitysessions method: GET description: List an Identity's Sessions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: per_page in: query type: integer description: Deprecated Items per Page - name: page in: query type: integer description: Deprecated Pagination Page - name: page_size in: query type: integer description: Page Size - name: page_token in: query type: string description: Next Page Token - name: id in: path type: string description: ID is the identity's ID. required: true - name: active in: query type: boolean description: Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. - name: admin-recovery-code path: /admin/recovery/code operations: - name: createrecoverycodeforidentity method: POST description: Create a Recovery Code outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: admin-recovery-link path: /admin/recovery/link operations: - name: createrecoverylinkforidentity method: POST description: Create a Recovery Link outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: return_to in: query type: string - name: body in: body type: object description: Request body (JSON). required: false - name: admin-sessions path: /admin/sessions operations: - name: listsessions method: GET description: List All Sessions outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: page_size in: query type: integer description: Items per Page - name: page_token in: query type: string description: Next Page Token - name: active in: query type: boolean description: Active is a boolean flag that filters out sessions based on the state. If no value is provided, all sessions are returned. - name: expand in: query type: array description: ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. - name: admin-sessions-id path: /admin/sessions/{id} operations: - name: disablesession method: DELETE description: Deactivate a Session outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID is the session's ID. required: true - name: getsession method: GET description: Get Session outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: expand in: query type: array description: ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session. - name: id in: path type: string description: ID is the session's ID. required: true - name: admin-sessions-id-extend path: /admin/sessions/{id}/extend operations: - name: extendsession method: PATCH description: Extend a Session outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID is the session's ID. required: true - name: schemas path: /schemas operations: - name: listidentityschemas method: GET description: Get all Identity Schemas outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: per_page in: query type: integer description: Deprecated Items per Page - name: page in: query type: integer description: Deprecated Pagination Page - name: page_size in: query type: integer description: Page Size - name: page_token in: query type: string description: Next Page Token - name: schemas-id path: /schemas/{id} operations: - name: getidentityschema method: GET description: Get Identity JSON Schema outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id in: path type: string description: ID must be set to the ID of schema you want to get required: true authentication: type: apikey key: Authorization value: '{{env.ORY_API_KEY}}' placement: header exposes: - type: rest namespace: kratos-identity-rest port: 8080 description: REST adapter for Ory Identities API — identity. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/admin/identities name: admin-identities description: REST surface for admin-identities. operations: - method: GET name: listidentities description: List Identities call: kratos-identity.listidentities with: per_page: rest.per_page page: rest.page page_size: rest.page_size page_token: rest.page_token consistency: rest.consistency ids: rest.ids credentials_identifier: rest.credentials_identifier preview_credentials_identifier_similar: rest.preview_credentials_identifier_similar include_credential: rest.include_credential organization_id: rest.organization_id outputParameters: - type: object mapping: $. - method: PATCH name: batchpatchidentities description: Create multiple identities call: kratos-identity.batchpatchidentities with: body: rest.body outputParameters: - type: object mapping: $. - method: POST name: createidentity description: Create an Identity call: kratos-identity.createidentity with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/admin/identities/by/external/{externalid} name: admin-identities-by-external-externalid description: REST surface for admin-identities-by-external-externalID. operations: - method: GET name: getidentitybyexternalid description: Get an Identity by its External ID call: kratos-identity.getidentitybyexternalid with: externalID: rest.externalID include_credential: rest.include_credential