BTCPay Server Agentic Access
BTCPay Server exposes 195 API operations that an AI agent could call, of which 102 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 93 read, 54 write, 42 physical, and 6 safety-critical.
6 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /api/v1/api-keys/current | safety-critical | required |
| DELETE | /api/v1/api-keys/{apikey} | safety-critical | required |
| PUT | /api/v1/stores/{storeId}/payout-processors/LightningAutomatedPayoutSenderFactory/{payoutMethodId} | safety-critical | required |
| PUT | /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedPayoutSenderFactory/{paymentMethodId} | safety-critical | required |
| PUT | /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedTransferSenderFactory | safety-critical | required |
| DELETE | /api/v1/users/{idOrEmail}/api-keys/{apikey} | safety-critical | required |
| DELETE | /api/v1/invoices/{invoiceId} | physical | conditional |
| PUT | /api/v1/invoices/{invoiceId} | physical | conditional |
| POST | /api/v1/invoices/{invoiceId}/payment-methods/{paymentMethodId}/activate | physical | conditional |
| POST | /api/v1/invoices/{invoiceId}/refund | physical | conditional |
| POST | /api/v1/invoices/{invoiceId}/status | physical | conditional |
| POST | /api/v1/invoices/{invoiceId}/unarchive | physical | conditional |
| DELETE | /api/v1/payment-requests/{paymentRequestId} | physical | conditional |
| PUT | /api/v1/payment-requests/{paymentRequestId} | physical | conditional |
| POST | /api/v1/payment-requests/{paymentRequestId}/pay | physical | conditional |
| POST | /api/v1/plan-checkout | physical | conditional |
| POST | /api/v1/plan-checkout/{checkoutId} | physical | conditional |
| DELETE | /api/v1/pull-payments/{pullPaymentId} | physical | conditional |
| POST | /api/v1/pull-payments/{pullPaymentId}/boltcards | physical | conditional |
| POST | /api/v1/pull-payments/{pullPaymentId}/payouts | physical | conditional |
| POST | /api/v1/server/lightning/{cryptoCode}/address | physical | conditional |
| POST | /api/v1/server/lightning/{cryptoCode}/invoices | physical | conditional |
| POST | /api/v1/server/lightning/{cryptoCode}/invoices/pay | physical | conditional |
| POST | /api/v1/stores/{storeId}/email/send | physical | conditional |
| POST | /api/v1/stores/{storeId}/invoices | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/openapi.json
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 195
by_action_class:
acting: 102
connected: 93
by_consequence:
safety-critical: 6
read: 93
write: 54
physical: 42
human_in_the_loop_required: 6
operations:
- path: /api/v1/api-keys/{apikey}
method: delete
operationId: ApiKeys_DeleteApiKey
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- unrestricted
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/users/{idOrEmail}/api-keys/{apikey}
method: delete
operationId: ApiKeys_DeleteUserApiKey
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- unrestricted
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/api-keys/current
method: get
operationId: ApiKeys_GetCurrentApiKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canmanageusers
token:
max-ttl: 3600
audit: none
- path: /api/v1/api-keys/current
method: delete
operationId: ApiKeys_DeleteCurrentApiKey
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/api-keys
method: post
operationId: ApiKeys_CreateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- unrestricted
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/users/{idOrEmail}/api-keys
method: post
operationId: ApiKeys_CreateUserApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.server.canmanageusers
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/stores/{storeId}/apps/pos
method: post
operationId: Apps_CreatePointOfSaleApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.canmodifystoresettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apps/pos/{appId}
method: put
operationId: Apps_PutPointOfSaleApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.canmodifystoresettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apps/pos/{appId}
method: get
operationId: Apps_GetPointOfSaleApp
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/apps/crowdfund/{appId}
method: put
operationId: Apps_PutCrowdfundApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.canmodifystoresettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apps/crowdfund/{appId}
method: get
operationId: Apps_GetCrowdfundApp
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/apps/crowdfund
method: post
operationId: Apps_CreateCrowdfundApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.canmodifystoresettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apps/{appId}
method: get
operationId: Apps_GetApp
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canmodifystoresettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/apps/{appId}
method: delete
operationId: Apps_DeleteApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.canmodifystoresettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apps/{appId}/image
method: post
operationId: Apps_UploadAppItemImage
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.canmodifystoresettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apps/{appId}/image/{fileId}
method: delete
operationId: App_DeleteAppItemImage
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.canmodifystoresettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apps/{appId}/sales
method: get
operationId: Apps_GetAppSales
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canmodifystoresettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/apps/{appId}/top-items
method: get
operationId: Apps_GetAppTopItems
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canmodifystoresettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/apps
method: get
operationId: Apps_GetAllAppsForStore
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canmodifystoresettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/apps
method: get
operationId: Apps_GetAllApps
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canmodifystoresettings
token:
max-ttl: 3600
audit: none
- path: /api-keys/authorize
method: get
operationId: ApiKeys_Authorize
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/files
method: get
operationId: Files_GetFiles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canmodifyserversettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/files
method: post
operationId: Files_UploadFile
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.server.canmodifyserversettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/files/{fileId}
method: get
operationId: Files_GetFile
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canmodifyserversettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/files/{fileId}
method: delete
