Auth0 · Agentic Access

Auth0 Agentic Access

x-agentic-access generated

Auth0 exposes 458 API operations that an AI agent could call, of which 272 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 186 read, 241 write, 20 physical, and 11 safety-critical.

11 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

AI AgentsAuthenticationAuthorizationFGAIdentity ManagementMCPOAuthOktaOpenID ConnectSAMLSecuritySCIM
Operations: 458 Acting: 272 Human-in-the-loop: 11 Method: generated

By consequence

read 186 write 241 physical 20 safety-critical 11

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
PATCH /branding/phone/templates/{id}/reset safety-critical required
PUT /keys/signing/{kid}/revoke safety-critical required
POST /network-acls safety-critical required
DELETE /network-acls/{id} safety-critical required
PATCH /network-acls/{id} safety-critical required
PUT /network-acls/{id} safety-critical required
POST /oauth/revoke safety-critical required
POST /refresh-tokens/revoke safety-critical required
POST /self-service-profiles/{profileId}/sso-ticket/{id}/revoke safety-critical required
POST /sessions/{id}/revoke safety-critical required
POST /users/{id}/revoke-access safety-critical required
POST /actions/actions/{actionId}/versions/{id}/deploy physical conditional
POST /actions/actions/{id}/deploy physical conditional
POST /branding/phone/providers/{id}/try physical conditional
POST /branding/phone/templates/{id}/try physical conditional
DELETE /connections/{id}/directory-provisioning physical conditional
PATCH /connections/{id}/directory-provisioning physical conditional
POST /connections/{id}/directory-provisioning physical conditional
POST /connections/{id}/directory-provisioning/synchronizations physical conditional
PUT /connections/{id}/directory-provisioning/synchronized-groups physical conditional
POST /dbconnections/change_password physical conditional
POST /event-streams/{id}/test physical conditional
POST /jobs/verification-email physical conditional
POST /stores/{store_id}/batch-check physical conditional
POST /stores/{store_id}/check physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/auth0-authentication-api-openapi.yml, openapi/auth0-fga-openapi.yml, openapi/auth0-management-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 458
  by_action_class:
    connected: 186
    acting: 272
  by_consequence:
    read: 186
    write: 241
    physical: 20
    safety-critical: 11
  human_in_the_loop_required: 11
operations:
- path: /authorize
  method: get
  operationId: authorize
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v2/logout
  method: get
  operationId: logout
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /oidc/logout
  method: get
  operationId: oidc_logout
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /samlp/{CLIENT_ID}/logout
  method: post
  operationId: saml_logout
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /passwordless/start
  method: post
  operationId: passwordless_start
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /passwordless/verify
  method: post
  operationId: passwordless_verify
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /oauth/token
  method: post
  operationId: oauth_token
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /dbconnections/signup
  method: post
  operationId: dbconnections_signup
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /dbconnections/change_password
  method: post
  operationId: dbconnections_change_password
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /userinfo
  method: get
  operationId: userinfo
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /mfa/challenge
  method: post
  operationId: mfa_challenge
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /mfa/associate
  method: post
  operationId: mfa_associate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /mfa/authenticators
  method: get
  operationId: mfa_authenticators
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /mfa/authenticators/{AUTHENTICATOR_ID}
  method: delete
  operationId: mfa_authenticators_delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /samlp/{client_id}
  method: get
  operationId: samlp_login
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /samlp/metadata/{client_id}
  method: get
  operationId: samlp_metadata
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /login/callback
  method: post
  operationId: login_callback
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /wsfed/{client_id}
  method: get
  operationId: wsfed_login
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /wsfed/FederationMetadata/2007-06/FederationMetadata.xml
  method: get
  operationId: wsfed_metadata
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /oidc/register
  method: post
  operationId: oidc_register
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /oauth/device/code
  method: post
  operationId: oauth_device_code
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /oauth/revoke
  method: post
  operationId: oauth_revoke
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /oauth/access_token
  method: post
  operationId: oauth_access_token
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /oauth/ro
  method: post
  operationId: oauth_ro
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /tokeninfo
  method: post
  operationId: tokeninfo
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /delegation
  method: post
  operationId: delegation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /unlink
  method: post
  operationId: unlink
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /users/{user_id}/impersonate
  method: post
  operationId: impersonate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /.well-known/authzen-configuration/{store_id}
  method: get
  operationId: GetConfiguration
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /stores
  method: get
  operationId: ListStores
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /stores
  method: post
  operationId: CreateStore
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}
  method: get
  operationId: GetStore
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /stores/{store_id}
  method: delete
  operationId: DeleteStore
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/access/v1/evaluation
  method: post
  operationId: Evaluation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/access/v1/evaluations
  method: post
  operationId: Evaluations
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/access/v1/search/action
  method: post
  operationId: ActionSearch
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/access/v1/search/resource
  method: post
  operationId: ResourceSearch
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/access/v1/search/subject
  method: post
  operationId: SubjectSearch
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/assertions/{authorization_model_id}
  method: get
  operationId: ReadAssertions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /stores/{store_id}/assertions/{authorization_model_id}
  method: put
  operationId: WriteAssertions
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/authorization-models
  method: get
  operationId: ReadAuthorizationModels
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /stores/{store_id}/authorization-models
  method: post
  operationId: WriteAuthorizationModel
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/authorization-models/{id}
  method: get
  operationId: ReadAuthorizationModel
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /stores/{store_id}/batch-check
  method: post
  operationId: BatchCheck
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/changes
  method: get
  operationId: ReadChanges
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /stores/{store_id}/check
  method: post
  operationId: Check
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/expand
  method: post
  operationId: Expand
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/list-objects
  method: post
  operationId: ListObjects
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/list-users
  method: post
  operationId: ListUsers
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/read
  method: post
  operationId: Read
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/streamed-list-objects
  method: post
  operationId: StreamedListObjects
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /stores/{store_id}/write
  method: post
  operationId: Write
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/actions
  method: get