outputParameters: - type: object mapping: $. - path: /v1/admin/identities/{id} name: admin-identities-id description: REST surface for admin-identities-id. operations: - method: DELETE name: deleteidentity description: Delete an Identity call: kratos-identity.deleteidentity with: id: rest.id outputParameters: - type: object mapping: $. - method: GET name: getidentity description: Get an Identity call: kratos-identity.getidentity with: id: rest.id include_credential: rest.include_credential outputParameters: - type: object mapping: $. - method: PATCH name: patchidentity description: Patch an Identity call: kratos-identity.patchidentity with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - method: PUT name: updateidentity description: Update an Identity call: kratos-identity.updateidentity with: id: rest.id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/admin/identities/{id}/credentials/{type} name: admin-identities-id-credentials-type description: REST surface for admin-identities-id-credentials-type. operations: - method: DELETE name: deleteidentitycredentials description: Delete a credential for a specific identity call: kratos-identity.deleteidentitycredentials with: id: rest.id type: rest.type identifier: rest.identifier outputParameters: - type: object mapping: $. - path: /v1/admin/identities/{id}/sessions name: admin-identities-id-sessions description: REST surface for admin-identities-id-sessions. operations: - method: DELETE name: deleteidentitysessions description: Delete & Invalidate an Identity's Sessions call: kratos-identity.deleteidentitysessions with: id: rest.id outputParameters: - type: object mapping: $. - method: GET name: listidentitysessions description: List an Identity's Sessions call: kratos-identity.listidentitysessions with: per_page: rest.per_page page: rest.page page_size: rest.page_size page_token: rest.page_token id: rest.id active: rest.active outputParameters: - type: object mapping: $. - path: /v1/admin/recovery/code name: admin-recovery-code description: REST surface for admin-recovery-code. operations: - method: POST name: createrecoverycodeforidentity description: Create a Recovery Code call: kratos-identity.createrecoverycodeforidentity with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/admin/recovery/link name: admin-recovery-link description: REST surface for admin-recovery-link. operations: - method: POST name: createrecoverylinkforidentity description: Create a Recovery Link call: kratos-identity.createrecoverylinkforidentity with: return_to: rest.return_to body: rest.body outputParameters: - type: object mapping: $. - path: /v1/admin/sessions name: admin-sessions description: REST surface for admin-sessions. operations: - method: GET name: listsessions description: List All Sessions call: kratos-identity.listsessions with: page_size: rest.page_size page_token: rest.page_token active: rest.active expand: rest.expand outputParameters: - type: object mapping: $. - path: /v1/admin/sessions/{id} name: admin-sessions-id description: REST surface for admin-sessions-id. operations: - method: DELETE name: disablesession description: Deactivate a Session call: kratos-identity.disablesession with: id: rest.id outputParameters: - type: object mapping: $. - method: GET name: getsession description: Get Session call: kratos-identity.getsession with: expand: rest.expand id: rest.id outputParameters: - type: object mapping: $. - path: /v1/admin/sessions/{id}/extend name: admin-sessions-id-extend description: REST surface for admin-sessions-id-extend. operations: - method: PATCH name: extendsession description: Extend a Session call: kratos-identity.extendsession with: id: rest.id outputParameters: - type: object mapping: $. - path: /v1/schemas name: schemas description: REST surface for schemas. operations: - method: GET name: listidentityschemas description: Get all Identity Schemas call: kratos-identity.listidentityschemas with: per_page: rest.per_page page: rest.page page_size: rest.page_size page_token: rest.page_token outputParameters: - type: object mapping: $. - path: /v1/schemas/{id} name: schemas-id description: REST surface for schemas-id. operations: - method: GET name: getidentityschema description: Get Identity JSON Schema call: kratos-identity.getidentityschema with: id: rest.id outputParameters: - type: object mapping: $. - type: mcp namespace: kratos-identity-mcp port: 9090 transport: http description: MCP adapter for Ory Identities API — identity. