naftiko: 1.0.0-alpha2 info: label: ZAP API — httpSessions description: 'ZAP API — httpSessions. 16 operations. Lead operation: httpSessions. Self-contained Naftiko capability covering one Owasp Zap business surface.' tags: - Owasp Zap - httpSessions created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY capability: consumes: - type: http namespace: owasp-zap-httpsessions baseUri: http://zap description: ZAP API — httpSessions business capability. Self-contained, no shared references. resources: - name: JSON-httpSessions-action-addDefaultSessionToken path: /JSON/httpSessions/action/addDefaultSessionToken/ operations: - name: httpsessionsactionadddefaultsessiontoken method: GET description: Adds a default session token with the given name and enabled state. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-addSessionToken path: /JSON/httpSessions/action/addSessionToken/ operations: - name: httpsessionsactionaddsessiontoken method: GET description: Adds the session token to the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-createEmptySession path: /JSON/httpSessions/action/createEmptySession/ operations: - name: httpsessionsactioncreateemptysession method: GET description: Creates an empty session for the given site. Optionally with the given name. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-removeDefaultSessionToken path: /JSON/httpSessions/action/removeDefaultSessionToken/ operations: - name: httpsessionsactionremovedefaultsessiontoken method: GET description: Removes the default session token with the given name. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-removeSession path: /JSON/httpSessions/action/removeSession/ operations: - name: httpsessionsactionremovesession method: GET description: Removes the session from the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-removeSessionToken path: /JSON/httpSessions/action/removeSessionToken/ operations: - name: httpsessionsactionremovesessiontoken method: GET description: Removes the session token from the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-renameSession path: /JSON/httpSessions/action/renameSession/ operations: - name: httpsessionsactionrenamesession method: GET description: Renames the session of the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-setActiveSession path: /JSON/httpSessions/action/setActiveSession/ operations: - name: httpsessionsactionsetactivesession method: GET description: Sets the given session as active for the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-setDefaultSessionTokenEnabled path: /JSON/httpSessions/action/setDefaultSessionTokenEnabled/ operations: - name: httpsessionsactionsetdefaultsessiontokenenabled method: GET description: Sets whether or not the default session token with the given name is enabled. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-setSessionTokenValue path: /JSON/httpSessions/action/setSessionTokenValue/ operations: - name: httpsessionsactionsetsessiontokenvalue method: GET description: Sets the value of the session token of the given session for the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-action-unsetActiveSession path: /JSON/httpSessions/action/unsetActiveSession/ operations: - name: httpsessionsactionunsetactivesession method: GET description: Unsets the active session of the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-view-activeSession path: /JSON/httpSessions/view/activeSession/ operations: - name: httpsessionsviewactivesession method: GET description: Gets the name of the active session for the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-view-defaultSessionTokens path: /JSON/httpSessions/view/defaultSessionTokens/ operations: - name: httpsessionsviewdefaultsessiontokens method: GET description: Gets the default session tokens. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-view-sessionTokens path: /JSON/httpSessions/view/sessionTokens/ operations: - name: httpsessionsviewsessiontokens method: GET description: Gets the names of the session tokens for the given site. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-view-sessions path: /JSON/httpSessions/view/sessions/ operations: - name: httpsessionsviewsessions method: GET description: Gets the sessions for the given site. Optionally returning just the session with the given name. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-httpSessions-view-sites path: /JSON/httpSessions/view/sites/ operations: - name: httpsessionsviewsites method: GET description: Gets all of the sites that have sessions. outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-ZAP-API-Key value: '{{env.OWASP_ZAP_API_KEY}}' placement: header exposes: - type: rest namespace: owasp-zap-httpsessions-rest port: 8080 description: REST adapter for ZAP API — httpSessions. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/json/httpsessions/action/adddefaultsessiontoken name: json-httpsessions-action-adddefaultsessiontoken description: REST surface for JSON-httpSessions-action-addDefaultSessionToken. operations: - method: GET name: httpsessionsactionadddefaultsessiontoken description: Adds a default session token with the given name and enabled state. call: owasp-zap-httpsessions.httpsessionsactionadddefaultsessiontoken outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/addsessiontoken name: json-httpsessions-action-addsessiontoken description: REST surface for JSON-httpSessions-action-addSessionToken. operations: - method: GET name: httpsessionsactionaddsessiontoken description: Adds the session token to the given site. call: owasp-zap-httpsessions.httpsessionsactionaddsessiontoken outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/createemptysession name: json-httpsessions-action-createemptysession description: REST surface for JSON-httpSessions-action-createEmptySession. operations: - method: GET name: httpsessionsactioncreateemptysession description: Creates an empty session for the given site. Optionally with the given name. call: owasp-zap-httpsessions.httpsessionsactioncreateemptysession outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/removedefaultsessiontoken name: json-httpsessions-action-removedefaultsessiontoken description: REST surface for JSON-httpSessions-action-removeDefaultSessionToken. operations: - method: GET name: httpsessionsactionremovedefaultsessiontoken description: Removes the default session token with the given name. call: owasp-zap-httpsessions.httpsessionsactionremovedefaultsessiontoken outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/removesession name: json-httpsessions-action-removesession description: REST surface for JSON-httpSessions-action-removeSession. operations: - method: GET name: httpsessionsactionremovesession description: Removes the session from the given site. call: owasp-zap-httpsessions.httpsessionsactionremovesession outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/removesessiontoken name: json-httpsessions-action-removesessiontoken description: REST surface for JSON-httpSessions-action-removeSessionToken. operations: - method: GET name: httpsessionsactionremovesessiontoken description: Removes the session token from the given site. call: owasp-zap-httpsessions.httpsessionsactionremovesessiontoken outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/renamesession name: json-httpsessions-action-renamesession description: REST surface for JSON-httpSessions-action-renameSession. operations: - method: GET name: httpsessionsactionrenamesession