Clerk Agentic Access
Clerk exposes 426 API operations that an AI agent could call, of which 273 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 153 read, 227 write, 30 physical, and 16 safety-critical.
16 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| POST | /actor_tokens/{actor_token_id}/revoke | safety-critical | required |
| POST | /agents/tasks/{agent_task_id}/revoke | safety-critical | required |
| POST | /api_keys/{apiKeyID}/revoke | safety-critical | required |
| POST | /api_keys/{apiKeyID}/revoke | safety-critical | required |
| POST | /invitations/{invitation_id}/revoke | safety-critical | required |
| POST | /m2m_tokens/{m2m_token_id}/revoke | safety-critical | required |
| POST | /oauth/token/revoke | safety-critical | required |
| POST | /organizations/{organization_id}/invitations/{invitation_id}/revoke | safety-critical | required |
| POST | /sessions/{session_id}/revoke | safety-critical | required |
| POST | /sign_in_tokens/{sign_in_token_id}/revoke | safety-critical | required |
| DELETE | /users/{user_id}/backup_code | safety-critical | required |
| DELETE | /users/{user_id}/mfa | safety-critical | required |
| POST | /v1/client/sign_ins/{sign_in_id}/reset_password | safety-critical | required |
| DELETE | /v1/me/external_accounts/{external_account_id}/tokens | safety-critical | required |
| POST | /v1/me/sessions/{session_id}/revoke | safety-critical | required |
| POST | /v1/organizations/{organization_id}/invitations/{invitation_id}/revoke | safety-critical | required |
| POST | /organizations/{organization_id}/invitations | physical | conditional |
| POST | /organizations/{organization_id}/invitations/bulk | physical | conditional |
| POST | /organizations/{organization_id}/memberships | physical | conditional |
| PATCH | /organizations/{organization_id}/memberships/{user_id} | physical | conditional |
| DELETE | /organizations/{organization_id}/memberships/{user_id} | physical | conditional |
| PATCH | /organizations/{organization_id}/memberships/{user_id}/metadata | physical | conditional |
| POST | /platform/applications/{applicationID}/transfers | physical | conditional |
| DELETE | /platform/applications/{applicationID}/transfers/{transferID} | physical | conditional |
| POST | /v1/me/billing/checkouts | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/clerk-backend-api-openapi.yml, openapi/clerk-frontend-api-openapi.yml, openapi/clerk-platform-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 426
by_action_class:
connected: 153
acting: 273
by_consequence:
read: 153
write: 227
safety-critical: 16
physical: 30
human_in_the_loop_required: 16
operations:
- path: /public/interstitial
method: get
operationId: GetPublicInterstitial
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /jwks
method: get
operationId: GetJWKS
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /clients
method: get
operationId: GetClientList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /clients/verify
method: post
operationId: VerifyClient
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /clients/{client_id}
method: get
operationId: GetClient
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /email_addresses
method: post
operationId: CreateEmailAddress
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /email_addresses/{email_address_id}
method: get
operationId: GetEmailAddress
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /email_addresses/{email_address_id}
method: delete
operationId: DeleteEmailAddress
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /email_addresses/{email_address_id}
method: patch
operationId: UpdateEmailAddress
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /phone_numbers
method: post
operationId: CreatePhoneNumber
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /phone_numbers/{phone_number_id}
method: get
operationId: GetPhoneNumber
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /phone_numbers/{phone_number_id}
method: delete
operationId: DeletePhoneNumber
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /phone_numbers/{phone_number_id}
method: patch
operationId: UpdatePhoneNumber
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions
method: get
operationId: GetSessionList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /sessions
method: post
operationId: createSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions/{session_id}
method: get
operationId: GetSession
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /sessions/{session_id}/refresh
method: post
operationId: RefreshSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions/{session_id}/revoke
method: post
operationId: RevokeSession
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /sessions/{session_id}/tokens
method: post
operationId: CreateSessionToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions/{session_id}/tokens/{template_name}
method: post
operationId: CreateSessionTokenFromTemplate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /templates/{template_type}
method: get
operationId: GetTemplateList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /templates/{template_type}/{slug}
method: get
operationId: GetTemplate
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /templates/{template_type}/{slug}
method: put
operationId: UpsertTemplate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /templates/{template_type}/{slug}/revert
method: post
operationId: RevertTemplate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /templates/{template_type}/{slug}/preview
method: post
operationId: PreviewTemplate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /templates/{template_type}/{slug}/toggle_delivery
method: post
operationId: ToggleTemplateDelivery
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users
method: get
operationId: GetUserList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users
method: post
operationId: CreateUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/count
method: get
operationId: GetUsersCount
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users/{user_id}
method: get
operationId: GetUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users/{user_id}
method: patch
operationId: UpdateUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}
method: delete
operationId: DeleteUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/ban
method: post
operationId: BanUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/unban
method: post
operationId: UnbanUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/ban
method: post
operationId: UsersBan
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/unban
method: post
operationId: UsersUnban
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/lock
method: post
operationId: LockUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/unlock
method: post
operationId: UnlockUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/profile_image
method: post
operationId: SetUserProfileImage
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/profile_image
method: delete
operationId: DeleteUserProfileImage
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/metadata
method: patch
operationId: UpdateUserMetadata
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/billing/subscription
method: get
operationId: GetUserBillingSubscription
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users/{user_id}/billing/credits
method: get
operationId: GetUserBillingCreditBalance
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users/{user_id}/billing/credits
method: post
operationId: AdjustUserBillingCreditBalance
