Aiven · Agentic Access

Aiven Agentic Access

x-agentic-access generated

Aiven exposes 457 API operations that an AI agent could call, of which 255 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 202 read, 226 write, 15 physical, and 14 safety-critical.

14 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

Managed Data InfrastructureApache KafkaPostgreSQLOpenSearchClickHouseRedisMySQLOpen SourceCloud DatabaseDBaaSData StreamingData Platform
Operations: 457 Acting: 255 Human-in-the-loop: 14 Method: generated

By consequence

read 202 write 226 physical 15 safety-critical 14

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
DELETE /access_token/{token_prefix} safety-critical required
DELETE /me/authentication_methods/{user_authentication_method_id} safety-critical required
DELETE /organization/{organization_id}/user/{member_user_id}/access-token/{token_prefix} safety-critical required
POST /organization/{organization_id}/user/{member_user_id}/reset_password safety-critical required
DELETE /project/{project}/service/{service_name} safety-critical required
PUT /project/{project}/service/{service_name}/clickhouse/user/{user_uuid}/password safety-critical required
POST /project/{project}/service/{service_name}/connectors/{connector_name}/stop safety-critical required
POST /project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id}/stop safety-critical required
POST /project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id}/stop safety-critical required
PUT /project/{project}/service/{service_name}/opensearch/security/admin safety-critical required
PUT /project/{project}/service/{service_name}/query/stats/reset safety-critical required
PUT /project/{project}/service/{service_name}/user/{service_username}/credentials/reset safety-critical required
POST /user/password_reset/{verification_code} safety-critical required
POST /user/password_reset_request safety-critical required
DELETE /account/{account_id}/payment_method/{card_id} physical conditional
POST /account/{account_id}/payment_methods physical conditional
POST /card physical conditional
DELETE /card/{card_id} physical conditional
PUT /card/{card_id} physical conditional
POST /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}/provision physical conditional
DELETE /organization/{organization_id}/payment-method/credit-card/{payment_method_id} physical conditional
POST /organization/{organization_id}/payment-method/credit-cards physical conditional
POST /project/{project}/invite physical conditional
POST /project/{project}/service/{service_name}/flink/application/{application_id}/deployment physical conditional
DELETE /project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id} physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/aiven-aiven-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 457
  by_action_class:
    acting: 255
    connected: 202
  by_consequence:
    physical: 15
    read: 202
    write: 226
    safety-critical: 14
  human_in_the_loop_required: 14
operations:
- path: /account/{account_id}/payment_methods
  method: post
  operationId: AccountAttachPaymentMethod
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - accounts:write
    - payments:write
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/payment_methods
  method: get
  operationId: AccountPaymentMethodsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - payments:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/authentication
  method: post
  operationId: AccountAuthenticationMethodCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - authentication:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/authentication
  method: get
  operationId: AccountAuthenticationMethodsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - authentication:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/authentication/{account_authentication_method_id}
  method: delete
  operationId: AccountAuthenticationMethodDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - authentication:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/authentication/{account_authentication_method_id}
  method: get
  operationId: AccountAuthenticationMethodGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - authentication:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/authentication/{account_authentication_method_id}
  method: put
  operationId: AccountAuthenticationMethodUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - authentication:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/billing-group
  method: get
  operationId: AccountBillingGroupList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /account
  method: post
  operationId: AccountCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account
  method: get
  operationId: AccountList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}
  method: delete
  operationId: AccountDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}
  method: get
  operationId: AccountGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}
  method: put
  operationId: AccountUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/events
  method: get
  operationId: AccountEventList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/parent_account
  method: put
  operationId: AccountMove
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/payment_method/{card_id}
  method: delete
  operationId: AccountPaymentMethodDelete
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - accounts:write
    - payments:write
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/projects
  method: get
  operationId: AccountProjectsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - projects:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/project/{project_name}/teams
  method: get
  operationId: AccountProjectsTeamsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - projects:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/teams
  method: post
  operationId: AccountTeamCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/teams
  method: get
  operationId: AccountTeamList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/team/{team_id}
  method: delete
  operationId: AccountTeamDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/team/{team_id}
  method: get
  operationId: AccountTeamGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/team/{team_id}
  method: put
  operationId: AccountTeamUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/team/{team_id}/invites
  method: get
  operationId: AccountTeamInvitesList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/team/{team_id}/invites/{user_email}
  method: delete
  operationId: AccountTeamMemberCancelInvite
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/invite/{invite_verification_code}
  method: post
  operationId: AccountTeamMemberVerifyInvite
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/team/{team_id}/member/{user_id}
  method: delete
  operationId: AccountTeamMembersDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/team/{team_id}/members
  method: post
  operationId: AccountTeamMembersInvite
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/team/{team_id}/members
  method: get
  operationId: AccountTeamMembersList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/team/{team_id}/project/{project}
  method: post
  operationId: AccountTeamProjectAssociate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - projects:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/team/{team_id}/project/{project}
  method: put
  operationId: AccountTeamProjectAssociationUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - projects:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/team/{team_id}/project/{project}
  method: delete
  operationId: AccountTeamProjectDisassociate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - projects:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /account/{account_id}/team/{team_id}/projects
  method: get
  operationId: AccountTeamProjectList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - projects:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/user/{user_id}/projects
  method: get
  operationId: AccountUserProjectsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - projects:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/user/{user_id}/teams
  method: get
