Datadog Agentic Access
Datadog exposes 558 API operations that an AI agent could call, of which 324 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 234 read, 298 write, 22 physical, and 4 safety-critical.
4 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /api/v2/logs/config/archives/{archive_id}/readers | safety-critical | required |
| DELETE | /api/v2/logs/config/restriction_queries/{restriction_query_id}/roles | safety-critical | required |
| DELETE | /api/v2/roles/{role_id}/permissions | safety-critical | required |
| DELETE | /api/v2/users/{user_id} | safety-critical | required |
| PUT | /api/v2/apm/config/retention-filters-execution-order | physical | conditional |
| DELETE | /api/v2/app-builder/apps/{app_id}/deployment | physical | conditional |
| POST | /api/v2/app-builder/apps/{app_id}/deployment | physical | conditional |
| POST | /api/v2/ci/pipeline | physical | conditional |
| POST | /api/v2/dora/deployment | physical | conditional |
| POST | /api/v2/dora/deployments | physical | conditional |
| POST | /api/v2/dora/incident | physical | conditional |
| POST | /api/v2/incidents/{incident_id}/relationships/integrations | physical | conditional |
| DELETE | /api/v2/incidents/{incident_id}/relationships/integrations/{integration_metadata_id} | physical | conditional |
| PATCH | /api/v2/incidents/{incident_id}/relationships/integrations/{integration_metadata_id} | physical | conditional |
| POST | /api/v2/incidents/{incident_id}/relationships/todos | physical | conditional |
| DELETE | /api/v2/incidents/{incident_id}/relationships/todos/{todo_id} | physical | conditional |
| PATCH | /api/v2/incidents/{incident_id}/relationships/todos/{todo_id} | physical | conditional |
| POST | /api/v2/logs | physical | conditional |
| POST | /api/v2/logs | physical | conditional |
| PUT | /api/v2/logs/config/archive-order | physical | conditional |
| PATCH | /api/v2/rum/applications/{app_id}/relationships/retention_filters | physical | conditional |
| PATCH | /api/v2/sensitive-data-scanner/config | physical | conditional |
| POST | /api/v2/team/{team_id}/memberships | physical | conditional |
| DELETE | /api/v2/team/{team_id}/memberships/{user_id} | physical | conditional |
| PATCH | /api/v2/team/{team_id}/memberships/{user_id} | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/datadog-api-openapi.yml, openapi/datadog-events-openapi.yml, openapi/datadog-incidents-openapi.yml,
openapi/datadog-logs-openapi.yml, openapi/datadog-metrics-openapi.yml, openapi/datadog-monitors-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 558
by_action_class:
acting: 324
connected: 234
by_consequence:
write: 298
read: 234
physical: 22
safety-critical: 4
human_in_the_loop_required: 4
operations:
- path: /api/v2/actions/connections
method: post
operationId: CreateActionConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/actions/connections/{connection_id}
method: delete
operationId: DeleteActionConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/actions/connections/{connection_id}
method: get
operationId: GetActionConnection
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/actions/connections/{connection_id}
method: patch
operationId: UpdateActionConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/agentless_scanning/accounts/aws
method: get
operationId: ListAwsScanOptions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/agentless_scanning/accounts/aws
method: post
operationId: CreateAwsScanOptions
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/agentless_scanning/accounts/aws/{account_id}
method: delete
operationId: DeleteAwsScanOptions
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/agentless_scanning/accounts/aws/{account_id}
method: patch
operationId: UpdateAwsScanOptions
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/agentless_scanning/ondemand/aws
method: get
operationId: ListAwsOnDemandTasks
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/agentless_scanning/ondemand/aws
method: post
operationId: CreateAwsOnDemandTask
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/agentless_scanning/ondemand/aws/{task_id}
method: get
operationId: GetAwsOnDemandTask
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/api_keys
method: get
operationId: ListAPIKeys
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/api_keys
method: post
operationId: CreateAPIKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/api_keys/{api_key_id}
method: delete
operationId: DeleteAPIKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/api_keys/{api_key_id}
method: get
operationId: GetAPIKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/api_keys/{api_key_id}
method: patch
operationId: UpdateAPIKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apicatalog/api
method: get
operationId: ListAPIs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- apm_api_catalog_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/apicatalog/api/{id}
method: delete
operationId: DeleteOpenAPI
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- apm_api_catalog_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apicatalog/api/{id}/openapi
method: get
operationId: GetOpenAPI
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- apm_api_catalog_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/apicatalog/api/{id}/openapi
method: put
operationId: UpdateOpenAPI
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- apm_api_catalog_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apicatalog/openapi
method: post
operationId: CreateOpenAPI
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- apm_api_catalog_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apm/config/metrics
method: get
operationId: ListSpansMetrics
