CAMARA Project · Agentic Access

CAMARA Project Agentic Access

x-agentic-access generated

CAMARA Project exposes 49 API operations that an AI agent could call, of which 39 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 10 read, 30 write, 8 physical, and 1 safety-critical.

1 operation are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

API StandardsCAMARAGSMALinux FoundationNetwork APIsOpen APIOpen GatewayOpen SourceStandardsTelcoTelco API AllianceTelecomTelecommunications
Operations: 49 Acting: 39 Human-in-the-loop: 1 Method: generated

By consequence

read 10 write 30 physical 8 safety-critical 1

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
DELETE /qos-assignments/{assignmentId} safety-critical required
POST /payments physical conditional
POST /payments/prepare physical conditional
POST /payments/{paymentId}/cancel physical conditional
POST /payments/{paymentId}/confirm physical conditional
POST /payments/{paymentId}/validate physical conditional
POST /qos-assignments physical conditional
POST /send-code physical conditional
POST /short-message physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/call-forwarding-signal-openapi.yml, openapi/carrier-billing-openapi.yml, openapi/connectivity-insights-openapi.yml,
  openapi/device-location-geofencing-openapi.yml, openapi/device-location-retrieval-openapi.yml,
  openapi/device-location-verification-openapi.yml, openapi/device-status-connected-network-type-openapi.yml,
  openapi/device-status-reachability-openapi.yml, openapi/device-status-roaming-openapi.yml,
  openapi/device-swap-openapi.yml, openapi/home-devices-qod-openapi.yml, openapi/kyc-age-verification-openapi.yml,
  openapi/kyc-fill-in-openapi.yml, openapi/kyc-match-openapi.yml, openapi/number-verification-openapi.yml,
  openapi/one-time-password-sms-openapi.yml, openapi/population-density-data-openapi.yml, openapi/qos-profiles-openapi.yml,
  openapi/qos-provisioning-openapi.yml, openapi/quality-on-demand-openapi.yml, openapi/sim-swap-openapi.yml,
  openapi/sim-swap-subscriptions-openapi.yml, openapi/simple-edge-discovery-openapi.yml, openapi/sms-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 49
  by_action_class:
    acting: 39
    connected: 10
  by_consequence:
    write: 30
    physical: 8
    read: 10
    safety-critical: 1
  human_in_the_loop_required: 1
operations:
- path: /unconditional-call-forwardings
  method: post
  operationId: retrieveUnconditionalCallForwarding
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - call-forwarding-signal:unconditional-call-forwardings:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /call-forwardings
  method: post
  operationId: retrieveCallForwarding
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - call-forwarding-signal:call-forwardings:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /payments
  method: post
  operationId: createPayment
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - carrier-billing:payments:create
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /payments
  method: get
  operationId: retrievePayments
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - carrier-billing:payments:read
    token:
      max-ttl: 3600
    audit: none
- path: /payments/{paymentId}
  method: get
  operationId: retrievePayment
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - carrier-billing:payments:read
    token:
      max-ttl: 3600
    audit: none
- path: /payments/prepare
  method: post
  operationId: preparePayment
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - carrier-billing:payments:create
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /payments/{paymentId}/validate
  method: post
  operationId: validatePayment
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - carrier-billing:payments:write
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /payments/{paymentId}/confirm
  method: post
  operationId: confirmPayment
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - carrier-billing:payments:write
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /payments/{paymentId}/cancel
  method: post
  operationId: cancelPayment
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - carrier-billing:payments:write
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /check-network-quality
  method: post
  operationId: checkNetworkQuality
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - connectivity-insights:check
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /subscriptions
  method: post
  operationId: createGeofencingSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - geofencing-subscriptions:org.camaraproject.geofencing-subscriptions.v0.area-entered:create
    - geofencing-subscriptions:org.camaraproject.geofencing-subscriptions.v0.area-left:create
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /subscriptions
  method: get
  operationId: retrieveGeofencingSubscriptionList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - geofencing-subscriptions:read
    token:
      max-ttl: 3600
    audit: none
- path: /subscriptions/{subscriptionId}
  method: get
  operationId: retrieveGeofencingSubscription
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - geofencing-subscriptions:read
    token:
      max-ttl: 3600
    audit: none
- path: /subscriptions/{subscriptionId}
  method: delete
  operationId: deleteGeofencingSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - geofencing-subscriptions:delete
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve
  method: post
  operationId: retrieveLocation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - location-retrieval:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /verify
  method: post
  operationId: verifyLocation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - location-verification:verify
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve
  method: post
  operationId: getConnectedNetworkType
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - connected-network-type:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve
  method: post
  operationId: getReachabilityStatus
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - device-reachability-status:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve
  method: post
  operationId: getRoamingStatus
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - device-roaming-status:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve-date
  method: post
  operationId: retrieveDeviceSwapDate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - device-swap