  operationId: AccountUserTeamsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /account/{account_id}/users/search
  method: post
  operationId: AccountUsersSearch
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/application-users/{user_id}/access-tokens
  method: post
  operationId: ApplicationUserAccessTokenCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - authentication:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/application-users/{user_id}/access-tokens
  method: get
  operationId: ApplicationUserAccessTokensList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - authentication:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/application-users/{user_id}/access-tokens/{token_prefix}
  method: delete
  operationId: ApplicationUserAccessTokenDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - authentication:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/application-users
  method: post
  operationId: ApplicationUserCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - authentication:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/application-users
  method: get
  operationId: ApplicationUsersList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - authentication:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/application-users/{user_id}
  method: delete
  operationId: ApplicationUserDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - authentication:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/application-users/{user_id}
  method: get
  operationId: ApplicationUserGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - authentication:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/application-users/{user_id}
  method: patch
  operationId: ApplicationUserUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/authentication-methods/{authentication_method_id}/domains
  method: put
  operationId: OrganizationAuthDomainLink
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/authentication-methods/{authentication_method_id}/domains
  method: get
  operationId: OrganizationAuthDomainList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/authentication-methods/{authentication_method_id}/domains/{domain_id}
  method: delete
  operationId: OrganizationAuthDomainUnlink
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /credit-memos/{credit_memo_id}/{download_cookie}
  method: get
  operationId: BillingCreditMemoDownload
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group
  method: post
  operationId: BillingGroupCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /billing-group
  method: get
  operationId: BillingGroupList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}/credits
  method: post
  operationId: BillingGroupCreditsClaim
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /billing-group/{billing_group_id}/credits
  method: get
  operationId: BillingGroupCreditsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}
  method: delete
  operationId: BillingGroupDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /billing-group/{billing_group_id}
  method: get
  operationId: BillingGroupGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}
  method: put
  operationId: BillingGroupUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /billing-group/{billing_group_id}/events
  method: get
  operationId: BillingGroupEventList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}/invoice/{invoice_number}/csv
  method: get
  operationId: BillingGroupInvoiceCsvGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}/invoice/{invoice_number}/{download_cookie}
  method: get
  operationId: BillingGroupInvoiceDownload
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}/invoice/{invoice_number}
  method: get
  operationId: BillingGroupInvoiceGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}/invoice/{invoice_number}/lines
  method: get
  operationId: BillingGroupInvoiceLinesList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}/invoice
  method: get
  operationId: BillingGroupInvoiceList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}/project-assign/{project}
  method: post
  operationId: BillingGroupProjectAssign
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /billing-group/{billing_group_id}/projects
  method: get
  operationId: BillingGroupProjectList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /billing-group/{billing_group_id}/projects-assign
  method: post
  operationId: BillingGroupProjectsAssign
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /invoices/{invoice_number}
  method: get
  operationId: InvoiceGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/addresses
  method: post
  operationId: OrganizationAddressCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/addresses
  method: get
  operationId: OrganizationAddressList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/address/{address_id}
  method: delete
  operationId: OrganizationAddressDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/address/{address_id}
  method: get
  operationId: OrganizationAddressGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    - billing:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/address/{address_id}
  method: patch
  operationId: OrganizationAddressUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    - billing:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /clouds
  method: get
  operationId: ListClouds
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /project/{project}/clouds
  method: get
  operationId: ListProjectClouds
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - projects:read
    token:
      max-ttl: 3600
    audit: none
- path: /tenants/{tenant}/privatelink-availability
  method: get
  operationId: PublicPrivatelinkAvailabilityList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /tenants/{tenant}/static-ip-availability
  method: get
  operationId: PublicStaticIPAvailabilityList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/custom-cloud-environments
  method: post
  operationId: CustomCloudEnvironmentCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}
  method: delete
  operationId: CustomCloudEnvironmentDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}
  method: get
  operationId: CustomCloudEnvironmentGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}
  method: put
  operationId: CustomCloudEnvironmentUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}/permissions
  method: get
  operationId: CustomCloudEnvironmentPermissionsGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}/permissions
  method: put
  operationId: CustomCloudEnvironmentPermissionsSet
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/custom-cloud-environments/{custom_cloud_environment_id}/provision
  method: post
  operationId: CustomCloudEnvironmentProvision
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/domains
  method: post
  operationId: OrganizationDomainAdd
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/domains
  method: get
  operationId: OrganizationDomainsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/domains/{domain_id}
  method: patch
  operationId: OrganizationDomainUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/domains/{domain_id}
  method: delete
  operationId: OrganizationDomainsRemove
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/domains/{domain_id}/verify
  method: post
  operationId: OrganizationDomainVerify
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/user-groups
  method: post
  operationId: UserGroupCreate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/user-groups
  method: get
  operationId: UserGroupsList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/user-groups/{user_group_id}
  method: delete
  operationId: UserGroupDelete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organization/{organization_id}/user-groups/{user_group_id}
  method: get
  operationId: UserGroupGet
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - accounts:read
    token:
      max-ttl: 3600
    audit: none
- path: /organization/{organization_id}/user-groups/{user_group_id}
  method: patch
  operationId: UserGroupUpdate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - accounts:write
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal

# --- truncated at 32 KB (163 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/aiven/refs/heads/main/agentic-access/aiven-agentic-access.yml