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/apm/config/metrics
method: post
operationId: CreateSpansMetric
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apm/config/metrics/{metric_id}
method: delete
operationId: DeleteSpansMetric
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apm/config/metrics/{metric_id}
method: get
operationId: GetSpansMetric
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/apm/config/metrics/{metric_id}
method: patch
operationId: UpdateSpansMetric
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apm/config/retention-filters
method: get
operationId: ListApmRetentionFilters
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/apm/config/retention-filters
method: post
operationId: CreateApmRetentionFilter
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apm/config/retention-filters-execution-order
method: put
operationId: ReorderApmRetentionFilters
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apm/config/retention-filters/{filter_id}
method: delete
operationId: DeleteApmRetentionFilter
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/apm/config/retention-filters/{filter_id}
method: get
operationId: GetApmRetentionFilter
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/apm/config/retention-filters/{filter_id}
method: put
operationId: UpdateApmRetentionFilter
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/app-builder/apps
method: delete
operationId: DeleteApps
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/app-builder/apps
method: get
operationId: ListApps
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/app-builder/apps
method: post
operationId: CreateApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/app-builder/apps/{app_id}
method: delete
operationId: DeleteApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/app-builder/apps/{app_id}
method: get
operationId: GetApp
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/app-builder/apps/{app_id}
method: patch
operationId: UpdateApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/app-builder/apps/{app_id}/deployment
method: delete
operationId: UnpublishApp
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/app-builder/apps/{app_id}/deployment
method: post
operationId: PublishApp
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/application_keys
method: get
operationId: ListApplicationKeys
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/application_keys/{app_key_id}
method: delete
operationId: DeleteApplicationKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/application_keys/{app_key_id}
method: get
operationId: GetApplicationKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/application_keys/{app_key_id}
method: patch
operationId: UpdateApplicationKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/audit/events
method: get
operationId: ListAuditLogs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/audit/events/search
method: post
operationId: SearchAuditLogs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/authn_mappings
method: get
operationId: ListAuthNMappings
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/authn_mappings
method: post
operationId: CreateAuthNMapping
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/authn_mappings/{authn_mapping_id}
method: delete
operationId: DeleteAuthNMapping
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/authn_mappings/{authn_mapping_id}
method: get
operationId: GetAuthNMapping
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/authn_mappings/{authn_mapping_id}
method: patch
operationId: UpdateAuthNMapping
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases
method: get
operationId: SearchCases
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cases_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cases
method: post
operationId: CreateCase
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases/projects
method: get
operationId: GetProjects
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cases_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cases/projects
method: post
operationId: CreateProject
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases/projects/{project_id}
method: delete
operationId: DeleteProject
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases/projects/{project_id}
method: get
operationId: GetProject
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cases_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cases/{case_id}
method: get
operationId: GetCase
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cases_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cases/{case_id}/archive
method: post
operationId: ArchiveCase
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases/{case_id}/assign
method: post
operationId: AssignCase
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases/{case_id}/priority
method: post
operationId: UpdatePriority
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases/{case_id}/status
method: post
operationId: UpdateStatus
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases/{case_id}/unarchive
method: post
operationId: UnarchiveCase
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cases/{case_id}/unassign
method: post
operationId: UnassignCase
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cases_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/catalog/entity
method: get
operationId: ListCatalogEntity
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- apm_service_catalog_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/catalog/entity
method: post
operationId: UpsertCatalogEntity
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- apm_service_catalog_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/catalog/entity/{entity_id}
