CAMARA Project Agentic Access
CAMARA Project exposes 49 API operations that an AI agent could call, of which 39 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 10 read, 30 write, 8 physical, and 1 safety-critical.
1 operation are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /qos-assignments/{assignmentId} | safety-critical | required |
| POST | /payments | physical | conditional |
| POST | /payments/prepare | physical | conditional |
| POST | /payments/{paymentId}/cancel | physical | conditional |
| POST | /payments/{paymentId}/confirm | physical | conditional |
| POST | /payments/{paymentId}/validate | physical | conditional |
| POST | /qos-assignments | physical | conditional |
| POST | /send-code | physical | conditional |
| POST | /short-message | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/call-forwarding-signal-openapi.yml, openapi/carrier-billing-openapi.yml, openapi/connectivity-insights-openapi.yml,
openapi/device-location-geofencing-openapi.yml, openapi/device-location-retrieval-openapi.yml,
openapi/device-location-verification-openapi.yml, openapi/device-status-connected-network-type-openapi.yml,
openapi/device-status-reachability-openapi.yml, openapi/device-status-roaming-openapi.yml,
openapi/device-swap-openapi.yml, openapi/home-devices-qod-openapi.yml, openapi/kyc-age-verification-openapi.yml,
openapi/kyc-fill-in-openapi.yml, openapi/kyc-match-openapi.yml, openapi/number-verification-openapi.yml,
openapi/one-time-password-sms-openapi.yml, openapi/population-density-data-openapi.yml, openapi/qos-profiles-openapi.yml,
openapi/qos-provisioning-openapi.yml, openapi/quality-on-demand-openapi.yml, openapi/sim-swap-openapi.yml,
openapi/sim-swap-subscriptions-openapi.yml, openapi/simple-edge-discovery-openapi.yml, openapi/sms-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 49
by_action_class:
acting: 39
connected: 10
by_consequence:
write: 30
physical: 8
read: 10
safety-critical: 1
human_in_the_loop_required: 1
operations:
- path: /unconditional-call-forwardings
method: post
operationId: retrieveUnconditionalCallForwarding
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- call-forwarding-signal:unconditional-call-forwardings:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /call-forwardings
method: post
operationId: retrieveCallForwarding
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- call-forwarding-signal:call-forwardings:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments
method: post
operationId: createPayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:create
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments
method: get
operationId: retrievePayments
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- carrier-billing:payments:read
token:
max-ttl: 3600
audit: none
- path: /payments/{paymentId}
method: get
operationId: retrievePayment
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- carrier-billing:payments:read
token:
max-ttl: 3600
audit: none
- path: /payments/prepare
method: post
operationId: preparePayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:create
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments/{paymentId}/validate
method: post
operationId: validatePayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments/{paymentId}/confirm
method: post
operationId: confirmPayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments/{paymentId}/cancel
method: post
operationId: cancelPayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /check-network-quality
method: post
operationId: checkNetworkQuality
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- connectivity-insights:check
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: post
operationId: createGeofencingSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- geofencing-subscriptions:org.camaraproject.geofencing-subscriptions.v0.area-entered:create
- geofencing-subscriptions:org.camaraproject.geofencing-subscriptions.v0.area-left:create
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: get
operationId: retrieveGeofencingSubscriptionList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- geofencing-subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: get
operationId: retrieveGeofencingSubscription
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- geofencing-subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: delete
operationId: deleteGeofencingSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- geofencing-subscriptions:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve
method: post
operationId: retrieveLocation
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- location-retrieval:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /verify
method: post
operationId: verifyLocation
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- location-verification:verify
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve
method: post
operationId: getConnectedNetworkType
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- connected-network-type:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve
method: post
operationId: getReachabilityStatus
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- device-reachability-status:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve
method: post
operationId: getRoamingStatus
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- device-roaming-status:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve-date
method: post
operationId: retrieveDeviceSwapDate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- device-swap
- device-swap:retrieve-date
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /check
method: post
operationId: checkDeviceSwap
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- device-swap
- device-swap:check
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /qos
method: put
operationId: setQos
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- home-devices-qod:qos:write
- path: /verify
method: post
operationId: verifyAge
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- kyc-age-verification:verify
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /fill-in
method: post
operationId: KYC_Fill-in
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- kyc-fill-in:address
- kyc-fill-in:birthdate
- kyc-fill-in:country
- kyc-fill-in:email
- kyc-fill-in:familyName
- kyc-fill-in:familyNameAtBirth
- kyc-fill-in:gender
- kyc-fill-in:givenName
- kyc-fill-in:houseNumberExtension
- kyc-fill-in:idDocument
- kyc-fill-in:locality
- kyc-fill-in:middleNames
- kyc-fill-in:name
- kyc-fill-in:nameKanaHankaku
- kyc-fill-in:nameKanaZenkaku
- kyc-fill-in:phoneNumber
- kyc-fill-in:postalCode
- kyc-fill-in:region
- kyc-fill-in:set-all
- kyc-fill-in:streetName
- kyc-fill-in:streetNumber
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /match
method: post
operationId: KYC_Match
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- kyc-match:match
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /verify
method: post
operationId: phoneNumberVerify
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- number-verification:verify
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /device-phone-number
method: get
operationId: phoneNumberShare
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- number-verification:device-phone-number:read
token:
max-ttl: 3600
audit: none
- path: /send-code
method: post
operationId: sendCode
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- one-time-password-sms:send-validate
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /validate-code
method: post
operationId: validateCode
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- one-time-password-sms:send-validate
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve
method: post
operationId: retrievePopulationDensity
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- population-density-data:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve-qos-profiles
method: post
operationId: retrieveQoSProfiles
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- qos-profiles:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /qos-profiles/{name}
method: get
operationId: getQosProfile
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- qos-profiles:read
token:
max-ttl: 3600
audit: none
- path: /qos-assignments
method: post
operationId: createQosAssignment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- qos-provisioning:qos-assignments:create
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /qos-assignments/{assignmentId}
method: get
operationId: getQosAssignmentById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- qos-provisioning:qos-assignments:read
token:
max-ttl: 3600
audit: none
- path: /qos-assignments/{assignmentId}
method: delete
operationId: revokeQosAssignment
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- qos-provisioning:qos-assignments:delete
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /retrieve-qos-assignment
method: post
operationId: getQosAssignmentByDevice
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- qos-provisioning:qos-assignments:read-by-device
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions
method: post
operationId: createSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- quality-on-demand:sessions:create
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions/{sessionId}
method: get
operationId: getSession
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- quality-on-demand:sessions:read
token:
max-ttl: 3600
audit: none
- path: /sessions/{sessionId}
method: delete
operationId: deleteSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- quality-on-demand:sessions:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions/{sessionId}/extend
method: post
operationId: extendQosSessionDuration
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- quality-on-demand:sessions:update
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve-sessions
method: post
operationId: retrieveSessionsByDevice
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- quality-on-demand:sessions:retrieve-by-device
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve-date
method: post
operationId: retrieveSimSwapDate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap
- sim-swap:retrieve-date
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /check
method: post
operationId: checkSimSwap
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap
- sim-swap:check
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: post
operationId: createSimSwapSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap-subscriptions:org.camaraproject.sim-swap-subscriptions.v0.swapped:create
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: get
operationId: retrieveSubscriptionList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- sim-swap-subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: get
operationId: retrieveSubscription
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- sim-swap-subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: delete
operationId: deleteSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap-subscriptions:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve-closest-edge-cloud-zone
method: post
operationId: readClosestEdgeCloudZone
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- simple-edge-discovery:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /short-message
method: post
operationId: send-sms
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- send-sms:short-message
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required