Aiven Agentic Access
Aiven exposes 457 API operations that an AI agent could call, of which 255 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 202 read, 226 write, 15 physical, and 14 safety-critical.
14 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /access_token/{token_prefix} | safety-critical | required |
| DELETE | /me/authentication_methods/{user_authentication_method_id} | safety-critical | required |
| DELETE | /organization/{organization_id}/user/{member_user_id}/access-token/{token_prefix} | safety-critical | required |
| POST | /organization/{organization_id}/user/{member_user_id}/reset_password | safety-critical | required |
| DELETE | /project/{project}/service/{service_name} | safety-critical | required |
| PUT | /project/{project}/service/{service_name}/clickhouse/user/{user_uuid}/password | safety-critical | required |
| POST | /project/{project}/service/{service_name}/connectors/{connector_name}/stop | safety-critical | required |
| POST | /project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id}/stop | safety-critical | required |
| POST | /project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id}/stop | safety-critical | required |
| PUT | /project/{project}/service/{service_name}/opensearch/security/admin | safety-critical | required |
| PUT | /project/{project}/service/{service_name}/query/stats/reset | safety-critical | required |
| PUT | /project/{project}/service/{service_name}/user/{service_username}/credentials/reset | safety-critical | required |
| POST | /user/password_reset/{verification_code} | safety-critical | required |
| POST | /user/password_reset_request | safety-critical | required |
| DELETE | /account/{account_id}/payment_method/{card_id} | physical | conditional |
| POST | /account/{account_id}/payment_methods | physical | conditional |
| POST | /card | physical | conditional |
| DELETE | /card/{card_id} | physical | conditional |
| PUT | /card/{card_id} | physical | conditional |
| POST | /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}/provision | physical | conditional |
| DELETE | /organization/{organization_id}/payment-method/credit-card/{payment_method_id} | physical | conditional |
| POST | /organization/{organization_id}/payment-method/credit-cards | physical | conditional |
| POST | /project/{project}/invite | physical | conditional |
| POST | /project/{project}/service/{service_name}/flink/application/{application_id}/deployment | physical | conditional |
| DELETE | /project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id} | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/aiven-aiven-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 457
by_action_class:
acting: 255
connected: 202
by_consequence:
physical: 15
read: 202
write: 226
safety-critical: 14
human_in_the_loop_required: 14
operations:
- path: /account/{account_id}/payment_methods
method: post
operationId: AccountAttachPaymentMethod
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- accounts:write
- payments:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/payment_methods
method: get
operationId: AccountPaymentMethodsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- payments:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/authentication
method: post
operationId: AccountAuthenticationMethodCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- authentication:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/authentication
method: get
operationId: AccountAuthenticationMethodsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- authentication:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/authentication/{account_authentication_method_id}
method: delete
operationId: AccountAuthenticationMethodDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- authentication:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/authentication/{account_authentication_method_id}
method: get
operationId: AccountAuthenticationMethodGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- authentication:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/authentication/{account_authentication_method_id}
method: put
operationId: AccountAuthenticationMethodUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- authentication:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/billing-group
method: get
operationId: AccountBillingGroupList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- billing:read
token:
max-ttl: 3600
audit: none
- path: /account
method: post
operationId: AccountCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account
method: get
operationId: AccountList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}
method: delete
operationId: AccountDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}
method: get
operationId: AccountGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}
method: put
operationId: AccountUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/events
method: get
operationId: AccountEventList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/parent_account
method: put
operationId: AccountMove
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/payment_method/{card_id}
method: delete
operationId: AccountPaymentMethodDelete
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- accounts:write
- payments:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/projects
method: get
operationId: AccountProjectsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- projects:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/project/{project_name}/teams
method: get
operationId: AccountProjectsTeamsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- projects:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/teams
method: post
operationId: AccountTeamCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/teams
method: get
operationId: AccountTeamList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/team/{team_id}
method: delete
operationId: AccountTeamDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/team/{team_id}
method: get
operationId: AccountTeamGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/team/{team_id}
method: put
operationId: AccountTeamUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/team/{team_id}/invites
method: get
operationId: AccountTeamInvitesList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/team/{team_id}/invites/{user_email}
method: delete
operationId: AccountTeamMemberCancelInvite
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/invite/{invite_verification_code}
method: post
operationId: AccountTeamMemberVerifyInvite
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/team/{team_id}/member/{user_id}
method: delete
operationId: AccountTeamMembersDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/team/{team_id}/members
method: post
operationId: AccountTeamMembersInvite
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/team/{team_id}/members
method: get
operationId: AccountTeamMembersList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/team/{team_id}/project/{project}
method: post
operationId: AccountTeamProjectAssociate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- projects:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/team/{team_id}/project/{project}
method: put
operationId: AccountTeamProjectAssociationUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- projects:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/team/{team_id}/project/{project}
method: delete
operationId: AccountTeamProjectDisassociate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- projects:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /account/{account_id}/team/{team_id}/projects
method: get
operationId: AccountTeamProjectList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- projects:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/user/{user_id}/projects
method: get
operationId: AccountUserProjectsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- projects:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/user/{user_id}/teams
method: get
operationId: AccountUserTeamsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /account/{account_id}/users/search