    - device-swap:retrieve-date
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /check
  method: post
  operationId: checkDeviceSwap
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - device-swap
    - device-swap:check
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /qos
  method: put
  operationId: setQos
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - home-devices-qod:qos:write
- path: /verify
  method: post
  operationId: verifyAge
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - kyc-age-verification:verify
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /fill-in
  method: post
  operationId: KYC_Fill-in
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - kyc-fill-in:address
    - kyc-fill-in:birthdate
    - kyc-fill-in:country
    - kyc-fill-in:email
    - kyc-fill-in:familyName
    - kyc-fill-in:familyNameAtBirth
    - kyc-fill-in:gender
    - kyc-fill-in:givenName
    - kyc-fill-in:houseNumberExtension
    - kyc-fill-in:idDocument
    - kyc-fill-in:locality
    - kyc-fill-in:middleNames
    - kyc-fill-in:name
    - kyc-fill-in:nameKanaHankaku
    - kyc-fill-in:nameKanaZenkaku
    - kyc-fill-in:phoneNumber
    - kyc-fill-in:postalCode
    - kyc-fill-in:region
    - kyc-fill-in:set-all
    - kyc-fill-in:streetName
    - kyc-fill-in:streetNumber
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /match
  method: post
  operationId: KYC_Match
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - kyc-match:match
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /verify
  method: post
  operationId: phoneNumberVerify
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - number-verification:verify
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /device-phone-number
  method: get
  operationId: phoneNumberShare
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - number-verification:device-phone-number:read
    token:
      max-ttl: 3600
    audit: none
- path: /send-code
  method: post
  operationId: sendCode
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - one-time-password-sms:send-validate
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /validate-code
  method: post
  operationId: validateCode
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - one-time-password-sms:send-validate
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve
  method: post
  operationId: retrievePopulationDensity
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - population-density-data:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve-qos-profiles
  method: post
  operationId: retrieveQoSProfiles
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - qos-profiles:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /qos-profiles/{name}
  method: get
  operationId: getQosProfile
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - qos-profiles:read
    token:
      max-ttl: 3600
    audit: none
- path: /qos-assignments
  method: post
  operationId: createQosAssignment
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - qos-provisioning:qos-assignments:create
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /qos-assignments/{assignmentId}
  method: get
  operationId: getQosAssignmentById
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - qos-provisioning:qos-assignments:read
    token:
      max-ttl: 3600
    audit: none
- path: /qos-assignments/{assignmentId}
  method: delete
  operationId: revokeQosAssignment
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    scope:
    - qos-provisioning:qos-assignments:delete
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /retrieve-qos-assignment
  method: post
  operationId: getQosAssignmentByDevice
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - qos-provisioning:qos-assignments:read-by-device
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /sessions
  method: post
  operationId: createSession
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - quality-on-demand:sessions:create
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /sessions/{sessionId}
  method: get
  operationId: getSession
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - quality-on-demand:sessions:read
    token:
      max-ttl: 3600
    audit: none
- path: /sessions/{sessionId}
  method: delete
  operationId: deleteSession
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - quality-on-demand:sessions:delete
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /sessions/{sessionId}/extend
  method: post
  operationId: extendQosSessionDuration
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - quality-on-demand:sessions:update
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve-sessions
  method: post
  operationId: retrieveSessionsByDevice
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - quality-on-demand:sessions:retrieve-by-device
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve-date
  method: post
  operationId: retrieveSimSwapDate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - sim-swap
    - sim-swap:retrieve-date
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /check
  method: post
  operationId: checkSimSwap
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - sim-swap
    - sim-swap:check
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /subscriptions
  method: post
  operationId: createSimSwapSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - sim-swap-subscriptions:org.camaraproject.sim-swap-subscriptions.v0.swapped:create
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /subscriptions
  method: get
  operationId: retrieveSubscriptionList
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - sim-swap-subscriptions:read
    token:
      max-ttl: 3600
    audit: none
- path: /subscriptions/{subscriptionId}
  method: get
  operationId: retrieveSubscription
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - sim-swap-subscriptions:read
    token:
      max-ttl: 3600
    audit: none
- path: /subscriptions/{subscriptionId}
  method: delete
  operationId: deleteSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - sim-swap-subscriptions:delete
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /retrieve-closest-edge-cloud-zone
  method: post
  operationId: readClosestEdgeCloudZone
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - simple-edge-discovery:read
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /short-message
  method: post
  operationId: send-sms
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    scope:
    - send-sms:short-message
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required