naftiko: 1.0.0-alpha2 info: label: ZAP API — users description: 'ZAP API — users. 15 operations. Lead operation: users. Self-contained Naftiko capability covering one Owasp Zap business surface.' tags: - Owasp Zap - users created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY capability: consumes: - type: http namespace: owasp-zap-users baseUri: http://zap description: ZAP API — users business capability. Self-contained, no shared references. resources: - name: JSON-users-action-authenticateAsUser path: /JSON/users/action/authenticateAsUser/ operations: - name: usersactionauthenticateasuser method: GET description: Tries to authenticate as the identified user, returning the authentication request and whether it appears to have succeeded. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-action-newUser path: /JSON/users/action/newUser/ operations: - name: usersactionnewuser method: GET description: Creates a new user with the given name for the context with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-action-pollAsUser path: /JSON/users/action/pollAsUser/ operations: - name: usersactionpollasuser method: GET description: Tries to poll as the identified user, returning the authentication request and whether it appears to have succeeded. This will only work if the polling verification strategy has been configured. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-action-removeUser path: /JSON/users/action/removeUser/ operations: - name: usersactionremoveuser method: GET description: Removes the user with the given ID that belongs to the context with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-action-setAuthenticationCredentials path: /JSON/users/action/setAuthenticationCredentials/ operations: - name: usersactionsetauthenticationcredentials method: GET description: Sets the authentication credentials for the user with the given ID that belongs to the context with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-action-setAuthenticationState path: /JSON/users/action/setAuthenticationState/ operations: - name: usersactionsetauthenticationstate method: GET description: Sets fields in the authentication state for the user identified by the Context and User Ids. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-action-setCookie path: /JSON/users/action/setCookie/ operations: - name: usersactionsetcookie method: GET description: Sets the specified cookie for the user identified by the Context and User Ids. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-action-setUserEnabled path: /JSON/users/action/setUserEnabled/ operations: - name: usersactionsetuserenabled method: GET description: Sets whether or not the user, with the given ID that belongs to the context with the given ID, should be enabled. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-action-setUserName path: /JSON/users/action/setUserName/ operations: - name: usersactionsetusername method: GET description: Renames the user with the given ID that belongs to the context with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-view-getAuthenticationCredentials path: /JSON/users/view/getAuthenticationCredentials/ operations: - name: usersviewgetauthenticationcredentials method: GET description: Gets the authentication credentials of the user with given ID that belongs to the context with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-view-getAuthenticationCredentialsConfigParams path: /JSON/users/view/getAuthenticationCredentialsConfigParams/ operations: - name: usersviewgetauthenticationcredentialsconfigparams method: GET description: Gets the configuration parameters for the credentials of the context with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-view-getAuthenticationSession path: /JSON/users/view/getAuthenticationSession/ operations: - name: usersviewgetauthenticationsession method: GET description: Gets the authentication session information for the user identified by the Context and User Ids, e.g. cookies and realm credentials. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-view-getAuthenticationState path: /JSON/users/view/getAuthenticationState/ operations: - name: usersviewgetauthenticationstate method: GET description: Gets the authentication state information for the user identified by the Context and User Ids. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-view-getUserById path: /JSON/users/view/getUserById/ operations: - name: usersviewgetuserbyid method: GET description: Gets the data of the user with the given ID that belongs to the context with the given ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: JSON-users-view-usersList path: /JSON/users/view/usersList/ operations: - name: usersviewuserslist method: GET description: Gets a list of users that belong to the context with the given ID, or all users if none provided. outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: apikey key: X-ZAP-API-Key value: '{{env.OWASP_ZAP_API_KEY}}' placement: header exposes: - type: rest namespace: owasp-zap-users-rest port: 8080 description: REST adapter for ZAP API — users. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/json/users/action/authenticateasuser name: json-users-action-authenticateasuser description: REST surface for JSON-users-action-authenticateAsUser. operations: - method: GET name: usersactionauthenticateasuser description: Tries to authenticate as the identified user, returning the authentication request and whether it appears to have succeeded. call: owasp-zap-users.usersactionauthenticateasuser outputParameters: - type: object mapping: $. - path: /v1/json/users/action/newuser name: json-users-action-newuser description: REST surface for JSON-users-action-newUser. operations: - method: GET name: usersactionnewuser description: Creates a new user with the given name for the context with the given ID. call: owasp-zap-users.usersactionnewuser outputParameters: - type: object mapping: $. - path: /v1/json/users/action/pollasuser name: json-users-action-pollasuser description: REST surface for JSON-users-action-pollAsUser. operations: - method: GET name: usersactionpollasuser description: Tries to poll as the identified user, returning the authentication request and whether it appears to have succeeded. This will only work if the polling verification strategy has been configured. call: owasp-zap-users.usersactionpollasuser outputParameters: - type: object mapping: $. - path: /v1/json/users/action/removeuser name: json-users-action-removeuser description: REST surface for JSON-users-action-removeUser. operations: - method: GET name: usersactionremoveuser description: Removes the user with the given ID that belongs to the context with the given ID. call: owasp-zap-users.usersactionremoveuser outputParameters: - type: object mapping: $. - path: /v1/json/users/action/setauthenticationcredentials name: json-users-action-setauthenticationcredentials description: REST surface for JSON-users-action-setAuthenticationCredentials. operations: - method: GET name: usersactionsetauthenticationcredentials description: Sets the authentication credentials for the user with the given ID that belongs to the context with the given ID. call: owasp-zap-users.usersactionsetauthenticationcredentials outputParameters: - type: object mapping: $. - path: /v1/json/users/action/setauthenticationstate name: json-users-action-setauthenticationstate description: REST surface for JSON-users-action-setAuthenticationState. operations: - method: GET name: usersactionsetauthenticationstate description: Sets fields in the authentication state for the user identified by the Context and User Ids. call: owasp-zap-users.usersactionsetauthenticationstate outputParameters: - type: object mapping: $. - path: /v1/json/users/action/setcookie name: json-users-action-setcookie description: REST surface for JSON-users-action-setCookie. operations: - method: GET name: usersactionsetcookie description: Sets the specified cookie for the user identified by the Context and User Ids. call: owasp-zap-users.usersactionsetcookie outputParameters: - type: object mapping: $. - path: /v1/json/users/action/setuserenabled name: json-users-action-setuserenabled description: REST surface for JSON-users-action-setUserEnabled. operations: - method: GET name: usersactionsetuserenabled description: Sets whether or not the user, with the given ID that belongs to the context with the given ID, should be enabled. call: owasp-zap-users.usersactionsetuserenabled outputParameters: - type: object mapping: $. - path: /v1/json/users/action/setusername name: json-users-action-setusername description: REST surface for JSON-users-action-setUserName. operations: - method: GET name: usersactionsetusername description: Renames the user with the given ID that belongs to the context with the given ID. call: owasp-zap-users.usersactionsetusername outputParameters: - type: object mapping: $. - path: /v1/json/users/view/getauthenticationcredentials name: json-users-view-getauthenticationcredentials description: REST surface for JSON-users-view-getAuthenticationCredentials. operations: - method: GET name: usersviewgetauthenticationcredentials description: Gets the authentication credentials of the user with given ID that belongs to the context with the given ID. call: owasp-zap-users.usersviewgetauthenticationcredentials outputParameters: - type: object mapping: $. - path: /v1/json/users/view/getauthenticationcredentialsconfigparams name: json-users-view-getauthenticationcredentialsconfigparams description: REST surface for JSON-users-view-getAuthenticationCredentialsConfigParams. operations: - method: GET name: usersviewgetauthenticationcredentialsconfigparams description: Gets the configuration parameters for the credentials of the context with the given ID. call: owasp-zap-users.usersviewgetauthenticationcredentialsconfigparams outputParameters: - type: object mapping: $. - path: /v1/json/users/view/getauthenticationsession name: json-users-view-getauthenticationsession description: REST surface for JSON-users-view-getAuthenticationSession. operations: - method: GET name: usersviewgetauthenticationsession description: Gets the authentication session information for the user identified by the Context and User Ids, e.g. cookies and realm credentials. call: owasp-zap-users.usersviewgetauthenticationsession outputParameters: - type: object mapping: $. - path: /v1/json/users/view/getauthenticationstate name: json-users-view-getauthenticationstate description: REST surface for JSON-users-view-getAuthenticationState. operations: - method: GET name: usersviewgetauthenticationstate