BTCPay Server · Agentic Access

BTCPay Server Agentic Access

x-agentic-access generated

BTCPay Server exposes 195 API operations that an AI agent could call, of which 102 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 93 read, 54 write, 42 physical, and 6 safety-critical.

6 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

BitcoinCryptocurrencyPaymentsLightning NetworkOpen SourceSelf-Hosted
Operations: 195 Acting: 102 Human-in-the-loop: 6 Method: generated

By consequence

read 93 write 54 physical 42 safety-critical 6

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
DELETE /api/v1/api-keys/current safety-critical required
DELETE /api/v1/api-keys/{apikey} safety-critical required
PUT /api/v1/stores/{storeId}/payout-processors/LightningAutomatedPayoutSenderFactory/{payoutMethodId} safety-critical required
PUT /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedPayoutSenderFactory/{paymentMethodId} safety-critical required
PUT /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedTransferSenderFactory safety-critical required
DELETE /api/v1/users/{idOrEmail}/api-keys/{apikey} safety-critical required
DELETE /api/v1/invoices/{invoiceId} physical conditional
PUT /api/v1/invoices/{invoiceId} physical conditional
POST /api/v1/invoices/{invoiceId}/payment-methods/{paymentMethodId}/activate physical conditional
POST /api/v1/invoices/{invoiceId}/refund physical conditional
POST /api/v1/invoices/{invoiceId}/status physical conditional
POST /api/v1/invoices/{invoiceId}/unarchive physical conditional
DELETE /api/v1/payment-requests/{paymentRequestId} physical conditional
PUT /api/v1/payment-requests/{paymentRequestId} physical conditional
POST /api/v1/payment-requests/{paymentRequestId}/pay physical conditional
POST /api/v1/plan-checkout physical conditional
POST /api/v1/plan-checkout/{checkoutId} physical conditional
DELETE /api/v1/pull-payments/{pullPaymentId} physical conditional
POST /api/v1/pull-payments/{pullPaymentId}/boltcards physical conditional
POST /api/v1/pull-payments/{pullPaymentId}/payouts physical conditional
POST /api/v1/server/lightning/{cryptoCode}/address physical conditional
POST /api/v1/server/lightning/{cryptoCode}/invoices physical conditional
POST /api/v1/server/lightning/{cryptoCode}/invoices/pay physical conditional
POST /api/v1/stores/{storeId}/email/send physical conditional
POST /api/v1/stores/{storeId}/invoices physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/openapi.json
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 195
  by_action_class:
    acting: 102
    connected: 93
  by_consequence:
    safety-critical: 6
    read: 93
    write: 54
    physical: 42
  human_in_the_loop_required: 6
operations:
- path: /api/v1/api-keys/{apikey}
  method: delete
  operationId: ApiKeys_DeleteApiKey
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - unrestricted
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /api/v1/users/{idOrEmail}/api-keys/{apikey}
  method: delete
  operationId: ApiKeys_DeleteUserApiKey
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - unrestricted
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /api/v1/api-keys/current
  method: get
  operationId: ApiKeys_GetCurrentApiKey
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canmanageusers
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/api-keys/current
  method: delete
  operationId: ApiKeys_DeleteCurrentApiKey
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /api/v1/api-keys
  method: post
  operationId: ApiKeys_CreateApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - unrestricted
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/users/{idOrEmail}/api-keys
  method: post
  operationId: ApiKeys_CreateUserApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.server.canmanageusers
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/stores/{storeId}/apps/pos
  method: post
  operationId: Apps_CreatePointOfSaleApp
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.canmodifystoresettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/apps/pos/{appId}
  method: put
  operationId: Apps_PutPointOfSaleApp
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.canmodifystoresettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/apps/pos/{appId}
  method: get
  operationId: Apps_GetPointOfSaleApp
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/apps/crowdfund/{appId}
  method: put
  operationId: Apps_PutCrowdfundApp
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.canmodifystoresettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/apps/crowdfund/{appId}
  method: get
  operationId: Apps_GetCrowdfundApp
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/apps/crowdfund
  method: post
  operationId: Apps_CreateCrowdfundApp
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.canmodifystoresettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/apps/{appId}
  method: get
  operationId: Apps_GetApp
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canmodifystoresettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/apps/{appId}
  method: delete
  operationId: Apps_DeleteApp
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.canmodifystoresettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/apps/{appId}/image
  method: post
  operationId: Apps_UploadAppItemImage
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.canmodifystoresettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/apps/{appId}/image/{fileId}
  method: delete
  operationId: App_DeleteAppItemImage
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.canmodifystoresettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/apps/{appId}/sales
  method: get
  operationId: Apps_GetAppSales
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canmodifystoresettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/apps/{appId}/top-items
  method: get
  operationId: Apps_GetAppTopItems
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canmodifystoresettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/apps
  method: get
  operationId: Apps_GetAllAppsForStore
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canmodifystoresettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/apps
  method: get
  operationId: Apps_GetAllApps
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canmodifystoresettings
    token:
      max-ttl: 3600
    audit: none
- path: /api-keys/authorize
  method: get
  operationId: ApiKeys_Authorize
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/files
  method: get
  operationId: Files_GetFiles
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canmodifyserversettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/files
  method: post
  operationId: Files_UploadFile
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.server.canmodifyserversettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/files/{fileId}
  method: get
  operationId: Files_GetFile
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canmodifyserversettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/files/{fileId}
