Auth0 Agentic Access
Auth0 exposes 458 API operations that an AI agent could call, of which 272 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 186 read, 241 write, 20 physical, and 11 safety-critical.
11 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| PATCH | /branding/phone/templates/{id}/reset | safety-critical | required |
| PUT | /keys/signing/{kid}/revoke | safety-critical | required |
| POST | /network-acls | safety-critical | required |
| DELETE | /network-acls/{id} | safety-critical | required |
| PATCH | /network-acls/{id} | safety-critical | required |
| PUT | /network-acls/{id} | safety-critical | required |
| POST | /oauth/revoke | safety-critical | required |
| POST | /refresh-tokens/revoke | safety-critical | required |
| POST | /self-service-profiles/{profileId}/sso-ticket/{id}/revoke | safety-critical | required |
| POST | /sessions/{id}/revoke | safety-critical | required |
| POST | /users/{id}/revoke-access | safety-critical | required |
| POST | /actions/actions/{actionId}/versions/{id}/deploy | physical | conditional |
| POST | /actions/actions/{id}/deploy | physical | conditional |
| POST | /branding/phone/providers/{id}/try | physical | conditional |
| POST | /branding/phone/templates/{id}/try | physical | conditional |
| DELETE | /connections/{id}/directory-provisioning | physical | conditional |
| PATCH | /connections/{id}/directory-provisioning | physical | conditional |
| POST | /connections/{id}/directory-provisioning | physical | conditional |
| POST | /connections/{id}/directory-provisioning/synchronizations | physical | conditional |
| PUT | /connections/{id}/directory-provisioning/synchronized-groups | physical | conditional |
| POST | /dbconnections/change_password | physical | conditional |
| POST | /event-streams/{id}/test | physical | conditional |
| POST | /jobs/verification-email | physical | conditional |
| POST | /stores/{store_id}/batch-check | physical | conditional |
| POST | /stores/{store_id}/check | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/auth0-authentication-api-openapi.yml, openapi/auth0-fga-openapi.yml, openapi/auth0-management-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 458
by_action_class:
connected: 186
acting: 272
by_consequence:
read: 186
write: 241
physical: 20
safety-critical: 11
human_in_the_loop_required: 11
operations:
- path: /authorize
method: get
operationId: authorize
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v2/logout
method: get
operationId: logout
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oidc/logout
method: get
operationId: oidc_logout
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /samlp/{CLIENT_ID}/logout
method: post
operationId: saml_logout
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /passwordless/start
method: post
operationId: passwordless_start
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /passwordless/verify
method: post
operationId: passwordless_verify
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth/token
method: post
operationId: oauth_token
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /dbconnections/signup
method: post
operationId: dbconnections_signup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /dbconnections/change_password
method: post
operationId: dbconnections_change_password
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /userinfo
method: get
operationId: userinfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /mfa/challenge
method: post
operationId: mfa_challenge
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /mfa/associate
method: post
operationId: mfa_associate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /mfa/authenticators
method: get
operationId: mfa_authenticators
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /mfa/authenticators/{AUTHENTICATOR_ID}
method: delete
operationId: mfa_authenticators_delete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /samlp/{client_id}
method: get
operationId: samlp_login
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /samlp/metadata/{client_id}
method: get
operationId: samlp_metadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /login/callback
method: post
operationId: login_callback
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /wsfed/{client_id}
method: get
operationId: wsfed_login
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /wsfed/FederationMetadata/2007-06/FederationMetadata.xml
method: get
operationId: wsfed_metadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oidc/register
method: post
operationId: oidc_register
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth/device/code
method: post
operationId: oauth_device_code
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth/revoke
method: post
operationId: oauth_revoke
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /oauth/access_token
method: post
operationId: oauth_access_token
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth/ro
method: post
operationId: oauth_ro
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /tokeninfo
method: post
operationId: tokeninfo
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /delegation
method: post
operationId: delegation
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /unlink
method: post
operationId: unlink
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/impersonate
method: post
operationId: impersonate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /.well-known/authzen-configuration/{store_id}
method: get
operationId: GetConfiguration
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /stores
method: get
operationId: ListStores
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /stores
method: post
operationId: CreateStore
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}
method: get
operationId: GetStore
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /stores/{store_id}
method: delete
operationId: DeleteStore
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/access/v1/evaluation
method: post
operationId: Evaluation
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/access/v1/evaluations
method: post
operationId: Evaluations
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/access/v1/search/action
method: post
operationId: ActionSearch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/access/v1/search/resource
method: post
operationId: ResourceSearch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/access/v1/search/subject
method: post
operationId: SubjectSearch
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/assertions/{authorization_model_id}
method: get
operationId: ReadAssertions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /stores/{store_id}/assertions/{authorization_model_id}
method: put
operationId: WriteAssertions
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/authorization-models
method: get
operationId: ReadAuthorizationModels
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /stores/{store_id}/authorization-models
method: post
operationId: WriteAuthorizationModel
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/authorization-models/{id}
method: get
operationId: ReadAuthorizationModel
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /stores/{store_id}/batch-check
method: post
operationId: BatchCheck
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/changes
method: get
operationId: ReadChanges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /stores/{store_id}/check
method: post
operationId: Check
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/expand
method: post
operationId: Expand
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/list-objects
method: post
operationId: ListObjects
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/list-users
method: post
operationId: ListUsers
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/read
method: post
operationId: Read
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/streamed-list-objects
method: post
operationId: StreamedListObjects
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /stores/{store_id}/write
method: post
operationId: Write
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/actions
method: get
