Coveo · Agentic Access

Coveo Agentic Access

x-agentic-access generated

Coveo exposes 1018 API operations that an AI agent could call, of which 551 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 467 read, 528 write, 10 physical, and 13 safety-critical.

13 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

AIAnalyticsCatalogCommerceCustomersExperiencesMachine LearningPersonalizationRecommendationsSearch
Operations: 1018 Acting: 551 Human-in-the-loop: 13 Method: generated

By consequence

read 467 write 528 physical 10 safety-critical 13

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
DELETE /rest/organizations/{organizationId}/access/temporary/{temporaryAccessId} safety-critical required
PUT /rest/organizations/{organizationId}/apikeys/disable/bulk safety-critical required
PUT /rest/organizations/{organizationId}/apikeys/{apiKeyId}/disable safety-critical required
POST /rest/organizations/{organizationId}/extensions/{extensionId}/disable safety-critical required
POST /rest/organizations/{organizationId}/limits/reset/{sectionName}/{limitKey} safety-critical required
POST /rest/organizations/{organizationId}/securitycache/disabled/enable safety-critical required
POST /rest/organizations/{organizationId}/securitycache/{securityProviderId}/disabled/enable safety-critical required
POST /rest/organizations/{organizationId}/sources/{sourceId}/disable safety-critical required
POST /rest/organizations/{organizationId}/sources/{sourceId}/stopRefresh safety-critical required
PUT /rest/organizations/{organizationId}/subscriptions/me/{subscriptionId}/disable safety-critical required
PUT /rest/organizations/{organizationId}/subscriptions/{subscriptionId}/disable safety-critical required
DELETE /rest/users/{username}/access/temporary/{temporaryAccessId} safety-critical required
POST /v15/admin/snowflake/users/{snowflakeUser}/passwordreset safety-critical required
PUT /rest/organizations/{organizationID}/pages/{pageID}/header physical conditional
PUT /rest/organizations/{organizationId}/crawlingmodule/{crawlingModuleId} physical conditional
DELETE /rest/organizations/{organizationId}/crawlingmodule/{crawlingModuleId} physical conditional
POST /rest/organizations/{organizationId}/events/v1 physical conditional
POST /rest/organizations/{organizationId}/launchprovisioning physical conditional
POST /rest/organizations/{organizationId}/launchprovisioning physical conditional
POST /rest/search/v2 physical conditional
POST /rest/search/v2/facet physical conditional
POST /rest/search/v3 physical conditional
POST /rest/search/v3/facet physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/coveo-activity-openapi-original.yml, openapi/coveo-analytics-admin-openapi-original.yml,
  openapi/coveo-authorization-openapi-original.yml, openapi/coveo-catalog-management-openapi-original.yml,
  openapi/coveo-commerce-openapi-original.yml, openapi/coveo-connectivity-openapi-original.yml,
  openapi/coveo-context-openapi-original.yml, openapi/coveo-customer-service-openapi-original.yml,
  openapi/coveo-event-openapi-original.yml, openapi/coveo-extension-openapi-original.yml, openapi/coveo-field-openapi-original.yml,
  openapi/coveo-knowledge-genai-openapi-original.yml, openapi/coveo-machine-learning-openapi-original.yml,
  openapi/coveo-migration-openapi-original.yml, openapi/coveo-ml-config-openapi-original.yml,
  openapi/coveo-notification-openapi-original.yml, openapi/coveo-organization-openapi-original.yml,
  openapi/coveo-platform-openapi-original.yml, openapi/coveo-push-openapi-original.yml, openapi/coveo-schema-service-openapi-original.yml,
  openapi/coveo-search-interface-openapi-original.yml, openapi/coveo-search-openapi-original.yml,
  openapi/coveo-search-pages-openapi-original.yml, openapi/coveo-search-usage-metrics-openapi-original.yml,
  openapi/coveo-security-cache-openapi-original.yml, openapi/coveo-source-logs-openapi-original.yml,
  openapi/coveo-source-openapi-original.yml, openapi/coveo-tailgate-openapi-original.yml, openapi/coveo-usage-analytics-read-openapi-original.yml,
  openapi/coveo-usage-analytics-write-openapi-original.yml, openapi/coveo-workspace-openapi-original.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 1018
  by_action_class:
    acting: 551
    connected: 467
  by_consequence:
    write: 528
    read: 467
    safety-critical: 13
    physical: 10
  human_in_the_loop_required: 13
operations:
- path: /rest/organizations/{organizationId}/activities/public
  method: post
  operationId: getAllPublicActivitiesForOrganization
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/activities/latest
  method: post
  operationId: getLatestActivitiesForOrganization
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/activities/facets/public
  method: post
  operationId: getPublicActivitiesFacetsForOrganization
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/activities/{activityId}
  method: get
  operationId: getActivityById
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/activities/resourcetypes
  method: get
  operationId: getActivityResourceTypes
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/activities/resourcesandoperations
  method: get
  operationId: getResourceTypesAndCorrespondingOperations
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/activities/operationtypes
  method: get