operationId: Files_DeleteFile
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.server.canmodifyserversettings
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/health
method: get
operationId: Health_GetHealth
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/invoices
method: get
operationId: Invoices_GetInvoices
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewinvoices
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/invoices
method: post
operationId: Invoices_CreateInvoice
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.cancreateinvoice
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/invoices/{invoiceId}
method: get
operationId: Invoices_GetInvoice
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewinvoices
token:
max-ttl: 3600
audit: none
- path: /api/v1/invoices/{invoiceId}
method: delete
operationId: Invoices_ArchiveInvoice
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canmodifyinvoices
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/invoices/{invoiceId}
method: put
operationId: Invoices_UpdateInvoice
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canmodifyinvoices
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/invoices/{invoiceId}/payment-methods
method: get
operationId: Invoices_GetInvoicePaymentMethods
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewinvoices
token:
max-ttl: 3600
audit: none
- path: /api/v1/invoices/{invoiceId}/status
method: post
operationId: Invoices_MarkInvoiceStatus
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canmodifyinvoices
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/invoices/{invoiceId}/unarchive
method: post
operationId: Invoices_UnarchiveInvoice
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canmodifyinvoices
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/invoices/{invoiceId}/payment-methods/{paymentMethodId}/activate
method: post
operationId: Invoices_ActivatePaymentMethod
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canviewinvoices
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/invoices/{invoiceId}/refund
method: post
operationId: Invoices_Refund
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.cancreatepullpayments
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/invoices/{invoiceId}/refund/{paymentMethodId}
method: get
operationId: Invoices_GetInvoiceRefundTriggerData
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.cancreatepullpayments
token:
max-ttl: 3600
audit: none
- path: /api/v1/server/lightning/{cryptoCode}/info
method: get
operationId: InternalLightningNodeApi_GetInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canuseinternallightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/server/lightning/{cryptoCode}/balance
method: get
operationId: InternalLightningNodeApi_GetBalance
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canuseinternallightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/server/lightning/{cryptoCode}/histogram
method: get
operationId: InternalLightningNodeApi_GetHistogram
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canuseinternallightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/server/lightning/{cryptoCode}/connect
method: post
operationId: InternalLightningNodeApi_ConnectToNode
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.server.canuseinternallightningnode
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/server/lightning/{cryptoCode}/channels
method: get
operationId: InternalLightningNodeApi_GetChannels
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canuseinternallightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/server/lightning/{cryptoCode}/channels
method: post
operationId: InternalLightningNodeApi_OpenChannel
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.server.canuseinternallightningnode
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/server/lightning/{cryptoCode}/address
method: post
operationId: InternalLightningNodeApi_GetDepositAddress
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.server.canuseinternallightningnode
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/server/lightning/{cryptoCode}/payments/{paymentHash}
method: get
operationId: InternalLightningNodeApi_GetPayment
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canuseinternallightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/server/lightning/{cryptoCode}/invoices/{id}
method: get
operationId: InternalLightningNodeApi_GetInvoice
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canviewlightninginvoiceinternalnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/server/lightning/{cryptoCode}/invoices/pay
method: post
operationId: InternalLightningNodeApi_PayInvoice
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.server.canuseinternallightningnode
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/server/lightning/{cryptoCode}/invoices
method: get
operationId: InternalLightningNodeApi_GetInvoices
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canviewlightninginvoiceinternalnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/server/lightning/{cryptoCode}/invoices
method: post
operationId: InternalLightningNodeApi_CreateInvoice
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.server.cancreatelightninginvoiceinternalnode
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/server/lightning/{cryptoCode}/payments
method: get
operationId: InternalLightningNodeApi_GetPayments
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.server.canuseinternallightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/info
method: get
operationId: StoreLightningNodeApi_GetInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canuselightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/balance
method: get
operationId: StoreLightningNodeApi_GetBalance
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canuselightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/histogram
method: get
operationId: StoreLightningNodeApi_GetHistogram
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canuselightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/connect
method: post
operationId: StoreLightningNodeApi_ConnectToNode
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.cancreatelightninginvoice
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/channels
method: get
operationId: StoreLightningNodeApi_GetChannels
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.cancreatelightninginvoice
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/channels
method: post
operationId: StoreLightningNodeApi_OpenChannel
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.store.cancreatelightninginvoice
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/address
method: post
operationId: StoreLightningNodeApi_GetDepositAddress