operationId: get_actions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/actions
method: post
operationId: post_action
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- create:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/actions/{actionId}/versions
method: get
operationId: get_action_versions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/actions/{actionId}/versions/{id}
method: get
operationId: get_action_version
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/actions/{actionId}/versions/{id}/deploy
method: post
operationId: post_deploy_draft_version
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- create:actions
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/actions/{id}
method: get
operationId: get_action
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/actions/{id}
method: delete
operationId: delete_action
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- delete:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/actions/{id}
method: patch
operationId: patch_action
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/actions/{id}/deploy
method: post
operationId: post_deploy_action
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- create:actions
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/actions/{id}/test
method: post
operationId: post_test_action
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- create:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/executions/{id}
method: get
operationId: get_execution
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/modules
method: get
operationId: get_action_modules
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/modules
method: post
operationId: post_action_module
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- create:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/modules/{id}
method: get
operationId: get_action_module
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/modules/{id}
method: delete
operationId: delete_action_module
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- delete:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/modules/{id}
method: patch
operationId: patch_action_module
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/modules/{id}/actions
method: get
operationId: get_action_module_actions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/modules/{id}/rollback
method: post
operationId: post_action_module_rollback
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/modules/{id}/versions
method: get
operationId: get_action_module_versions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/modules/{id}/versions
method: post
operationId: post_action_module_version
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actions/modules/{id}/versions/{versionId}
method: get
operationId: get_action_module_version
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/triggers
method: get
operationId: get_triggers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/triggers/{triggerId}/bindings
method: get
operationId: get_bindings
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:actions
token:
max-ttl: 3600
audit: none
- path: /actions/triggers/{triggerId}/bindings
method: patch
operationId: patch_bindings
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:actions
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /anomaly/blocks/ips/{id}
method: get
operationId: get_ips_by_id
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:anomaly_blocks
token:
max-ttl: 3600
audit: none
- path: /anomaly/blocks/ips/{id}
method: delete
operationId: delete_ips_by_id
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- delete:anomaly_blocks
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /attack-protection/bot-detection
method: get
operationId: get_bot-detection
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:attack_protection
token:
max-ttl: 3600
audit: none
- path: /attack-protection/bot-detection
method: patch
operationId: patch_bot-detection
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:attack_protection
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /attack-protection/breached-password-detection
method: get
operationId: get_breached-password-detection
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:attack_protection
token:
max-ttl: 3600
audit: none
- path: /attack-protection/breached-password-detection
method: patch
operationId: patch_breached-password-detection
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:attack_protection
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /attack-protection/brute-force-protection
method: get
operationId: get_brute-force-protection
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:attack_protection
token:
max-ttl: 3600
audit: none
- path: /attack-protection/brute-force-protection
method: patch
operationId: patch_brute-force-protection
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:attack_protection
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /attack-protection/captcha
method: get
operationId: get_captcha
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:attack_protection
token:
max-ttl: 3600
audit: none
- path: /attack-protection/captcha
method: patch
operationId: patch_captcha
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:attack_protection
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /attack-protection/suspicious-ip-throttling
method: get
operationId: get_suspicious-ip-throttling
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:attack_protection
token:
max-ttl: 3600
audit: none
- path: /attack-protection/suspicious-ip-throttling
method: patch
operationId: patch_suspicious-ip-throttling
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:attack_protection
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /branding
method: get
operationId: get_branding
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:branding
token:
max-ttl: 3600
audit: none
- path: /branding
method: patch
operationId: patch_branding
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:branding
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /branding/phone/providers
method: get
operationId: get_branding_phone_providers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:phone_providers
token:
max-ttl: 3600
audit: none
- path: /branding/phone/providers
method: post
operationId: create_phone_provider
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- create:phone_providers
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /branding/phone/providers/{id}
method: get
operationId: get_phone_provider
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:phone_providers
token:
max-ttl: 3600
audit: none
- path: /branding/phone/providers/{id}
method: delete
operationId: delete_phone_provider
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- delete:phone_providers
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /branding/phone/providers/{id}
method: patch
operationId: update_phone_provider
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- update:phone_providers
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /branding/phone/providers/{id}/try
method: post
operationId: try_phone_provider
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- create:phone_providers
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /branding/phone/templates
method: get
operationId: get_phone_templates
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:phone_templates
token:
max-ttl: 3600
audit: none
- path: /branding/phone/templates
method: post
operationId: create_phone_template
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- create:phone_templates
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /branding/phone/templates/{id}
method: get
operationId: get_phone_template
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- read:phone_templates
token:
max-ttl: 3600
audit: none
- path: /branding/phone/templates/{id}
method: delete
operationId: delete_phone_template
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- delete:phone_templates
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit:
# --- truncated at 32 KB (152 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/auth0/refs/heads/main/agentic-access/auth0-agentic-access.yml