  operationId: getNonInternalActivityOperationTypes
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties/{trackingId}
  method: get
  operationId: getProperty
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties/{trackingId}
  method: put
  operationId: updateProperty
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties/{trackingId}
  method: post
  operationId: createProperty
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties/{trackingId}
  method: delete
  operationId: deleteProperty
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties
  method: get
  operationId: listProperties
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties
  method: post
  operationId: queryProperties
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/users/{username}
  method: get
  operationId: getUser
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/users/{username}
  method: put
  operationId: updateUserAdditionalInformation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/saml/identityprovider
  method: get
  operationId: getIdentityProvider
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/saml/identityprovider
  method: put
  operationId: updateIdentityProvider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/saml/identityprovider
  method: post
  operationId: createIdentityProvider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/saml/identityprovider
  method: delete
  operationId: deleteIdentityProvider
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/realms/{realmId}
  method: put
  operationId: updateRealmsInGroups
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/members
  method: get
  operationId: getOrganizationMembers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/members
  method: put
  operationId: updateOrganizationMembers
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/members/{username}
  method: get
  operationId: getOrganizationMember
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/members/{username}
  method: put
  operationId: updateOrganizationMember
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/members/{username}
  method: delete
  operationId: deleteOrganizationMember
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}
  method: get
  operationId: getGroup
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}
  method: put
  operationId: updateGroup
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}
  method: delete
  operationId: deleteGroup
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/{sourceApiKeyId}/duplicate
  method: put
  operationId: duplicateApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}
  method: get
  operationId: getApiKey
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}
  method: put
  operationId: updateApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}
  method: delete
  operationId: deleteApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}/disable
  method: put
  operationId: disableApiKey
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}/activation/extend
  method: put
  operationId: extendActivation
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}/activate
  method: put
  operationId: activateApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/disable/bulk
  method: put
  operationId: bulkDisableApiKey
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/activate/bulk
  method: put
  operationId: bulkActivateApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/privilege/evaluate
  method: post
  operationId: evaluate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/privilege/evaluate/general-access
  method: post
  operationId: evaluateGeneralAccess
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/tokens
  method: post
  operationId: generatePlatformToken
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/realms
  method: get
  operationId: getOrganizationRealms
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/realms
  method: post
  operationId: addRealmsToGroups
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/privileges/token
  method: get
  operationId: getOrganizationMemberPrivileges
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/privileges/token
  method: post
  operationId: getOrganizationMemberPrivilegesUsingPost
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups
  method: get
  operationId: getGroups
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups
  method: post
  operationId: createGroup
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/realms
  method: get
  operationId: getGroupRealms
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/realms
  method: post
  operationId: addGroupRealm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/members
  method: get
  operationId: getGroupMembers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/members
  method: post
  operationId: addGroupMember
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/invites
  method: get
  operationId: getInvites
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/invites
  method: post
  operationId: inviteMember
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/invites/decline
  method: post
  operationId: declineInvite
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/invites/accept
  method: post