  operationId: get_actions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/actions
  method: post
  operationId: post_action
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - create:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/actions/{actionId}/versions
  method: get
  operationId: get_action_versions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/actions/{actionId}/versions/{id}
  method: get
  operationId: get_action_version
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/actions/{actionId}/versions/{id}/deploy
  method: post
  operationId: post_deploy_draft_version
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - create:actions
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/actions/{id}
  method: get
  operationId: get_action
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/actions/{id}
  method: delete
  operationId: delete_action
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - delete:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/actions/{id}
  method: patch
  operationId: patch_action
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/actions/{id}/deploy
  method: post
  operationId: post_deploy_action
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - create:actions
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/actions/{id}/test
  method: post
  operationId: post_test_action
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - create:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/executions/{id}
  method: get
  operationId: get_execution
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/modules
  method: get
  operationId: get_action_modules
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/modules
  method: post
  operationId: post_action_module
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - create:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/modules/{id}
  method: get
  operationId: get_action_module
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/modules/{id}
  method: delete
  operationId: delete_action_module
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - delete:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/modules/{id}
  method: patch
  operationId: patch_action_module
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/modules/{id}/actions
  method: get
  operationId: get_action_module_actions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/modules/{id}/rollback
  method: post
  operationId: post_action_module_rollback
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/modules/{id}/versions
  method: get
  operationId: get_action_module_versions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/modules/{id}/versions
  method: post
  operationId: post_action_module_version
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /actions/modules/{id}/versions/{versionId}
  method: get
  operationId: get_action_module_version
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/triggers
  method: get
  operationId: get_triggers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/triggers/{triggerId}/bindings
  method: get
  operationId: get_bindings
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:actions
    token:
      max-ttl: 3600
    audit: none
- path: /actions/triggers/{triggerId}/bindings
  method: patch
  operationId: patch_bindings
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:actions
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /anomaly/blocks/ips/{id}
  method: get
  operationId: get_ips_by_id
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:anomaly_blocks
    token:
      max-ttl: 3600
    audit: none
- path: /anomaly/blocks/ips/{id}
  method: delete
  operationId: delete_ips_by_id
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - delete:anomaly_blocks
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /attack-protection/bot-detection
  method: get
  operationId: get_bot-detection
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:attack_protection
    token:
      max-ttl: 3600
    audit: none
- path: /attack-protection/bot-detection
  method: patch
  operationId: patch_bot-detection
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:attack_protection
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /attack-protection/breached-password-detection
  method: get
  operationId: get_breached-password-detection
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:attack_protection
    token:
      max-ttl: 3600
    audit: none
- path: /attack-protection/breached-password-detection
  method: patch
  operationId: patch_breached-password-detection
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:attack_protection
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /attack-protection/brute-force-protection
  method: get
  operationId: get_brute-force-protection
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:attack_protection
    token:
      max-ttl: 3600
    audit: none
- path: /attack-protection/brute-force-protection
  method: patch
  operationId: patch_brute-force-protection
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:attack_protection
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /attack-protection/captcha
  method: get
  operationId: get_captcha
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:attack_protection
    token:
      max-ttl: 3600
    audit: none
- path: /attack-protection/captcha
  method: patch
  operationId: patch_captcha
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:attack_protection
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /attack-protection/suspicious-ip-throttling
  method: get
  operationId: get_suspicious-ip-throttling
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:attack_protection
    token:
      max-ttl: 3600
    audit: none
- path: /attack-protection/suspicious-ip-throttling
  method: patch
  operationId: patch_suspicious-ip-throttling
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:attack_protection
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /branding
  method: get
  operationId: get_branding
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:branding
    token:
      max-ttl: 3600
    audit: none
- path: /branding
  method: patch
  operationId: patch_branding
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:branding
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /branding/phone/providers
  method: get
  operationId: get_branding_phone_providers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:phone_providers
    token:
      max-ttl: 3600
    audit: none
- path: /branding/phone/providers
  method: post
  operationId: create_phone_provider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - create:phone_providers
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /branding/phone/providers/{id}
  method: get
  operationId: get_phone_provider
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:phone_providers
    token:
      max-ttl: 3600
    audit: none
- path: /branding/phone/providers/{id}
  method: delete
  operationId: delete_phone_provider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - delete:phone_providers
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /branding/phone/providers/{id}
  method: patch
  operationId: update_phone_provider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - update:phone_providers
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /branding/phone/providers/{id}/try
  method: post
  operationId: try_phone_provider
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - create:phone_providers
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /branding/phone/templates
  method: get
  operationId: get_phone_templates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:phone_templates
    token:
      max-ttl: 3600
    audit: none
- path: /branding/phone/templates
  method: post
  operationId: create_phone_template
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - create:phone_templates
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /branding/phone/templates/{id}
  method: get
  operationId: get_phone_template
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - read:phone_templates
    token:
      max-ttl: 3600
    audit: none
- path: /branding/phone/templates/{id}
  method: delete
  operationId: delete_phone_template
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - delete:phone_templates
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: 

# --- truncated at 32 KB (152 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/auth0/refs/heads/main/agentic-access/auth0-agentic-access.yml