naftiko: 1.0.0-alpha2 info: label: IAM API — Users description: 'IAM API — Users. 13 operations. Lead operation: List grace periods of a member. Self-contained Naftiko capability covering one Scaleway business surface.' tags: - Scaleway - Users created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: SCALEWAY_API_KEY: SCALEWAY_API_KEY capability: consumes: - type: http namespace: iam-users baseUri: https://api.scaleway.com description: IAM API — Users business capability. Self-contained, no shared references. resources: - name: iam-v1alpha1-grace-periods path: /iam/v1alpha1/grace-periods operations: - name: listgraceperiods method: GET description: List grace periods of a member outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: query type: string description: ID of the user to list grace periods for. - name: iam-v1alpha1-users path: /iam/v1alpha1/users operations: - name: listusers method: GET description: List users of an Organization outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: order_by in: query type: string description: Criteria for sorting results. - name: page_size in: query type: integer description: Number of results per page. Value must be between 1 and 100. - name: page in: query type: integer description: Page number. Value must be greater or equal to 1. - name: organization_id in: query type: string description: ID of the Organization to filter. - name: user_ids in: query type: array description: Filter by list of IDs. - name: mfa in: query type: boolean description: Filter by MFA status. - name: tag in: query type: string description: Filter by tags containing a given string. - name: type in: query type: string description: Filter by user type. - name: createuser method: POST description: Create a new user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: iam-v1alpha1-users-user_id path: /iam/v1alpha1/users/{user_id} operations: - name: getuser method: GET description: Get a given user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: ID of the user to find. required: true - name: updateuser method: PATCH description: Update a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: ID of the user to update. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deleteuser method: DELETE description: Delete a guest user from an Organization outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: ID of the user to delete. required: true - name: iam-v1alpha1-users-user_id-lock path: /iam/v1alpha1/users/{user_id}/lock operations: - name: lockuser method: POST description: Lock a member outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: ID of the user to lock. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: iam-v1alpha1-users-user_id-mfa-otp path: /iam/v1alpha1/users/{user_id}/mfa-otp operations: - name: createusermfaotp method: POST description: Create a MFA OTP. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: User ID of the MFA OTP. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: deleteusermfaotp method: DELETE description: Delete a MFA OTP. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: User ID of the MFA OTP. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: iam-v1alpha1-users-user_id-unlock path: /iam/v1alpha1/users/{user_id}/unlock operations: - name: unlockuser method: POST description: Unlock a member outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: ID of the user to unlock. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: iam-v1alpha1-users-user_id-update-password path: /iam/v1alpha1/users/{user_id}/update-password operations: - name: updateuserpassword method: POST description: Update an user's password. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: ID of the user to update. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: iam-v1alpha1-users-user_id-update-username path: /iam/v1alpha1/users/{user_id}/update-username operations: - name: updateuserusername method: POST description: Update an user's username. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: ID of the user to update. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: iam-v1alpha1-users-user_id-validate-mfa-otp path: /iam/v1alpha1/users/{user_id}/validate-mfa-otp operations: - name: validateusermfaotp method: POST description: Validate a MFA OTP. outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: user_id in: path type: string description: User ID of the MFA OTP. required: true - name: body in: body type: object description: Request body (JSON). required: true authentication: type: apikey key: X-Auth-Token value: '{{env.SCALEWAY_API_KEY}}' placement: header exposes: - type: rest namespace: iam-users-rest port: 8080 description: REST adapter for IAM API — Users. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/iam/v1alpha1/grace-periods name: iam-v1alpha1-grace-periods description: REST surface for iam-v1alpha1-grace-periods. operations: - method: GET name: listgraceperiods description: List grace periods of a member call: iam-users.listgraceperiods with: user_id: rest.user_id outputParameters: - type: object mapping: $. - path: /v1/iam/v1alpha1/users name: iam-v1alpha1-users description: REST surface for iam-v1alpha1-users. operations: - method: GET name: listusers description: List users of an Organization call: iam-users.listusers with: order_by: rest.order_by page_size: rest.page_size page: rest.page organization_id: rest.organization_id user_ids: rest.user_ids mfa: rest.mfa tag: rest.tag type: rest.type outputParameters: - type: object mapping: $. - method: POST name: createuser description: Create a new user call: iam-users.createuser with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/iam/v1alpha1/users/{user-id} name: iam-v1alpha1-users-user-id description: REST surface for iam-v1alpha1-users-user_id. operations: - method: GET name: getuser description: Get a given user call: iam-users.getuser with: user_id: rest.user_id outputParameters: - type: object