description: Gets the authentication state information for the user identified by the Context and User Ids. call: owasp-zap-users.usersviewgetauthenticationstate outputParameters: - type: object mapping: $. - path: /v1/json/users/view/getuserbyid name: json-users-view-getuserbyid description: REST surface for JSON-users-view-getUserById. operations: - method: GET name: usersviewgetuserbyid description: Gets the data of the user with the given ID that belongs to the context with the given ID. call: owasp-zap-users.usersviewgetuserbyid outputParameters: - type: object mapping: $. - path: /v1/json/users/view/userslist name: json-users-view-userslist description: REST surface for JSON-users-view-usersList. operations: - method: GET name: usersviewuserslist description: Gets a list of users that belong to the context with the given ID, or all users if none provided. call: owasp-zap-users.usersviewuserslist outputParameters: - type: object mapping: $. - type: mcp namespace: owasp-zap-users-mcp port: 9090 transport: http description: MCP adapter for ZAP API — users. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: tries-authenticate-identified-user-returning description: Tries to authenticate as the identified user, returning the authentication request and whether it appears to have succeeded. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionauthenticateasuser outputParameters: - type: object mapping: $. - name: creates-new-user-given-name description: Creates a new user with the given name for the context with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionnewuser outputParameters: - type: object mapping: $. - name: tries-poll-identified-user-returning description: Tries to poll as the identified user, returning the authentication request and whether it appears to have succeeded. This will only work if the polling verification strategy has been configured. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionpollasuser outputParameters: - type: object mapping: $. - name: removes-user-given-id-that description: Removes the user with the given ID that belongs to the context with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionremoveuser outputParameters: - type: object mapping: $. - name: sets-authentication-credentials-user-given description: Sets the authentication credentials for the user with the given ID that belongs to the context with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionsetauthenticationcredentials outputParameters: - type: object mapping: $. - name: sets-fields-authentication-state-user description: Sets fields in the authentication state for the user identified by the Context and User Ids. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionsetauthenticationstate outputParameters: - type: object mapping: $. - name: sets-specified-cookie-user-identified description: Sets the specified cookie for the user identified by the Context and User Ids. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionsetcookie outputParameters: - type: object mapping: $. - name: sets-whether-not-user-given description: Sets whether or not the user, with the given ID that belongs to the context with the given ID, should be enabled. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionsetuserenabled outputParameters: - type: object mapping: $. - name: renames-user-given-id-that description: Renames the user with the given ID that belongs to the context with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersactionsetusername outputParameters: - type: object mapping: $. - name: gets-authentication-credentials-user-given description: Gets the authentication credentials of the user with given ID that belongs to the context with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersviewgetauthenticationcredentials outputParameters: - type: object mapping: $. - name: gets-configuration-parameters-credentials-context description: Gets the configuration parameters for the credentials of the context with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersviewgetauthenticationcredentialsconfigparams outputParameters: - type: object mapping: $. - name: gets-authentication-session-information-user description: Gets the authentication session information for the user identified by the Context and User Ids, e.g. cookies and realm credentials. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersviewgetauthenticationsession outputParameters: - type: object mapping: $. - name: gets-authentication-state-information-user description: Gets the authentication state information for the user identified by the Context and User Ids. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersviewgetauthenticationstate outputParameters: - type: object mapping: $. - name: gets-data-user-given-id description: Gets the data of the user with the given ID that belongs to the context with the given ID. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersviewgetuserbyid outputParameters: - type: object mapping: $. - name: gets-list-users-that-belong description: Gets a list of users that belong to the context with the given ID, or all users if none provided. hints: readOnly: true destructive: false idempotent: true call: owasp-zap-users.usersviewuserslist outputParameters: - type: object mapping: $.