naftiko: 1.0.0-alpha2 info: label: Strapi Users and Permissions API — Authentication description: 'Strapi Users and Permissions API — Authentication. 8 operations. Lead operation: Change user password. Self-contained Naftiko capability covering one Strapi business surface.' tags: - Strapi - Authentication created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: STRAPI_API_KEY: STRAPI_API_KEY capability: consumes: - type: http namespace: users-and-permissions-authentication baseUri: https://{host} description: Strapi Users and Permissions API — Authentication business capability. Self-contained, no shared references. resources: - name: api-auth-change-password path: /api/auth/change-password operations: - name: changepassword method: POST description: Change user password outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-auth-email-confirmation path: /api/auth/email-confirmation operations: - name: confirmemail method: GET description: Confirm a user email outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: confirmation in: query type: string description: The email confirmation token required: true - name: api-auth-forgot-password path: /api/auth/forgot-password operations: - name: forgotpassword method: POST description: Request a password reset outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-auth-local path: /api/auth/local operations: - name: loginuser method: POST description: Login with local credentials outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-auth-local-register path: /api/auth/local/register operations: - name: registeruser method: POST description: Register a new user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-auth-reset-password path: /api/auth/reset-password operations: - name: resetpassword method: POST description: Reset a user password outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-auth-send-email-confirmation path: /api/auth/send-email-confirmation operations: - name: sendemailconfirmation method: POST description: Resend email confirmation outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: api-auth-provider-callback path: /api/auth/{provider}/callback operations: - name: providercallback method: GET description: Social provider authentication callback outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: provider in: path type: string description: The name of the authentication provider (e.g., google, github, facebook, twitter) required: true - name: access_token in: query type: string description: The access token from the authentication provider authentication: type: bearer token: '{{env.STRAPI_API_KEY}}' exposes: - type: rest namespace: users-and-permissions-authentication-rest port: 8080 description: REST adapter for Strapi Users and Permissions API — Authentication. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/api/auth/change-password name: api-auth-change-password description: REST surface for api-auth-change-password. operations: - method: POST name: changepassword description: Change user password call: users-and-permissions-authentication.changepassword with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/auth/email-confirmation name: api-auth-email-confirmation description: REST surface for api-auth-email-confirmation. operations: - method: GET name: confirmemail description: Confirm a user email call: users-and-permissions-authentication.confirmemail with: confirmation: rest.confirmation outputParameters: - type: object mapping: $. - path: /v1/api/auth/forgot-password name: api-auth-forgot-password description: REST surface for api-auth-forgot-password. operations: - method: POST name: forgotpassword description: Request a password reset call: users-and-permissions-authentication.forgotpassword with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/auth/local name: api-auth-local description: REST surface for api-auth-local. operations: - method: POST name: loginuser description: Login with local credentials call: users-and-permissions-authentication.loginuser with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/auth/local/register name: api-auth-local-register description: REST surface for api-auth-local-register. operations: - method: POST name: registeruser description: Register a new user call: users-and-permissions-authentication.registeruser with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/auth/reset-password name: api-auth-reset-password description: REST surface for api-auth-reset-password. operations: - method: POST name: resetpassword description: Reset a user password call: users-and-permissions-authentication.resetpassword with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/auth/send-email-confirmation name: api-auth-send-email-confirmation description: REST surface for api-auth-send-email-confirmation. operations: - method: POST name: sendemailconfirmation description: Resend email confirmation call: users-and-permissions-authentication.sendemailconfirmation with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/api/auth/{provider}/callback name: api-auth-provider-callback description: REST surface for api-auth-provider-callback. operations: - method: GET name: providercallback description: Social provider authentication callback call: users-and-permissions-authentication.providercallback with: provider: rest.provider access_token: rest.access_token outputParameters: - type: object mapping: $. - type: mcp namespace: users-and-permissions-authentication-mcp port: 9090 transport: http description: MCP adapter for Strapi Users and Permissions API — Authentication. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: change-user-password description: Change user password hints: readOnly: false destructive: false idempotent: false call: users-and-permissions-authentication.changepassword with: body: tools.body outputParameters: - type: object mapping: $. - name: confirm-user-email description: Confirm a user email hints: readOnly: true destructive: false idempotent: true call: users-and-permissions-authentication.confirmemail with: confirmation: tools.confirmation outputParameters: - type: object mapping: $. - name: request-password-reset description: Request a password reset hints: readOnly: false destructive: false idempotent: false call: users-and-permissions-authentication.forgotpassword with: body: tools.body outputParameters: - type: object mapping: $. - name: login-local-credentials description: Login with local credentials hints: readOnly: false destructive: false idempotent: false call: users-and-permissions-authentication.loginuser with: body: tools.body outputParameters: - type: object mapping: $. - name: register-new-user description: Register a new user hints: readOnly: false destructive: false idempotent: false call: users-and-permissions-authentication.registeruser with: body: tools.body outputParameters: - type: object mapping: $. - name: reset-user-password description: Reset a user password hints: readOnly: false destructive: false idempotent: false call: users-and-permissions-authentication.resetpassword with: body: tools.body outputParameters: - type: object mapping: $. - name: resend-email-confirmation description: Resend email confirmation hints: readOnly: false destructive: false idempotent: false call: users-and-permissions-authentication.sendemailconfirmation with: body: tools.body outputParameters: - type: object mapping: $. - name: social-provider-authentication-callback description: Social provider authentication callback hints: readOnly: true destructive: false idempotent: true call: users-and-permissions-authentication.providercallback with: provider: tools.provider access_token: tools.access_token outputParameters: - type: object mapping: $.