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-identities description: List Identities hints: readOnly: true destructive: false idempotent: true call: kratos-identity.listidentities with: per_page: tools.per_page page: tools.page page_size: tools.page_size page_token: tools.page_token consistency: tools.consistency ids: tools.ids credentials_identifier: tools.credentials_identifier preview_credentials_identifier_similar: tools.preview_credentials_identifier_similar include_credential: tools.include_credential organization_id: tools.organization_id outputParameters: - type: object mapping: $. - name: create-multiple-identities description: Create multiple identities hints: readOnly: false destructive: false idempotent: true call: kratos-identity.batchpatchidentities with: body: tools.body outputParameters: - type: object mapping: $. - name: create-identity description: Create an Identity hints: readOnly: false destructive: false idempotent: false call: kratos-identity.createidentity with: body: tools.body outputParameters: - type: object mapping: $. - name: get-identity-its-external-id description: Get an Identity by its External ID hints: readOnly: true destructive: false idempotent: true call: kratos-identity.getidentitybyexternalid with: externalID: tools.externalID include_credential: tools.include_credential outputParameters: - type: object mapping: $. - name: delete-identity description: Delete an Identity hints: readOnly: false destructive: true idempotent: true call: kratos-identity.deleteidentity with: id: tools.id outputParameters: - type: object mapping: $. - name: get-identity description: Get an Identity hints: readOnly: true destructive: false idempotent: true call: kratos-identity.getidentity with: id: tools.id include_credential: tools.include_credential outputParameters: - type: object mapping: $. - name: patch-identity description: Patch an Identity hints: readOnly: false destructive: false idempotent: true call: kratos-identity.patchidentity with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: update-identity description: Update an Identity hints: readOnly: false destructive: false idempotent: true call: kratos-identity.updateidentity with: id: tools.id body: tools.body outputParameters: - type: object mapping: $. - name: delete-credential-specific-identity description: Delete a credential for a specific identity hints: readOnly: false destructive: true idempotent: true call: kratos-identity.deleteidentitycredentials with: id: tools.id type: tools.type identifier: tools.identifier outputParameters: - type: object mapping: $. - name: delete-invalidate-identity-s-sessions description: Delete & Invalidate an Identity's Sessions hints: readOnly: false destructive: true idempotent: true call: kratos-identity.deleteidentitysessions with: id: tools.id outputParameters: - type: object mapping: $. - name: list-identity-s-sessions description: List an Identity's Sessions hints: readOnly: true destructive: false idempotent: true call: kratos-identity.listidentitysessions with: per_page: tools.per_page page: tools.page page_size: tools.page_size page_token: tools.page_token id: tools.id active: tools.active outputParameters: - type: object mapping: $. - name: create-recovery-code description: Create a Recovery Code hints: readOnly: false destructive: false idempotent: false call: kratos-identity.createrecoverycodeforidentity with: body: tools.body outputParameters: - type: object mapping: $. - name: create-recovery-link description: Create a Recovery Link hints: readOnly: false destructive: false idempotent: false call: kratos-identity.createrecoverylinkforidentity with: return_to: tools.return_to body: tools.body outputParameters: - type: object mapping: $. - name: list-all-sessions description: List All Sessions hints: readOnly: true destructive: false idempotent: true call: kratos-identity.listsessions with: page_size: tools.page_size page_token: tools.page_token active: tools.active expand: tools.expand outputParameters: - type: object mapping: $. - name: deactivate-session description: Deactivate a Session hints: readOnly: false destructive: true idempotent: true call: kratos-identity.disablesession with: id: tools.id outputParameters: - type: object mapping: $. - name: get-session description: Get Session hints: readOnly: true destructive: false idempotent: true call: kratos-identity.getsession with: expand: tools.expand id: tools.id outputParameters: - type: object mapping: $. - name: extend-session description: Extend a Session hints: readOnly: false destructive: false idempotent: true call: kratos-identity.extendsession with: id: tools.id outputParameters: - type: object mapping: $. - name: get-all-identity-schemas description: Get all Identity Schemas hints: readOnly: true destructive: false idempotent: true call: kratos-identity.listidentityschemas with: per_page: tools.per_page page: tools.page page_size: tools.page_size page_token: tools.page_token outputParameters: - type: object mapping: $. - name: get-identity-json-schema description: Get Identity JSON Schema hints: readOnly: true destructive: false idempotent: true call: kratos-identity.getidentityschema with: id: tools.id outputParameters: - type: object mapping: $.