mapping: $. - method: PATCH name: updateuser description: Update a user call: iam-users.updateuser with: user_id: rest.user_id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuser description: Delete a guest user from an Organization call: iam-users.deleteuser with: user_id: rest.user_id outputParameters: - type: object mapping: $. - path: /v1/iam/v1alpha1/users/{user-id}/lock name: iam-v1alpha1-users-user-id-lock description: REST surface for iam-v1alpha1-users-user_id-lock. operations: - method: POST name: lockuser description: Lock a member call: iam-users.lockuser with: user_id: rest.user_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/iam/v1alpha1/users/{user-id}/mfa-otp name: iam-v1alpha1-users-user-id-mfa-otp description: REST surface for iam-v1alpha1-users-user_id-mfa-otp. operations: - method: POST name: createusermfaotp description: Create a MFA OTP. call: iam-users.createusermfaotp with: user_id: rest.user_id body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteusermfaotp description: Delete a MFA OTP. call: iam-users.deleteusermfaotp with: user_id: rest.user_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/iam/v1alpha1/users/{user-id}/unlock name: iam-v1alpha1-users-user-id-unlock description: REST surface for iam-v1alpha1-users-user_id-unlock. operations: - method: POST name: unlockuser description: Unlock a member call: iam-users.unlockuser with: user_id: rest.user_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/iam/v1alpha1/users/{user-id}/update-password name: iam-v1alpha1-users-user-id-update-password description: REST surface for iam-v1alpha1-users-user_id-update-password. operations: - method: POST name: updateuserpassword description: Update an user's password. call: iam-users.updateuserpassword with: user_id: rest.user_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/iam/v1alpha1/users/{user-id}/update-username name: iam-v1alpha1-users-user-id-update-username description: REST surface for iam-v1alpha1-users-user_id-update-username. operations: - method: POST name: updateuserusername description: Update an user's username. call: iam-users.updateuserusername with: user_id: rest.user_id body: rest.body outputParameters: - type: object mapping: $. - path: /v1/iam/v1alpha1/users/{user-id}/validate-mfa-otp name: iam-v1alpha1-users-user-id-validate-mfa-otp description: REST surface for iam-v1alpha1-users-user_id-validate-mfa-otp. operations: - method: POST name: validateusermfaotp description: Validate a MFA OTP. call: iam-users.validateusermfaotp with: user_id: rest.user_id body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: iam-users-mcp port: 9090 transport: http description: MCP adapter for IAM API — Users. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-grace-periods-member description: List grace periods of a member hints: readOnly: true destructive: false idempotent: true call: iam-users.listgraceperiods with: user_id: tools.user_id outputParameters: - type: object mapping: $. - name: list-users-organization description: List users of an Organization hints: readOnly: true destructive: false idempotent: true call: iam-users.listusers with: order_by: tools.order_by page_size: tools.page_size page: tools.page organization_id: tools.organization_id user_ids: tools.user_ids mfa: tools.mfa tag: tools.tag type: tools.type outputParameters: - type: object mapping: $. - name: create-new-user description: Create a new user hints: readOnly: false destructive: false idempotent: false call: iam-users.createuser with: body: tools.body outputParameters: - type: object mapping: $. - name: get-given-user description: Get a given user hints: readOnly: true destructive: false idempotent: true call: iam-users.getuser with: user_id: tools.user_id outputParameters: - type: object mapping: $. - name: update-user description: Update a user hints: readOnly: false destructive: false idempotent: true call: iam-users.updateuser with: user_id: tools.user_id body: tools.body outputParameters: - type: object mapping: $. - name: delete-guest-user-organization description: Delete a guest user from an Organization hints: readOnly: false destructive: true idempotent: true call: iam-users.deleteuser with: user_id: tools.user_id outputParameters: - type: object mapping: $. - name: lock-member description: Lock a member hints: readOnly: false destructive: false idempotent: false call: iam-users.lockuser with: user_id: tools.user_id body: tools.body outputParameters: - type: object mapping: $. - name: create-mfa-otp description: Create a MFA OTP. hints: readOnly: false destructive: false idempotent: false call: iam-users.createusermfaotp with: user_id: tools.user_id body: tools.body outputParameters: - type: object mapping: $. - name: delete-mfa-otp description: Delete a MFA OTP. hints: readOnly: false destructive: true idempotent: true call: iam-users.deleteusermfaotp with: user_id: tools.user_id body: tools.body outputParameters: - type: object mapping: $. - name: unlock-member description: Unlock a member hints: readOnly: false destructive: false idempotent: false call: iam-users.unlockuser with: user_id: tools.user_id body: tools.body outputParameters: - type: object mapping: $. - name: update-user-s-password description: Update an user's password. hints: readOnly: false destructive: false idempotent: false call: iam-users.updateuserpassword with: user_id: tools.user_id body: tools.body outputParameters: - type: object mapping: $. - name: update-user-s-username description: Update an user's username. hints: readOnly: false destructive: false idempotent: false call: iam-users.updateuserusername with: user_id: tools.user_id body: tools.body outputParameters: - type: object mapping: $. - name: validate-mfa-otp description: Validate a MFA OTP. hints: readOnly: true destructive: false idempotent: false call: iam-users.validateusermfaotp with: user_id: tools.user_id body: tools.body outputParameters: - type: object mapping: $.