naftiko: 1.0.0-alpha2 info: label: WD My Cloud Home API — Authentication description: 'WD My Cloud Home API — Authentication. 2 operations. Lead operation: Authorize User. Self-contained Naftiko capability covering one Western Digital business surface.' tags: - Western Digital - Authentication created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: WESTERN_DIGITAL_API_KEY: WESTERN_DIGITAL_API_KEY capability: consumes: - type: http namespace: my-cloud-home-authentication baseUri: https://config.mycloud.com description: WD My Cloud Home API — Authentication business capability. Self-contained, no shared references. resources: - name: authorize path: /authorize operations: - name: authorizeuser method: GET description: Authorize User outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: client_id in: query type: string description: OAuth 2.0 client identifier. required: true - name: redirect_uri in: query type: string description: URI to redirect to after authorization. required: true - name: response_type in: query type: string description: Must be "code" for authorization code flow. required: true - name: scope in: query type: string description: 'Space-separated list of scopes. Supported: openid, email, profile, nas_read_only, nas_read_write.' - name: state in: query type: string description: CSRF protection state parameter. - name: oauth-token path: /oauth/token operations: - name: getaccesstoken method: POST description: Get Access Token outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.WESTERN_DIGITAL_API_KEY}}' exposes: - type: rest namespace: my-cloud-home-authentication-rest port: 8080 description: REST adapter for WD My Cloud Home API — Authentication. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/authorize name: authorize description: REST surface for authorize. operations: - method: GET name: authorizeuser description: Authorize User call: my-cloud-home-authentication.authorizeuser with: client_id: rest.client_id redirect_uri: rest.redirect_uri response_type: rest.response_type scope: rest.scope state: rest.state outputParameters: - type: object mapping: $. - path: /v1/oauth/token name: oauth-token description: REST surface for oauth-token. operations: - method: POST name: getaccesstoken description: Get Access Token call: my-cloud-home-authentication.getaccesstoken with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: my-cloud-home-authentication-mcp port: 9090 transport: http description: MCP adapter for WD My Cloud Home API — Authentication. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: authorize-user description: Authorize User hints: readOnly: true destructive: false idempotent: true call: my-cloud-home-authentication.authorizeuser with: client_id: tools.client_id redirect_uri: tools.redirect_uri response_type: tools.response_type scope: tools.scope state: tools.state outputParameters: - type: object mapping: $. - name: get-access-token description: Get Access Token hints: readOnly: true destructive: false idempotent: false call: my-cloud-home-authentication.getaccesstoken with: body: tools.body outputParameters: - type: object mapping: $.