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/oauth_access_tokens/{provider}
method: get
operationId: GetOAuthAccessToken
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users/{user_id}/organization_memberships
method: get
operationId: UsersGetOrganizationMemberships
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users/{user_id}/organization_invitations
method: get
operationId: UsersGetOrganizationInvitations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /users/{user_id}/verify_password
method: post
operationId: VerifyPassword
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/verify_totp
method: post
operationId: VerifyTOTP
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/mfa
method: delete
operationId: DisableMFA
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /users/{user_id}/backup_code
method: delete
operationId: DeleteBackupCode
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /users/{user_id}/passkeys/{passkey_identification_id}
method: delete
operationId: UserPasskeyDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/web3_wallets/{web3_wallet_identification_id}
method: delete
operationId: UserWeb3WalletDelete
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/totp
method: delete
operationId: DeleteTOTP
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/external_accounts/{external_account_id}
method: delete
operationId: DeleteExternalAccount
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/password/set_compromised
method: post
operationId: SetUserPasswordCompromised
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /users/{user_id}/password/unset_compromised
method: post
operationId: UnsetUserPasswordCompromised
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /invitations
method: post
operationId: CreateInvitation
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /invitations
method: get
operationId: ListInvitations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /invitations/bulk
method: post
operationId: CreateBulkInvitations
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /invitations/{invitation_id}/revoke
method: post
operationId: RevokeInvitation
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /organization_invitations
method: get
operationId: ListInstanceOrganizationInvitations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /allowlist_identifiers
method: get
operationId: ListAllowlistIdentifiers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /allowlist_identifiers
method: post
operationId: CreateAllowlistIdentifier
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /allowlist_identifiers/{identifier_id}
method: delete
operationId: DeleteAllowlistIdentifier
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /blocklist_identifiers
method: get
operationId: ListBlocklistIdentifiers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /blocklist_identifiers
method: post
operationId: CreateBlocklistIdentifier
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /blocklist_identifiers/{identifier_id}
method: delete
operationId: DeleteBlocklistIdentifier
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /beta_features/instance_settings
method: patch
operationId: UpdateInstanceAuthConfig
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /beta_features/domain
method: put
operationId: UpdateProductionInstanceDomain
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actor_tokens
method: post
operationId: CreateActorToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /actor_tokens/{actor_token_id}/revoke
method: post
operationId: RevokeActorToken
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /domains
method: get
operationId: ListDomains
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /domains
method: post
operationId: AddDomain
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /domains/{domain_id}
method: delete
operationId: DeleteDomain
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /domains/{domain_id}
method: patch
operationId: UpdateDomain
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /instance
method: get
operationId: GetInstance
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /instance
method: patch
operationId: UpdateInstance
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /instance/restrictions
method: patch
operationId: UpdateInstanceRestrictions
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /instance/protect
method: get
operationId: GetInstanceProtect
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /instance/protect
method: patch
operationId: UpdateInstanceProtect
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /instance/communication
method: get
operationId: GetInstanceCommunication
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /instance/communication
method: patch
operationId: UpdateInstanceCommunication
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /instance/oauth_application_settings
method: get
operationId: GetInstanceOAuthApplicationSettings
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /instance/oauth_application_settings
method: patch
operationId: UpdateInstanceOAuthApplicationSettings
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /instance/change_domain
method: post
operationId: ChangeProductionInstanceDomain
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /instance/organization_settings
method: get
operationId: GetInstanceOrganizationSettings
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /instance/organization_settings
method: patch
operationId: UpdateInstanceOrganizationSettings
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /webhooks/svix
method: post
operationId: CreateSvixApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /webhooks/svix
method: delete
operationId: DeleteSvixApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /webhooks/svix_url
method: post
operationId: GenerateSvixAuthURL
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /jwt_templates
method: get
operationId: ListJWTTemplates
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /jwt_templates
method: post
operationId: CreateJWTTemplate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /jwt_templates/{template_id}
method: get
operationId: GetJWTTemplate
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /jwt_templates/{template_id}
method: patch
operationId: UpdateJWTTemplate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /jwt_templates/{template_id}
method: delete
operationId: DeleteJWTTemplate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /machines
method: get
operationId: ListMachines
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /machines
method: post
operationId: CreateMachine
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /machines/{machine_id}
method: get
operationId: GetMachine
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /machines/{machine_id}
method: patch
operationId: UpdateMachine
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /machines/{machine_id}
method: delete
operationId: DeleteMachine
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /machines/{machine_id}/secret_key
method: get
operationId: GetMachineSecretKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /machines/{machine_id}/secret_key/rotate
method: post
operationId: RotateMachineSecretKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /machines/{machine_id}/scopes
method: post
operationId: CreateMachineScope
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
# --- truncated at 32 KB (133 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/clerk-com/refs/heads/main/agentic-access/clerk-com-agentic-access.yml