naftiko: 1.0.0-alpha2 info: label: VTex Anti-fraud Provider API — OAuth Flow description: 'VTex Anti-fraud Provider API — OAuth Flow. 4 operations. Lead operation: VTex 4. Get Credentials. Self-contained Naftiko capability covering one Vtex business surface.' tags: - Vtex - OAuth Flow created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: VTEX_API_KEY: VTEX_API_KEY capability: consumes: - type: http namespace: anti-fraud-provider-oauth-flow baseUri: https://{providerApiEndpoint} description: VTex Anti-fraud Provider API — OAuth Flow business capability. Self-contained, no shared references. resources: - name: authorization-credentials path: /authorization/credentials operations: - name: 4getcredentials method: GET description: VTex 4. Get Credentials outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: authorizationCode in: query type: string description: Code generate by affiliation that will be used to identify the merchant authorization. required: true - name: applicationId in: query type: string description: VTEX application identifier. required: true - name: authorization-token path: /authorization/token operations: - name: 1retrievetoken method: POST description: VTex 1. Retrieve Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: authorizationCode path: /authorizationCode operations: - name: 3returntovtex method: GET description: 3. Return to VTEX outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: providerAuthorizationCode in: query type: string description: Provider authorization code information. required: true - name: redirect path: /redirect operations: - name: 2redirect method: GET description: VTex 2. Redirect outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: token in: query type: string description: Token information. required: true - name: applicationId in: query type: string description: VTEX application identifier. required: true authentication: type: apikey key: VtexIdclientAutCookie value: '{{env.VTEX_API_KEY}}' placement: header exposes: - type: rest namespace: anti-fraud-provider-oauth-flow-rest port: 8080 description: REST adapter for VTex Anti-fraud Provider API — OAuth Flow. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/authorization/credentials name: authorization-credentials description: REST surface for authorization-credentials. operations: - method: GET name: 4getcredentials description: VTex 4. Get Credentials call: anti-fraud-provider-oauth-flow.4getcredentials with: authorizationCode: rest.authorizationCode applicationId: rest.applicationId outputParameters: - type: object mapping: $. - path: /v1/authorization/token name: authorization-token description: REST surface for authorization-token. operations: - method: POST name: 1retrievetoken description: VTex 1. Retrieve Token call: anti-fraud-provider-oauth-flow.1retrievetoken with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/authorizationcode name: authorizationcode description: REST surface for authorizationCode. operations: - method: GET name: 3returntovtex description: 3. Return to VTEX call: anti-fraud-provider-oauth-flow.3returntovtex with: providerAuthorizationCode: rest.providerAuthorizationCode outputParameters: - type: object mapping: $. - path: /v1/redirect name: redirect description: REST surface for redirect. operations: - method: GET name: 2redirect description: VTex 2. Redirect call: anti-fraud-provider-oauth-flow.2redirect with: token: rest.token applicationId: rest.applicationId outputParameters: - type: object mapping: $. - type: mcp namespace: anti-fraud-provider-oauth-flow-mcp port: 9090 transport: http description: MCP adapter for VTex Anti-fraud Provider API — OAuth Flow. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: vtex-4-get-credentials description: VTex 4. Get Credentials hints: readOnly: true destructive: false idempotent: true call: anti-fraud-provider-oauth-flow.4getcredentials with: authorizationCode: tools.authorizationCode applicationId: tools.applicationId outputParameters: - type: object mapping: $. - name: vtex-1-retrieve-token description: VTex 1. Retrieve Token hints: readOnly: true destructive: false idempotent: false call: anti-fraud-provider-oauth-flow.1retrievetoken with: body: tools.body outputParameters: - type: object mapping: $. - name: 3-return-vtex description: 3. Return to VTEX hints: readOnly: true destructive: false idempotent: true call: anti-fraud-provider-oauth-flow.3returntovtex with: providerAuthorizationCode: tools.providerAuthorizationCode outputParameters: - type: object mapping: $. - name: vtex-2-redirect description: VTex 2. Redirect hints: readOnly: true destructive: false idempotent: true call: anti-fraud-provider-oauth-flow.2redirect with: token: tools.token applicationId: tools.applicationId outputParameters: - type: object mapping: $.