method: delete
operationId: DeleteCatalogEntity
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- apm_service_catalog_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/catalog/relation
method: get
operationId: ListCatalogRelation
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- apm_service_catalog_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/ci/pipeline
method: post
operationId: CreateCIAppPipelineEvent
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/ci/pipelines/analytics/aggregate
method: post
operationId: AggregateCIAppPipelineEvents
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- ci_visibility_read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/ci/pipelines/events
method: get
operationId: ListCIAppPipelineEvents
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- ci_visibility_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/ci/pipelines/events/search
method: post
operationId: SearchCIAppPipelineEvents
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- ci_visibility_read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/ci/tests/analytics/aggregate
method: post
operationId: AggregateCIAppTestEvents
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- ci_visibility_read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/ci/tests/events
method: get
operationId: ListCIAppTestEvents
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- ci_visibility_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/ci/tests/events/search
method: post
operationId: SearchCIAppTestEvents
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- ci_visibility_read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cloud_security_management/custom_frameworks
method: post
operationId: CreateCustomFramework
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- security_monitoring_rules_read
- security_monitoring_rules_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cloud_security_management/custom_frameworks/{handle}/{version}
method: delete
operationId: DeleteCustomFramework
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- security_monitoring_rules_read
- security_monitoring_rules_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cloud_security_management/custom_frameworks/{handle}/{version}
method: get
operationId: GetCustomFramework
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- security_monitoring_rules_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cloud_security_management/custom_frameworks/{handle}/{version}
method: put
operationId: UpdateCustomFramework
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- security_monitoring_rules_read
- security_monitoring_rules_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cloud_security_management/resource_filters
method: get
operationId: GetResourceEvaluationFilters
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- security_monitoring_filters_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cloud_security_management/resource_filters
method: put
operationId: UpdateResourceEvaluationFilters
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- security_monitoring_filters_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/container_images
method: get
operationId: ListContainerImages
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/containers
method: get
operationId: ListContainers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v2/cost/aws_cur_config
method: get
operationId: ListCostAWSCURConfigs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cloud_cost_management_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cost/aws_cur_config
method: post
operationId: CreateCostAWSCURConfig
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cost/aws_cur_config/{cloud_account_id}
method: delete
operationId: DeleteCostAWSCURConfig
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cost/aws_cur_config/{cloud_account_id}
method: patch
operationId: UpdateCostAWSCURConfig
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cost/azure_uc_config
method: get
operationId: ListCostAzureUCConfigs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cloud_cost_management_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cost/azure_uc_config
method: post
operationId: CreateCostAzureUCConfigs
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cost/azure_uc_config/{cloud_account_id}
method: delete
operationId: DeleteCostAzureUCConfig
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cost/azure_uc_config/{cloud_account_id}
method: patch
operationId: UpdateCostAzureUCConfigs
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cost/budget
method: put
operationId: UpsertBudget
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cost/budget/{budget_id}
method: delete
operationId: DeleteBudget
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v2/cost/budget/{budget_id}
method: get
operationId: GetBudget
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cloud_cost_management_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cost/budgets
method: get
operationId: ListBudgets
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cloud_cost_management_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cost/custom_costs
method: get
operationId: ListCustomCostsFiles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- cloud_cost_management_read
token:
max-ttl: 3600
audit: none
- path: /api/v2/cost/custom_costs
method: put
operationId: UploadCustomCostsFile
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- cloud_cost_management_write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: co
# --- truncated at 32 KB (179 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/datadog/refs/heads/main/agentic-access/datadog-agentic-access.yml