description: Renames the session of the given site. call: owasp-zap-httpsessions.httpsessionsactionrenamesession outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/setactivesession name: json-httpsessions-action-setactivesession description: REST surface for JSON-httpSessions-action-setActiveSession. operations: - method: GET name: httpsessionsactionsetactivesession description: Sets the given session as active for the given site. call: owasp-zap-httpsessions.httpsessionsactionsetactivesession outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/setdefaultsessiontokenenabled name: json-httpsessions-action-setdefaultsessiontokenenabled description: REST surface for JSON-httpSessions-action-setDefaultSessionTokenEnabled. operations: - method: GET name: httpsessionsactionsetdefaultsessiontokenenabled description: Sets whether or not the default session token with the given name is enabled. call: owasp-zap-httpsessions.httpsessionsactionsetdefaultsessiontokenenabled outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/setsessiontokenvalue name: json-httpsessions-action-setsessiontokenvalue description: REST surface for JSON-httpSessions-action-setSessionTokenValue. operations: - method: GET name: httpsessionsactionsetsessiontokenvalue description: Sets the value of the session token of the given session for the given site. call: owasp-zap-httpsessions.httpsessionsactionsetsessiontokenvalue outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/action/unsetactivesession name: json-httpsessions-action-unsetactivesession description: REST surface for JSON-httpSessions-action-unsetActiveSession. operations: - method: GET name: httpsessionsactionunsetactivesession description: Unsets the active session of the given site. call: owasp-zap-httpsessions.httpsessionsactionunsetactivesession outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/view/activesession name: json-httpsessions-view-activesession description: REST surface for JSON-httpSessions-view-activeSession. operations: - method: GET name: httpsessionsviewactivesession description: Gets the name of the active session for the given site. call: owasp-zap-httpsessions.httpsessionsviewactivesession outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/view/defaultsessiontokens name: json-httpsessions-view-defaultsessiontokens description: REST surface for JSON-httpSessions-view-defaultSessionTokens. operations: - method: GET name: httpsessionsviewdefaultsessiontokens description: Gets the default session tokens. call: owasp-zap-httpsessions.httpsessionsviewdefaultsessiontokens outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/view/sessiontokens name: json-httpsessions-view-sessiontokens description: REST surface for JSON-httpSessions-view-sessionTokens. operations: - method: GET name: httpsessionsviewsessiontokens description: Gets the names of the session tokens for the given site. call: owasp-zap-httpsessions.httpsessionsviewsessiontokens outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/view/sessions name: json-httpsessions-view-sessions description: REST surface for JSON-httpSessions-view-sessions. operations: - method: GET name: httpsessionsviewsessions description: Gets the sessions for the given site. Optionally returning just the session with the given name. call: owasp-zap-httpsessions.httpsessionsviewsessions outputParameters: - type: object mapping: $. - path: /v1/json/httpsessions/view/sites name: json-httpsessions-view-sites description: REST surface for JSON-httpSessions-view-sites. operations: - method: GET name: httpsessionsviewsites description: Gets all of the sites that have sessions. call: owasp-zap-httpsessions.httpsessionsviewsites outputParameters: - type: object mapping: $. - type: mcp namespace: owasp-zap-httpsessions-mcp port: 9090 transport: http description: MCP adapter for ZAP API — httpSessions. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: adds-default-session-token-given description: Adds a default session token with the given name and enabled state. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionadddefaultsessiontoken outputParameters: - type: object mapping: $. - name: adds-session-token-given-site description: Adds the session token to the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionaddsessiontoken outputParameters: - type: object mapping: $. - name: creates-empty-session-given-site description: Creates an empty session for the given site. Optionally with the given name. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactioncreateemptysession outputParameters: - type: object mapping: $. - name: removes-default-session-token-given description: Removes the default session token with the given name. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionremovedefaultsessiontoken outputParameters: - type: object mapping: $. - name: removes-session-given-site description: Removes the session from the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionremovesession outputParameters: - type: object mapping: $. - name: removes-session-token-given-site description: Removes the session token from the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionremovesessiontoken outputParameters: - type: object mapping: $. - name: renames-session-given-site description: Renames the session of the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionrenamesession outputParameters: - type: object mapping: $. - name: sets-given-session-active-given description: Sets the given session as active for the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionsetactivesession outputParameters: - type: object mapping: $. - name: sets-whether-not-default-session description: Sets whether or not the default session token with the given name is enabled. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionsetdefaultsessiontokenenabled outputParameters: - type: object mapping: $. - name: sets-value-session-token-given description: Sets the value of the session token of the given session for the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionsetsessiontokenvalue outputParameters: - type: object mapping: $. - name: unsets-active-session-given-site description: Unsets the active session of the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsactionunsetactivesession outputParameters: - type: object mapping: $. - name: gets-name-active-session-given description: Gets the name of the active session for the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsviewactivesession outputParameters: - type: object mapping: $. - name: gets-default-session-tokens description: Gets the default session tokens. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsviewdefaultsessiontokens outputParameters: - type: object mapping: $. - name: gets-names-session-tokens-given description: Gets the names of the session tokens for the given site. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsviewsessiontokens outputParameters: - type: object mapping: $. - name: gets-sessions-given-site-optionally description: Gets the sessions for the given site. Optionally returning just the session with the given name. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsviewsessions outputParameters: - type: object mapping: $. - name: gets-all-sites-that-have description: Gets all of the sites that have sessions. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-httpsessions.httpsessionsviewsites outputParameters: - type: object mapping: $.