naftiko: 1.0.0-alpha2 info: label: Shutterstock API Reference — oauth description: 'Shutterstock API Reference — oauth. 2 operations. Lead operation: Get access tokens. Self-contained Naftiko capability covering one Shutterstock business surface.' tags: - Shutterstock - oauth created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: SHUTTERSTOCK_API_KEY: SHUTTERSTOCK_API_KEY capability: consumes: - type: http namespace: shutterstock-oauth baseUri: https://api.shutterstock.com description: Shutterstock API Reference — oauth business capability. Self-contained, no shared references. resources: - name: v2-oauth-access_token path: /v2/oauth/access_token operations: - name: createaccesstoken method: POST description: Get access tokens outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: false - name: v2-oauth-authorize path: /v2/oauth/authorize operations: - name: authorize method: GET description: Authorize applications outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: client_id in: query type: string description: Client ID (Consumer Key) of your application required: true - name: realm in: query type: string description: User type to be authorized (usually 'customer') - name: redirect_uri in: query type: string description: The callback URI to send the request to after authorization; must use a host name that is registered with your application required: true - name: response_type in: query type: string description: Type of temporary authorization code that will be used to generate an access code; the only valid value is 'code' required: true - name: scope in: query type: string description: Space-separated list of scopes to be authorized - name: state in: query type: string description: Unique value used by the calling app to verify the request required: true authentication: type: bearer token: '{{env.SHUTTERSTOCK_API_KEY}}' exposes: - type: rest namespace: shutterstock-oauth-rest port: 8080 description: REST adapter for Shutterstock API Reference — oauth. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v2/oauth/access-token name: v2-oauth-access-token description: REST surface for v2-oauth-access_token. operations: - method: POST name: createaccesstoken description: Get access tokens call: shutterstock-oauth.createaccesstoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/oauth/authorize name: v2-oauth-authorize description: REST surface for v2-oauth-authorize. operations: - method: GET name: authorize description: Authorize applications call: shutterstock-oauth.authorize with: client_id: rest.client_id realm: rest.realm redirect_uri: rest.redirect_uri response_type: rest.response_type scope: rest.scope state: rest.state outputParameters: - type: object mapping: $. - type: mcp namespace: shutterstock-oauth-mcp port: 9090 transport: http description: MCP adapter for Shutterstock API Reference — oauth. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-access-tokens description: Get access tokens hints: readOnly: true destructive: false idempotent: false call: shutterstock-oauth.createaccesstoken with: body: tools.body outputParameters: - type: object mapping: $. - name: authorize-applications description: Authorize applications hints: readOnly: true destructive: false idempotent: true call: shutterstock-oauth.authorize with: client_id: tools.client_id realm: tools.realm redirect_uri: tools.redirect_uri response_type: tools.response_type scope: tools.scope state: tools.state outputParameters: - type: object mapping: $.