naftiko: 1.0.0-alpha2 info: label: Permit.io API — Groups description: 'Permit.io API — Groups. 16 operations. Lead operation: List Group. Self-contained Naftiko capability covering one Permit Io business surface.' tags: - Permit Io - Groups created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: PERMIT_IO_API_KEY: PERMIT_IO_API_KEY capability: consumes: - type: http namespace: permit-io-groups baseUri: '' description: Permit.io API — Groups business capability. Self-contained, no shared references. resources: - name: v2-schema-proj_id-env_id-groups path: /v2/schema/{proj_id}/{env_id}/groups operations: - name: listgroup method: GET description: List Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: tenant in: query type: string description: The tenant key or id to filter by - name: resource in: query type: string description: The resource key or id to filter by - name: include_total_count in: query type: boolean description: Include total count in response(will make the request slower) - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: search in: query type: string description: Text search for the object name or key - name: creategroup method: POST description: Create Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-schema-proj_id-env_id-groups-direct path: /v2/schema/{proj_id}/{env_id}/groups/direct operations: - name: listdirectgroup method: GET description: List Direct Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: tenant in: query type: string description: The tenant key or id to filter by - name: resource in: query type: string description: The resource key or id to filter by - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: search in: query type: string description: Text search for the object name or key - name: v2-schema-proj_id-env_id-groups-direct-group_instance_key path: /v2/schema/{proj_id}/{env_id}/groups/direct/{group_instance_key} operations: - name: getdirectgroup method: GET description: Get Direct Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: v2-schema-proj_id-env_id-groups-group_instance_key path: /v2/schema/{proj_id}/{env_id}/groups/{group_instance_key} operations: - name: getgroup method: GET description: Get Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: deletegroup method: DELETE description: Delete Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: v2-schema-proj_id-env_id-groups-group_instance_key-assign_group path: /v2/schema/{proj_id}/{env_id}/groups/{group_instance_key}/assign_group operations: - name: assigngrouptogroup method: PUT description: Assign Group To Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: removegroupfromgroup method: DELETE description: Remove Group From Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-schema-proj_id-env_id-groups-group_instance_key-children path: /v2/schema/{proj_id}/{env_id}/groups/{group_instance_key}/children operations: - name: listgroupchildren method: GET description: List group children (EAP) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: v2-schema-proj_id-env_id-groups-group_instance_key-parents path: /v2/schema/{proj_id}/{env_id}/groups/{group_instance_key}/parents operations: - name: listgroupparents method: GET description: List group parents (EAP) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: v2-schema-proj_id-env_id-groups-group_instance_key-roles path: /v2/schema/{proj_id}/{env_id}/groups/{group_instance_key}/roles operations: - name: listgrouproles method: GET description: List group roles (EAP) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: assignroletogroup method: POST description: Assign Role To Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: removerolefromgroup method: DELETE description: Remove Role From Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-schema-proj_id-env_id-groups-group_instance_key-users path: /v2/schema/{proj_id}/{env_id}/groups/{group_instance_key}/users operations: - name: listgroupusers method: GET description: List group users (EAP) outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: page in: query type: integer description: Page number of the results to fetch, starting at 1. - name: per_page in: query type: integer description: The number of results per page (max 100). - name: v2-schema-proj_id-env_id-groups-group_instance_key-users-user_id path: /v2/schema/{proj_id}/{env_id}/groups/{group_instance_key}/users/{user_id} operations: - name: assignusertogroup method: PUT description: Assign User To Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true - name: removeuserfromgroup method: DELETE description: Remove User From Group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").' required: true - name: proj_id in: path type: string description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").' required: true - name: env_id in: path type: string description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").' required: true - name: group_instance_key in: path type: string description: 'Either the unique id of the resource instance, or the URL-friendly key of the resource instance (i.e: the "slug").' required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.PERMIT_IO_API_KEY}}' exposes: - type: rest namespace: permit-io-groups-rest port: 8080 description: REST adapter for Permit.io API — Groups. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v2/schema/{proj-id}/{env-id}/groups name: v2-schema-proj-id-env-id-groups description: REST surface for v2-schema-proj_id-env_id-groups. operations: - method: GET name: listgroup description: List Group call: permit-io-groups.listgroup with: proj_id: rest.proj_id env_id: rest.env_id tenant: rest.tenant resource: rest.resource include_total_count: rest.include_total_count page: rest.page per_page: rest.per_page search: rest.search outputParameters: - type: object mapping: $. - method: POST name: creategroup description: Create Group call: permit-io-groups.creategroup with: proj_id: rest.proj_id env_id: rest.env_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/direct name: v2-schema-proj-id-env-id-groups-direct description: REST surface for v2-schema-proj_id-env_id-groups-direct. operations: - method: GET name: listdirectgroup description: List Direct Group call: permit-io-groups.listdirectgroup with: proj_id: rest.proj_id env_id: rest.env_id tenant: rest.tenant resource: rest.resource page: rest.page per_page: rest.per_page search: rest.search outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/direct/{group-instance-key} name: v2-schema-proj-id-env-id-groups-direct-group-instance-key description: REST surface for v2-schema-proj_id-env_id-groups-direct-group_instance_key. operations: - method: GET name: getdirectgroup description: Get Direct Group call: permit-io-groups.getdirectgroup with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/{group-instance-key} name: v2-schema-proj-id-env-id-groups-group-instance-key description: REST surface for v2-schema-proj_id-env_id-groups-group_instance_key. operations: - method: GET name: getgroup description: Get Group call: permit-io-groups.getgroup with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key outputParameters: - type: object mapping: $. - method: DELETE name: deletegroup description: Delete Group call: permit-io-groups.deletegroup with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/{group-instance-key}/assign-group name: v2-schema-proj-id-env-id-groups-group-instance-key-assign-group description: REST surface for v2-schema-proj_id-env_id-groups-group_instance_key-assign_group. operations: - method: PUT name: assigngrouptogroup description: Assign Group To Group call: permit-io-groups.assigngrouptogroup with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: removegroupfromgroup description: Remove Group From Group call: permit-io-groups.removegroupfromgroup with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/{group-instance-key}/children name: v2-schema-proj-id-env-id-groups-group-instance-key-children description: REST surface for v2-schema-proj_id-env_id-groups-group_instance_key-children. operations: - method: GET name: listgroupchildren description: List group children (EAP) call: permit-io-groups.listgroupchildren with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/{group-instance-key}/parents name: v2-schema-proj-id-env-id-groups-group-instance-key-parents description: REST surface for v2-schema-proj_id-env_id-groups-group_instance_key-parents. operations: - method: GET name: listgroupparents description: List group parents (EAP) call: permit-io-groups.listgroupparents with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/{group-instance-key}/roles name: v2-schema-proj-id-env-id-groups-group-instance-key-roles description: REST surface for v2-schema-proj_id-env_id-groups-group_instance_key-roles. operations: - method: GET name: listgrouproles description: List group roles (EAP) call: permit-io-groups.listgrouproles with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - method: POST name: assignroletogroup description: Assign Role To Group call: permit-io-groups.assignroletogroup with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: removerolefromgroup description: Remove Role From Group call: permit-io-groups.removerolefromgroup with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/{group-instance-key}/users name: v2-schema-proj-id-env-id-groups-group-instance-key-users description: REST surface for v2-schema-proj_id-env_id-groups-group_instance_key-users. operations: - method: GET name: listgroupusers description: List group users (EAP) call: permit-io-groups.listgroupusers with: proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key page: rest.page per_page: rest.per_page outputParameters: - type: object mapping: $. - path: /v1/v2/schema/{proj-id}/{env-id}/groups/{group-instance-key}/users/{user-id} name: v2-schema-proj-id-env-id-groups-group-instance-key-users-user-id description: REST surface for v2-schema-proj_id-env_id-groups-group_instance_key-users-user_id. operations: - method: PUT name: assignusertogroup description: Assign User To Group call: permit-io-groups.assignusertogroup with: user_id: rest.user_id proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: removeuserfromgroup description: Remove User From Group call: permit-io-groups.removeuserfromgroup with: user_id: rest.user_id proj_id: rest.proj_id env_id: rest.env_id group_instance_key: rest.group_instance_key body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: permit-io-groups-mcp port: 9090 transport: http description: MCP adapter for Permit.io API — Groups. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-group description: List Group hints: readOnly: true destructive: false idempotent: true call: permit-io-groups.listgroup with: proj_id: tools.proj_id env_id: tools.env_id tenant: tools.tenant resource: tools.resource include_total_count: tools.include_total_count page: tools.page per_page: tools.per_page search: tools.search outputParameters: - type: object mapping: $. - name: create-group description: Create Group hints: readOnly: false destructive: false idempotent: false call: permit-io-groups.creategroup with: proj_id: tools.proj_id env_id: tools.env_id body: tools.body outputParameters: - type: object mapping: $. - name: list-direct-group description: List Direct Group hints: readOnly: true destructive: false idempotent: true call: permit-io-groups.listdirectgroup with: proj_id: tools.proj_id env_id: tools.env_id tenant: tools.tenant resource: tools.resource page: tools.page per_page: tools.per_page search: tools.search outputParameters: - type: object mapping: $. - name: get-direct-group description: Get Direct Group hints: readOnly: true destructive: false idempotent: true call: permit-io-groups.getdirectgroup with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key outputParameters: - type: object mapping: $. - name: get-group description: Get Group hints: readOnly: true destructive: false idempotent: true call: permit-io-groups.getgroup with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key outputParameters: - type: object mapping: $. - name: delete-group description: Delete Group hints: readOnly: false destructive: true idempotent: true call: permit-io-groups.deletegroup with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key outputParameters: - type: object mapping: $. - name: assign-group-group description: Assign Group To Group hints: readOnly: false destructive: false idempotent: true call: permit-io-groups.assigngrouptogroup with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key body: tools.body outputParameters: - type: object mapping: $. - name: remove-group-group description: Remove Group From Group hints: readOnly: false destructive: true idempotent: true call: permit-io-groups.removegroupfromgroup with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key body: tools.body outputParameters: - type: object mapping: $. - name: list-group-children-eap description: List group children (EAP) hints: readOnly: true destructive: false idempotent: true call: permit-io-groups.listgroupchildren with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: list-group-parents-eap description: List group parents (EAP) hints: readOnly: true destructive: false idempotent: true call: permit-io-groups.listgroupparents with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: list-group-roles-eap description: List group roles (EAP) hints: readOnly: true destructive: false idempotent: true call: permit-io-groups.listgrouproles with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: assign-role-group description: Assign Role To Group hints: readOnly: false destructive: false idempotent: false call: permit-io-groups.assignroletogroup with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key body: tools.body outputParameters: - type: object mapping: $. - name: remove-role-group description: Remove Role From Group hints: readOnly: false destructive: true idempotent: true call: permit-io-groups.removerolefromgroup with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key body: tools.body outputParameters: - type: object mapping: $. - name: list-group-users-eap description: List group users (EAP) hints: readOnly: true destructive: false idempotent: true call: permit-io-groups.listgroupusers with: proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key page: tools.page per_page: tools.per_page outputParameters: - type: object mapping: $. - name: assign-user-group description: Assign User To Group hints: readOnly: false destructive: false idempotent: true call: permit-io-groups.assignusertogroup with: user_id: tools.user_id proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key body: tools.body outputParameters: - type: object mapping: $. - name: remove-user-group description: Remove User From Group hints: readOnly: false destructive: true idempotent: true call: permit-io-groups.removeuserfromgroup with: user_id: tools.user_id proj_id: tools.proj_id env_id: tools.env_id group_instance_key: tools.group_instance_key body: tools.body outputParameters: - type: object mapping: $.