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.cancreatelightninginvoice
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/payments/{paymentHash}
method: get
operationId: StoreLightningNodeApi_GetPayment
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canuselightningnode
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/invoices/{id}
method: get
operationId: StoreLightningNodeApi_GetInvoice
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewlightninginvoice
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/invoices/pay
method: post
operationId: StoreLightningNodeApi_PayInvoice
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.cancreatelightninginvoice
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/invoices
method: get
operationId: StoreLightningNodeApi_GetInvoices
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewlightninginvoice
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/invoices
method: post
operationId: StoreLightningNodeApi_CreateInvoice
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.server.cancreatelightninginvoiceinternalnode
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/payments
method: get
operationId: StoreLightningNodeApi_GetPayments
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.cancreatelightninginvoice
token:
max-ttl: 3600
audit: none
- path: /misc/rate-sources
method: get
operationId: GetRateSources
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /misc/permissions
method: get
operationId: permissionsMetadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /misc/lang
method: get
operationId: langCodes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /i/{invoiceId}
method: get
operationId: Invoice_Checkout
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/users/me/notifications
method: get
operationId: Notifications_GetNotifications
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.user.canmanagenotificationsforuser
- btcpay.user.canviewnotificationsforuser
token:
max-ttl: 3600
audit: none
- path: /api/v1/users/me/notifications/{id}
method: get
operationId: Notifications_GetNotification
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.user.canmanagenotificationsforuser
- btcpay.user.canviewnotificationsforuser
token:
max-ttl: 3600
audit: none
- path: /api/v1/users/me/notifications/{id}
method: put
operationId: Notifications_UpdateNotification
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.user.canmanagenotificationsforuser
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/users/me/notifications/{id}
method: delete
operationId: Notifications_DeleteNotification
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.user.canmanagenotificationsforuser
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/users/me/notification-settings
method: get
operationId: Notifications_GetNotificationSettings
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.user.canmanagenotificationsforuser
token:
max-ttl: 3600
audit: none
- path: /api/v1/users/me/notification-settings
method: put
operationId: Notifications_UpdateNotificationSettings
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- btcpay.user.canmanagenotificationsforuser
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/stores/{storeId}/payment-requests
method: get
operationId: PaymentRequests_GetPaymentRequests
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewpaymentrequests
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/payment-requests
method: post
operationId: PaymentRequests_CreatePaymentRequest
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canmodifypaymentrequests
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/payment-requests/{paymentRequestId}
method: get
operationId: PaymentRequests_GetPaymentRequest
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewpaymentrequests
token:
max-ttl: 3600
audit: none
- path: /api/v1/payment-requests/{paymentRequestId}
method: delete
operationId: PaymentRequests_ArchivePaymentRequest
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canmodifypaymentrequests
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/payment-requests/{paymentRequestId}
method: put
operationId: PaymentRequests_UpdatePaymentRequest
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canmodifypaymentrequests
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/payment-requests/{paymentRequestId}/pay
method: post
operationId: PaymentRequests_Pay
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canviewpaymentrequests
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/stores/{storeId}/payout-processors
method: get
operationId: StorePayoutProcessors_GetStorePayoutProcessors
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewstoresettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/payout-processors/{processor}/{paymentMethodId}
method: delete
operationId: StorePayoutProcessors_RemoveStorePayoutProcessor
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- btcpay.store.canmodifystoresettings
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/payout-processors
method: get
operationId: PayoutProcessors_GetPayoutProcessors
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedPayoutSenderFactory/{paymentMethodId}
method: get
operationId: GreenfieldStoreAutomatedOnChainPayoutProcessorsController_GetStoreOnChainAutomatedPayoutProcessorsForPaymentMethod
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewstoresettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedPayoutSenderFactory/{paymentMethodId}
method: put
operationId: GreenfieldStoreAutomatedOnChainPayoutProcessorsController_UpdateStoreOnChainAutomatedPayoutProcessorForPaymentMethod
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- btcpay.store.canviewstoresettings
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/stores/{storeId}/payout-processors/LightningAutomatedPayoutSenderFactory/{payoutMethodId}
method: get
operationId: GreenfieldStoreAutomatedLightningPayoutProcessorsController_GetStoreLightningAutomatedPayoutProcessorsForPaymentMethod
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- btcpay.store.canviewstoresettings
token:
max-ttl: 3600
audit: none
- path: /api/v1/stores/{storeId}/payout-processors/LightningAutomatedPayoutSenderFactory/{payoutMethodId}
method: put
operationId: GreenfieldStoreAutomatedLightningPayoutProcessorsController_UpdateStoreLightningAutomatedPayoutProcessor
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- btcpay.store.canviewstoresettings
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedTransferSenderFactory
method: get
operationId: GreenfieldStoreAutomatedOnChainPayoutProcessorsController_GetStoreOnChainAutomatedTransferSenderFactory
x-agentic-access:
action-c
# --- truncated at 32 KB (73 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/btcpay/refs/heads/main/agentic-access/btcpay-agentic-access.yml