naftiko: 1.0.0-alpha2 info: label: Telnyx API — OAuth Protocol description: 'Telnyx API — OAuth Protocol. 7 operations. Lead operation: OAuth authorization endpoint. Self-contained Naftiko capability covering one Telnyx business surface.' tags: - Telnyx - OAuth Protocol created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: TELNYX_API_KEY: TELNYX_API_KEY capability: consumes: - type: http namespace: telnyx-oauth-protocol baseUri: https://api.telnyx.com/v2 description: Telnyx API — OAuth Protocol business capability. Self-contained, no shared references. resources: - name: oauth-authorize path: /oauth/authorize operations: - name: authorizeoauth method: GET description: OAuth authorization endpoint outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: response_type in: query type: string description: OAuth response type required: true - name: client_id in: query type: string description: OAuth client identifier required: true - name: redirect_uri in: query type: string description: Redirect URI required: true - name: scope in: query type: string description: Space-separated list of requested scopes - name: state in: query type: string description: State parameter for CSRF protection - name: code_challenge in: query type: string description: PKCE code challenge - name: code_challenge_method in: query type: string description: PKCE code challenge method - name: oauth-consent-consent_token path: /oauth/consent/{consent_token} operations: - name: getoauthconsenttoken method: GET description: Get OAuth consent token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: consent_token in: path type: string description: OAuth consent token required: true - name: oauth-grants path: /oauth/grants operations: - name: createoauthgrant method: POST description: Create OAuth grant outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: oauth-introspect path: /oauth/introspect operations: - name: introspectoauthtoken method: POST description: Token introspection outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: oauth-jwks path: /oauth/jwks operations: - name: getoauthjwks method: GET description: JSON Web Key Set outputRawFormat: json outputParameters: - name: result type: object value: $. - name: oauth-register path: /oauth/register operations: - name: registeroauthclient method: POST description: Dynamic client registration outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: oauth-token path: /oauth/token operations: - name: exchangeoauthtoken method: POST description: OAuth token endpoint outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.TELNYX_API_KEY}}' exposes: - type: rest namespace: telnyx-oauth-protocol-rest port: 8080 description: REST adapter for Telnyx API — OAuth Protocol. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/oauth/authorize name: oauth-authorize description: REST surface for oauth-authorize. operations: - method: GET name: authorizeoauth description: OAuth authorization endpoint call: telnyx-oauth-protocol.authorizeoauth with: response_type: rest.response_type client_id: rest.client_id redirect_uri: rest.redirect_uri scope: rest.scope state: rest.state code_challenge: rest.code_challenge code_challenge_method: rest.code_challenge_method outputParameters: - type: object mapping: $. - path: /v1/oauth/consent/{consent-token} name: oauth-consent-consent-token description: REST surface for oauth-consent-consent_token. operations: - method: GET name: getoauthconsenttoken description: Get OAuth consent token call: telnyx-oauth-protocol.getoauthconsenttoken with: consent_token: rest.consent_token outputParameters: - type: object mapping: $. - path: /v1/oauth/grants name: oauth-grants description: REST surface for oauth-grants. operations: - method: POST name: createoauthgrant description: Create OAuth grant call: telnyx-oauth-protocol.createoauthgrant with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/oauth/introspect name: oauth-introspect description: REST surface for oauth-introspect. operations: - method: POST name: introspectoauthtoken description: Token introspection call: telnyx-oauth-protocol.introspectoauthtoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/oauth/jwks name: oauth-jwks description: REST surface for oauth-jwks. operations: - method: GET name: getoauthjwks description: JSON Web Key Set call: telnyx-oauth-protocol.getoauthjwks outputParameters: - type: object mapping: $. - path: /v1/oauth/register name: oauth-register description: REST surface for oauth-register. operations: - method: POST name: registeroauthclient description: Dynamic client registration call: telnyx-oauth-protocol.registeroauthclient with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/oauth/token name: oauth-token description: REST surface for oauth-token. operations: - method: POST name: exchangeoauthtoken description: OAuth token endpoint call: telnyx-oauth-protocol.exchangeoauthtoken with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: telnyx-oauth-protocol-mcp port: 9090 transport: http description: MCP adapter for Telnyx API — OAuth Protocol. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: oauth-authorization-endpoint description: OAuth authorization endpoint hints: readOnly: true destructive: false idempotent: true call: telnyx-oauth-protocol.authorizeoauth with: response_type: tools.response_type client_id: tools.client_id redirect_uri: tools.redirect_uri scope: tools.scope state: tools.state code_challenge: tools.code_challenge code_challenge_method: tools.code_challenge_method outputParameters: - type: object mapping: $. - name: get-oauth-consent-token description: Get OAuth consent token hints: readOnly: true destructive: false idempotent: true call: telnyx-oauth-protocol.getoauthconsenttoken with: consent_token: tools.consent_token outputParameters: - type: object mapping: $. - name: create-oauth-grant description: Create OAuth grant hints: readOnly: false destructive: false idempotent: false call: telnyx-oauth-protocol.createoauthgrant with: body: tools.body outputParameters: - type: object mapping: $. - name: token-introspection description: Token introspection hints: readOnly: false destructive: false idempotent: false call: telnyx-oauth-protocol.introspectoauthtoken with: body: tools.body outputParameters: - type: object mapping: $. - name: json-web-key-set description: JSON Web Key Set hints: readOnly: true destructive: false idempotent: true call: telnyx-oauth-protocol.getoauthjwks outputParameters: - type: object mapping: $. - name: dynamic-client-registration description: Dynamic client registration hints: readOnly: false destructive: false idempotent: false call: telnyx-oauth-protocol.registeroauthclient with: body: tools.body outputParameters: - type: object mapping: $. - name: oauth-token-endpoint description: OAuth token endpoint hints: readOnly: false destructive: false idempotent: false call: telnyx-oauth-protocol.exchangeoauthtoken with: body: tools.body outputParameters: - type: object mapping: $.