  method: delete
  operationId: Files_DeleteFile
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.server.canmodifyserversettings
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/health
  method: get
  operationId: Health_GetHealth
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/invoices
  method: get
  operationId: Invoices_GetInvoices
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewinvoices
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/invoices
  method: post
  operationId: Invoices_CreateInvoice
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.cancreateinvoice
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/invoices/{invoiceId}
  method: get
  operationId: Invoices_GetInvoice
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewinvoices
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/invoices/{invoiceId}
  method: delete
  operationId: Invoices_ArchiveInvoice
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canmodifyinvoices
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/invoices/{invoiceId}
  method: put
  operationId: Invoices_UpdateInvoice
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canmodifyinvoices
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/invoices/{invoiceId}/payment-methods
  method: get
  operationId: Invoices_GetInvoicePaymentMethods
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewinvoices
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/invoices/{invoiceId}/status
  method: post
  operationId: Invoices_MarkInvoiceStatus
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canmodifyinvoices
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/invoices/{invoiceId}/unarchive
  method: post
  operationId: Invoices_UnarchiveInvoice
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canmodifyinvoices
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/invoices/{invoiceId}/payment-methods/{paymentMethodId}/activate
  method: post
  operationId: Invoices_ActivatePaymentMethod
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canviewinvoices
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/invoices/{invoiceId}/refund
  method: post
  operationId: Invoices_Refund
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.cancreatepullpayments
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/invoices/{invoiceId}/refund/{paymentMethodId}
  method: get
  operationId: Invoices_GetInvoiceRefundTriggerData
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.cancreatepullpayments
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/server/lightning/{cryptoCode}/info
  method: get
  operationId: InternalLightningNodeApi_GetInfo
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canuseinternallightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/server/lightning/{cryptoCode}/balance
  method: get
  operationId: InternalLightningNodeApi_GetBalance
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canuseinternallightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/server/lightning/{cryptoCode}/histogram
  method: get
  operationId: InternalLightningNodeApi_GetHistogram
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canuseinternallightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/server/lightning/{cryptoCode}/connect
  method: post
  operationId: InternalLightningNodeApi_ConnectToNode
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.server.canuseinternallightningnode
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/server/lightning/{cryptoCode}/channels
  method: get
  operationId: InternalLightningNodeApi_GetChannels
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canuseinternallightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/server/lightning/{cryptoCode}/channels
  method: post
  operationId: InternalLightningNodeApi_OpenChannel
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.server.canuseinternallightningnode
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/server/lightning/{cryptoCode}/address
  method: post
  operationId: InternalLightningNodeApi_GetDepositAddress
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.server.canuseinternallightningnode
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/server/lightning/{cryptoCode}/payments/{paymentHash}
  method: get
  operationId: InternalLightningNodeApi_GetPayment
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canuseinternallightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/server/lightning/{cryptoCode}/invoices/{id}
  method: get
  operationId: InternalLightningNodeApi_GetInvoice
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canviewlightninginvoiceinternalnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/server/lightning/{cryptoCode}/invoices/pay
  method: post
  operationId: InternalLightningNodeApi_PayInvoice
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.server.canuseinternallightningnode
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/server/lightning/{cryptoCode}/invoices
  method: get
  operationId: InternalLightningNodeApi_GetInvoices
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canviewlightninginvoiceinternalnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/server/lightning/{cryptoCode}/invoices
  method: post
  operationId: InternalLightningNodeApi_CreateInvoice
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.server.cancreatelightninginvoiceinternalnode
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/server/lightning/{cryptoCode}/payments
  method: get
  operationId: InternalLightningNodeApi_GetPayments
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.server.canuseinternallightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/info
  method: get
  operationId: StoreLightningNodeApi_GetInfo
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canuselightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/balance
  method: get
  operationId: StoreLightningNodeApi_GetBalance
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canuselightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/histogram
  method: get
  operationId: StoreLightningNodeApi_GetHistogram
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canuselightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/connect
  method: post
  operationId: StoreLightningNodeApi_ConnectToNode
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.cancreatelightninginvoice
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/channels
  method: get
  operationId: StoreLightningNodeApi_GetChannels
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.cancreatelightninginvoice
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/channels
  method: post
  operationId: StoreLightningNodeApi_OpenChannel
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.store.cancreatelightninginvoice
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/address
  method: post
  operationId: StoreLightningNodeApi_GetDepositAddress
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.cancreatelightninginvoice
