Coveo Agentic Access
Coveo exposes 1018 API operations that an AI agent could call, of which 551 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 467 read, 528 write, 10 physical, and 13 safety-critical.
13 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /rest/organizations/{organizationId}/access/temporary/{temporaryAccessId} | safety-critical | required |
| PUT | /rest/organizations/{organizationId}/apikeys/disable/bulk | safety-critical | required |
| PUT | /rest/organizations/{organizationId}/apikeys/{apiKeyId}/disable | safety-critical | required |
| POST | /rest/organizations/{organizationId}/extensions/{extensionId}/disable | safety-critical | required |
| POST | /rest/organizations/{organizationId}/limits/reset/{sectionName}/{limitKey} | safety-critical | required |
| POST | /rest/organizations/{organizationId}/securitycache/disabled/enable | safety-critical | required |
| POST | /rest/organizations/{organizationId}/securitycache/{securityProviderId}/disabled/enable | safety-critical | required |
| POST | /rest/organizations/{organizationId}/sources/{sourceId}/disable | safety-critical | required |
| POST | /rest/organizations/{organizationId}/sources/{sourceId}/stopRefresh | safety-critical | required |
| PUT | /rest/organizations/{organizationId}/subscriptions/me/{subscriptionId}/disable | safety-critical | required |
| PUT | /rest/organizations/{organizationId}/subscriptions/{subscriptionId}/disable | safety-critical | required |
| DELETE | /rest/users/{username}/access/temporary/{temporaryAccessId} | safety-critical | required |
| POST | /v15/admin/snowflake/users/{snowflakeUser}/passwordreset | safety-critical | required |
| PUT | /rest/organizations/{organizationID}/pages/{pageID}/header | physical | conditional |
| PUT | /rest/organizations/{organizationId}/crawlingmodule/{crawlingModuleId} | physical | conditional |
| DELETE | /rest/organizations/{organizationId}/crawlingmodule/{crawlingModuleId} | physical | conditional |
| POST | /rest/organizations/{organizationId}/events/v1 | physical | conditional |
| POST | /rest/organizations/{organizationId}/launchprovisioning | physical | conditional |
| POST | /rest/organizations/{organizationId}/launchprovisioning | physical | conditional |
| POST | /rest/search/v2 | physical | conditional |
| POST | /rest/search/v2/facet | physical | conditional |
| POST | /rest/search/v3 | physical | conditional |
| POST | /rest/search/v3/facet | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/coveo-activity-openapi-original.yml, openapi/coveo-analytics-admin-openapi-original.yml,
openapi/coveo-authorization-openapi-original.yml, openapi/coveo-catalog-management-openapi-original.yml,
openapi/coveo-commerce-openapi-original.yml, openapi/coveo-connectivity-openapi-original.yml,
openapi/coveo-context-openapi-original.yml, openapi/coveo-customer-service-openapi-original.yml,
openapi/coveo-event-openapi-original.yml, openapi/coveo-extension-openapi-original.yml, openapi/coveo-field-openapi-original.yml,
openapi/coveo-knowledge-genai-openapi-original.yml, openapi/coveo-machine-learning-openapi-original.yml,
openapi/coveo-migration-openapi-original.yml, openapi/coveo-ml-config-openapi-original.yml,
openapi/coveo-notification-openapi-original.yml, openapi/coveo-organization-openapi-original.yml,
openapi/coveo-platform-openapi-original.yml, openapi/coveo-push-openapi-original.yml, openapi/coveo-schema-service-openapi-original.yml,
openapi/coveo-search-interface-openapi-original.yml, openapi/coveo-search-openapi-original.yml,
openapi/coveo-search-pages-openapi-original.yml, openapi/coveo-search-usage-metrics-openapi-original.yml,
openapi/coveo-security-cache-openapi-original.yml, openapi/coveo-source-logs-openapi-original.yml,
openapi/coveo-source-openapi-original.yml, openapi/coveo-tailgate-openapi-original.yml, openapi/coveo-usage-analytics-read-openapi-original.yml,
openapi/coveo-usage-analytics-write-openapi-original.yml, openapi/coveo-workspace-openapi-original.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 1018
by_action_class:
acting: 551
connected: 467
by_consequence:
write: 528
read: 467
safety-critical: 13
physical: 10
human_in_the_loop_required: 13
operations:
- path: /rest/organizations/{organizationId}/activities/public
method: post
operationId: getAllPublicActivitiesForOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/activities/latest
method: post
operationId: getLatestActivitiesForOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/activities/facets/public
method: post
operationId: getPublicActivitiesFacetsForOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/activities/{activityId}
method: get
operationId: getActivityById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/activities/resourcetypes
method: get
operationId: getActivityResourceTypes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/activities/resourcesandoperations
method: get
operationId: getResourceTypesAndCorrespondingOperations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/activities/operationtypes
method: get
operationId: getNonInternalActivityOperationTypes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties/{trackingId}
method: get
operationId: getProperty
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties/{trackingId}
method: put
operationId: updateProperty
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties/{trackingId}
method: post
operationId: createProperty
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties/{trackingId}
method: delete
operationId: deleteProperty
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties
method: get
operationId: listProperties
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/analyticsadmin/v1/properties
method: post
operationId: queryProperties
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/users/{username}
method: get
operationId: getUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/users/{username}
method: put
operationId: updateUserAdditionalInformation
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/saml/identityprovider
method: get
operationId: getIdentityProvider
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/saml/identityprovider
method: put
operationId: updateIdentityProvider
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/saml/identityprovider
method: post
operationId: createIdentityProvider
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/saml/identityprovider
method: delete
operationId: deleteIdentityProvider
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/realms/{realmId}
method: put
operationId: updateRealmsInGroups
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/members
method: get
operationId: getOrganizationMembers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/members
method: put
operationId: updateOrganizationMembers
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/members/{username}
method: get
operationId: getOrganizationMember
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/members/{username}
method: put
operationId: updateOrganizationMember
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/members/{username}
method: delete
operationId: deleteOrganizationMember
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}
method: get
operationId: getGroup
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}
method: put
operationId: updateGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}
method: delete
operationId: deleteGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/{sourceApiKeyId}/duplicate
method: put
operationId: duplicateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}
method: get