method: post
operationId: AccountUsersSearch
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/application-users/{user_id}/access-tokens
method: post
operationId: ApplicationUserAccessTokenCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- authentication:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/application-users/{user_id}/access-tokens
method: get
operationId: ApplicationUserAccessTokensList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- authentication:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/application-users/{user_id}/access-tokens/{token_prefix}
method: delete
operationId: ApplicationUserAccessTokenDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- authentication:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/application-users
method: post
operationId: ApplicationUserCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- authentication:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/application-users
method: get
operationId: ApplicationUsersList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- authentication:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/application-users/{user_id}
method: delete
operationId: ApplicationUserDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- authentication:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/application-users/{user_id}
method: get
operationId: ApplicationUserGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- authentication:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/application-users/{user_id}
method: patch
operationId: ApplicationUserUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/authentication-methods/{authentication_method_id}/domains
method: put
operationId: OrganizationAuthDomainLink
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/authentication-methods/{authentication_method_id}/domains
method: get
operationId: OrganizationAuthDomainList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/authentication-methods/{authentication_method_id}/domains/{domain_id}
method: delete
operationId: OrganizationAuthDomainUnlink
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /credit-memos/{credit_memo_id}/{download_cookie}
method: get
operationId: BillingCreditMemoDownload
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /billing-group
method: post
operationId: BillingGroupCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /billing-group
method: get
operationId: BillingGroupList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}/credits
method: post
operationId: BillingGroupCreditsClaim
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /billing-group/{billing_group_id}/credits
method: get
operationId: BillingGroupCreditsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}
method: delete
operationId: BillingGroupDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /billing-group/{billing_group_id}
method: get
operationId: BillingGroupGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}
method: put
operationId: BillingGroupUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /billing-group/{billing_group_id}/events
method: get
operationId: BillingGroupEventList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}/invoice/{invoice_number}/csv
method: get
operationId: BillingGroupInvoiceCsvGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}/invoice/{invoice_number}/{download_cookie}
method: get
operationId: BillingGroupInvoiceDownload
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}/invoice/{invoice_number}
method: get
operationId: BillingGroupInvoiceGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}/invoice/{invoice_number}/lines
method: get
operationId: BillingGroupInvoiceLinesList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}/invoice
method: get
operationId: BillingGroupInvoiceList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}/project-assign/{project}
method: post
operationId: BillingGroupProjectAssign
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /billing-group/{billing_group_id}/projects
method: get
operationId: BillingGroupProjectList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /billing-group/{billing_group_id}/projects-assign
method: post
operationId: BillingGroupProjectsAssign
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /invoices/{invoice_number}
method: get
operationId: InvoiceGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- billing:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/addresses
method: post
operationId: OrganizationAddressCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/addresses
method: get
operationId: OrganizationAddressList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- billing:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/address/{address_id}
method: delete
operationId: OrganizationAddressDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/address/{address_id}
method: get
operationId: OrganizationAddressGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
- billing:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/address/{address_id}
method: patch
operationId: OrganizationAddressUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
- billing:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /clouds
method: get
operationId: ListClouds
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /project/{project}/clouds
method: get
operationId: ListProjectClouds
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- projects:read
token:
max-ttl: 3600
audit: none
- path: /tenants/{tenant}/privatelink-availability
method: get
operationId: PublicPrivatelinkAvailabilityList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /tenants/{tenant}/static-ip-availability
method: get
operationId: PublicStaticIPAvailabilityList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/custom-cloud-environments
method: post
operationId: CustomCloudEnvironmentCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}
method: delete
operationId: CustomCloudEnvironmentDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}
method: get
operationId: CustomCloudEnvironmentGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}
method: put
operationId: CustomCloudEnvironmentUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}/permissions
method: get
operationId: CustomCloudEnvironmentPermissionsGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}/permissions
method: put
operationId: CustomCloudEnvironmentPermissionsSet
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}/provision
method: post
operationId: CustomCloudEnvironmentProvision
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/domains
method: post
operationId: OrganizationDomainAdd
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/domains
method: get
operationId: OrganizationDomainsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/domains/{domain_id}
method: patch
operationId: OrganizationDomainUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/domains/{domain_id}
method: delete
operationId: OrganizationDomainsRemove
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/domains/{domain_id}/verify
method: post
operationId: OrganizationDomainVerify
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/user-groups
method: post
operationId: UserGroupCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/user-groups
method: get
operationId: UserGroupsList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/user-groups/{user_group_id}
method: delete
operationId: UserGroupDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /organization/{organization_id}/user-groups/{user_group_id}
method: get
operationId: UserGroupGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- accounts:read
token:
max-ttl: 3600
audit: none
- path: /organization/{organization_id}/user-groups/{user_group_id}
method: patch
operationId: UserGroupUpdate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- accounts:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
# --- truncated at 32 KB (163 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/aiven/refs/heads/main/agentic-access/aiven-agentic-access.yml