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/payments/{paymentHash}
  method: get
  operationId: StoreLightningNodeApi_GetPayment
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canuselightningnode
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/invoices/{id}
  method: get
  operationId: StoreLightningNodeApi_GetInvoice
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewlightninginvoice
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/invoices/pay
  method: post
  operationId: StoreLightningNodeApi_PayInvoice
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.cancreatelightninginvoice
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/invoices
  method: get
  operationId: StoreLightningNodeApi_GetInvoices
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewlightninginvoice
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/invoices
  method: post
  operationId: StoreLightningNodeApi_CreateInvoice
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.server.cancreatelightninginvoiceinternalnode
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/stores/{storeId}/lightning/{cryptoCode}/payments
  method: get
  operationId: StoreLightningNodeApi_GetPayments
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.cancreatelightninginvoice
    token:
      max-ttl: 3600
    audit: none
- path: /misc/rate-sources
  method: get
  operationId: GetRateSources
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /misc/permissions
  method: get
  operationId: permissionsMetadata
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /misc/lang
  method: get
  operationId: langCodes
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /i/{invoiceId}
  method: get
  operationId: Invoice_Checkout
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/users/me/notifications
  method: get
  operationId: Notifications_GetNotifications
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.user.canmanagenotificationsforuser
    - btcpay.user.canviewnotificationsforuser
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/users/me/notifications/{id}
  method: get
  operationId: Notifications_GetNotification
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.user.canmanagenotificationsforuser
    - btcpay.user.canviewnotificationsforuser
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/users/me/notifications/{id}
  method: put
  operationId: Notifications_UpdateNotification
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.user.canmanagenotificationsforuser
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/users/me/notifications/{id}
  method: delete
  operationId: Notifications_DeleteNotification
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.user.canmanagenotificationsforuser
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/users/me/notification-settings
  method: get
  operationId: Notifications_GetNotificationSettings
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.user.canmanagenotificationsforuser
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/users/me/notification-settings
  method: put
  operationId: Notifications_UpdateNotificationSettings
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - btcpay.user.canmanagenotificationsforuser
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/stores/{storeId}/payment-requests
  method: get
  operationId: PaymentRequests_GetPaymentRequests
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewpaymentrequests
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/payment-requests
  method: post
  operationId: PaymentRequests_CreatePaymentRequest
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canmodifypaymentrequests
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/payment-requests/{paymentRequestId}
  method: get
  operationId: PaymentRequests_GetPaymentRequest
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewpaymentrequests
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/payment-requests/{paymentRequestId}
  method: delete
  operationId: PaymentRequests_ArchivePaymentRequest
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canmodifypaymentrequests
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/payment-requests/{paymentRequestId}
  method: put
  operationId: PaymentRequests_UpdatePaymentRequest
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canmodifypaymentrequests
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/payment-requests/{paymentRequestId}/pay
  method: post
  operationId: PaymentRequests_Pay
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canviewpaymentrequests
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/stores/{storeId}/payout-processors
  method: get
  operationId: StorePayoutProcessors_GetStorePayoutProcessors
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewstoresettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/payout-processors/{processor}/{paymentMethodId}
  method: delete
  operationId: StorePayoutProcessors_RemoveStorePayoutProcessor
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - btcpay.store.canmodifystoresettings
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /api/v1/payout-processors
  method: get
  operationId: PayoutProcessors_GetPayoutProcessors
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedPayoutSenderFactory/{paymentMethodId}
  method: get
  operationId: GreenfieldStoreAutomatedOnChainPayoutProcessorsController_GetStoreOnChainAutomatedPayoutProcessorsForPaymentMethod
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewstoresettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedPayoutSenderFactory/{paymentMethodId}
  method: put
  operationId: GreenfieldStoreAutomatedOnChainPayoutProcessorsController_UpdateStoreOnChainAutomatedPayoutProcessorForPaymentMethod
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - btcpay.store.canviewstoresettings
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /api/v1/stores/{storeId}/payout-processors/LightningAutomatedPayoutSenderFactory/{payoutMethodId}
  method: get
  operationId: GreenfieldStoreAutomatedLightningPayoutProcessorsController_GetStoreLightningAutomatedPayoutProcessorsForPaymentMethod
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - btcpay.store.canviewstoresettings
    token:
      max-ttl: 3600
    audit: none
- path: /api/v1/stores/{storeId}/payout-processors/LightningAutomatedPayoutSenderFactory/{payoutMethodId}
  method: put
  operationId: GreenfieldStoreAutomatedLightningPayoutProcessorsController_UpdateStoreLightningAutomatedPayoutProcessor
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - btcpay.store.canviewstoresettings
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /api/v1/stores/{storeId}/payout-processors/OnChainAutomatedTransferSenderFactory
  method: get
  operationId: GreenfieldStoreAutomatedOnChainPayoutProcessorsController_GetStoreOnChainAutomatedTransferSenderFactory
  x-agentic-access:
    action-c

# --- truncated at 32 KB (73 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/btcpay/refs/heads/main/agentic-access/btcpay-agentic-access.yml