  operationId: acceptInvite
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys
  method: get
  operationId: getApiKeys
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys
  method: post
  operationId: createApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/rotate
  method: post
  operationId: rotateApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/apikeys/delete/bulk
  method: post
  operationId: bulkDeleteApiKey
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/users/{username}/realms
  method: get
  operationId: getAllExistingRealmsForUser
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/users/{username}/access/temporary
  method: get
  operationId: getUserTemporaryAccess
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/users/{username}/access/temporary/{temporaryAccessId}
  method: get
  operationId: getTemporaryAccess
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/users/{username}/access/temporary/{temporaryAccessId}
  method: delete
  operationId: revokeTemporaryAccess
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
    scope:
    - full
- path: /rest/users/{username}/access/temporary/inactive
  method: get
  operationId: getUserExpiredOrRevokedTemporaryAccess
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/users/{username}/access/temporary/expired
  method: get
  operationId: getUserExpiredTemporaryAccess
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/users/{username}/access/temporary/active
  method: get
  operationId: getUserActiveTemporaryAccess
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/tokens/certificates
  method: get
  operationId: getPublicCertificates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/templates/apikeys
  method: get
  operationId: getOrganizationApiKeyTemplates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/templates/apikeys/{organizationApiKeyTemplateId}
  method: get
  operationId: getOrganizationApiKeyTemplate
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/templates/apikeys/privileges/eligibility
  method: get
  operationId: getApiKeyTemplatesEligibility
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/saml/identityprovider/realms
  method: get
  operationId: getRealmsForSamlIdentityProvider
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/saml/enabled
  method: get
  operationId: isSamlIdentityProviderEnabled
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/saml/availables
  method: get
  operationId: getAvailableSamlIdentityProviders
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/privileges
  method: get
  operationId: getOrganizationPrivileges
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/privileges/platformtokens
  method: get
  operationId: getPlatformTokenPrivileges
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/privileges/me
  method: get
  operationId: getOrganizationMemberPrivileges_1
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/privileges/apikeys
  method: get
  operationId: getApiKeyPrivileges
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/members/{username}/groups
  method: get
  operationId: getMemberGroups
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/members/privileges
  method: get
  operationId: getOrganizationMemberPrivileges_2
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/invites
  method: get
  operationId: getOrganizationInvites
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/realms/{realmId}
  method: get
  operationId: getGroupRealm
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/realms/{realmId}
  method: delete
  operationId: deleteGroupRealm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/privileges/exclusive/me
  method: get
  operationId: getGroupExclusivePrivileges
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/members/{username}
  method: get
  operationId: getGroupMember
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/groups/{groupId}/members/{username}
  method: delete
  operationId: deleteGroupMember
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/defaultgroups
  method: get
  operationId: getDefaultGroups
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/access/temporary
  method: get
  operationId: getOrganizationTemporaryAccess
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/access/temporary/{temporaryAccessId}
  method: get
  operationId: getOrganizationTemporaryAccess_1
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/access/temporary/{temporaryAccessId}
  method: delete
  operationId: revokeTemporaryAccess_1
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
    scope:
    - full
- path: /rest/organizations/{organizationId}/access/temporary/users/{username}
  method: get
  operationId: getOrganizationTemporaryAccessForUser
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/access/temporary/expired
  method: get
  operationId: getOrganizationExpiredTemporaryAccess
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
    scope:
    - full
- path: /rest/organizations/{organizationId}/access/temporary/active
  method: get
  operationId: getOrganizationActiveTemporaryAccess
  x-agentic-access:
    action-class: connect

# --- truncated at 32 KB (346 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/coveo/refs/heads/main/agentic-access/coveo-agentic-access.yml