operationId: getApiKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}
method: put
operationId: updateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}
method: delete
operationId: deleteApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}/disable
method: put
operationId: disableApiKey
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}/activation/extend
method: put
operationId: extendActivation
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/{apiKeyId}/activate
method: put
operationId: activateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/disable/bulk
method: put
operationId: bulkDisableApiKey
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/activate/bulk
method: put
operationId: bulkActivateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/privilege/evaluate
method: post
operationId: evaluate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/privilege/evaluate/general-access
method: post
operationId: evaluateGeneralAccess
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/tokens
method: post
operationId: generatePlatformToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/realms
method: get
operationId: getOrganizationRealms
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/realms
method: post
operationId: addRealmsToGroups
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/privileges/token
method: get
operationId: getOrganizationMemberPrivileges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/privileges/token
method: post
operationId: getOrganizationMemberPrivilegesUsingPost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups
method: get
operationId: getGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups
method: post
operationId: createGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/realms
method: get
operationId: getGroupRealms
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/realms
method: post
operationId: addGroupRealm
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/members
method: get
operationId: getGroupMembers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/members
method: post
operationId: addGroupMember
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/invites
method: get
operationId: getInvites
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/invites
method: post
operationId: inviteMember
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/invites/decline
method: post
operationId: declineInvite
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/invites/accept
method: post
operationId: acceptInvite
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys
method: get
operationId: getApiKeys
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys
method: post
operationId: createApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/rotate
method: post
operationId: rotateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/apikeys/delete/bulk
method: post
operationId: bulkDeleteApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/users/{username}/realms
method: get
operationId: getAllExistingRealmsForUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/users/{username}/access/temporary
method: get
operationId: getUserTemporaryAccess
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/users/{username}/access/temporary/{temporaryAccessId}
method: get
operationId: getTemporaryAccess
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/users/{username}/access/temporary/{temporaryAccessId}
method: delete
operationId: revokeTemporaryAccess
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
scope:
- full
- path: /rest/users/{username}/access/temporary/inactive
method: get
operationId: getUserExpiredOrRevokedTemporaryAccess
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/users/{username}/access/temporary/expired
method: get
operationId: getUserExpiredTemporaryAccess
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/users/{username}/access/temporary/active
method: get
operationId: getUserActiveTemporaryAccess
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/tokens/certificates
method: get
operationId: getPublicCertificates
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/templates/apikeys
method: get
operationId: getOrganizationApiKeyTemplates
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/templates/apikeys/{organizationApiKeyTemplateId}
method: get
operationId: getOrganizationApiKeyTemplate
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/templates/apikeys/privileges/eligibility
method: get
operationId: getApiKeyTemplatesEligibility
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/saml/identityprovider/realms
method: get
operationId: getRealmsForSamlIdentityProvider
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/saml/enabled
method: get
operationId: isSamlIdentityProviderEnabled
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/saml/availables
method: get
operationId: getAvailableSamlIdentityProviders
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/privileges
method: get
operationId: getOrganizationPrivileges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/privileges/platformtokens
method: get
operationId: getPlatformTokenPrivileges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/privileges/me
method: get
operationId: getOrganizationMemberPrivileges_1
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/privileges/apikeys
method: get
operationId: getApiKeyPrivileges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/members/{username}/groups
method: get
operationId: getMemberGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/members/privileges
method: get
operationId: getOrganizationMemberPrivileges_2
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/invites
method: get
operationId: getOrganizationInvites
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/realms/{realmId}
method: get
operationId: getGroupRealm
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/realms/{realmId}
method: delete
operationId: deleteGroupRealm
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/privileges/exclusive/me
method: get
operationId: getGroupExclusivePrivileges
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/members/{username}
method: get
operationId: getGroupMember
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/groups/{groupId}/members/{username}
method: delete
operationId: deleteGroupMember
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/defaultgroups
method: get
operationId: getDefaultGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/access/temporary
method: get
operationId: getOrganizationTemporaryAccess
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/access/temporary/{temporaryAccessId}
method: get
operationId: getOrganizationTemporaryAccess_1
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/access/temporary/{temporaryAccessId}
method: delete
operationId: revokeTemporaryAccess_1
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
scope:
- full
- path: /rest/organizations/{organizationId}/access/temporary/users/{username}
method: get
operationId: getOrganizationTemporaryAccessForUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/access/temporary/expired
method: get
operationId: getOrganizationExpiredTemporaryAccess
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
scope:
- full
- path: /rest/organizations/{organizationId}/access/temporary/active
method: get
operationId: getOrganizationActiveTemporaryAccess
x-agentic-access:
action-class: connect
# --- truncated at 32 KB (346 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/coveo/refs/heads/main/agentic-access/coveo-agentic-access.yml