Descope Agentic Access
Descope exposes 459 API operations that an AI agent could call, of which 375 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 84 read, 366 write, 1 physical, and 8 safety-critical.
8 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| POST | /oauth2/v1/apps/revoke | safety-critical | required |
| POST | /oauth2/v1/apps/{project_id}/revoke | safety-critical | required |
| POST | /oauth2/v1/revoke | safety-critical | required |
| POST | /v1/auth/password/reset | safety-critical | required |
| POST | /v1/mgmt/outbound/app/create/bydcrpreset | safety-critical | required |
| POST | /v1/mgmt/stop/impersonation | safety-critical | required |
| POST | /v1/mgmt/tenant/adminlinks/sso/revoke | safety-critical | required |
| POST | /{ssoAppId}/oauth2/v1/revoke | safety-critical | required |
| POST | /v1/mgmt/tenant/adminlinks/sso/send | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/descope-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 459
by_action_class:
connected: 84
acting: 375
by_consequence:
read: 84
write: 366
safety-critical: 8
physical: 1
human_in_the_loop_required: 8
operations:
- path: /oauth2/v1/apps/agentic/{project_id}/{mcp_server_id}/authorize
method: get
operationId: ThirdPartyApplicationAuthorizeGetByMcpServerID
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/apps/agentic/{project_id}/{mcp_server_id}/authorize
method: post
operationId: ThirdPartyApplicationAuthorizePOSTByMcpServerID
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/agentic/{project_id}/{mcp_server_id}/token
method: post
operationId: ThirdPartyApplicationTokenEndpointByMcpServerID
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/authorize
method: get
operationId: ThirdPartyApplicationAuthorizeGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/apps/authorize
method: post
operationId: ThirdPartyApplicationAuthorize
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/bc-authorize
method: post
operationId: ThirdPartyApplicationCIBAEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/device
method: post
operationId: ThirdPartyApplicationDeviceEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/finish-authorize
method: post
operationId: ThirdPartyApplicationFinish
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/revoke
method: post
operationId: ThirdPartyApplicationRevocationEndpoint
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /oauth2/v1/apps/token
method: post
operationId: ThirdPartyApplicationTokenEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/userinfo
method: get
operationId: ThirdPartyApplicationUserInfoEndpointGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/apps/userinfo
method: post
operationId: ThirdPartyApplicationUserInfoEndpointPost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/{project_id}/authorize
method: get
operationId: ThirdPartyApplicationAuthorizeGetByProjectID
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/apps/{project_id}/authorize
method: post
operationId: ThirdPartyApplicationAuthorizePostByProjectID
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/{project_id}/bc-authorize
method: post
operationId: ThirdPartyApplicationCIBAEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/{project_id}/device
method: post
operationId: ThirdPartyApplicationDeviceEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/{project_id}/revoke
method: post
operationId: ThirdPartyApplicationRevocationEndpointByProjectID
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /oauth2/v1/apps/{project_id}/token
method: post
operationId: ThirdPartyApplicationTokenEndpointByProjectID
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/apps/{project_id}/userinfo
method: get
operationId: ThirdPartyApplicationUserInfoEndpointGetByProjectID
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/apps/{project_id}/userinfo
method: post
operationId: ThirdPartyApplicationUserInfoEndpointPostByProjectID
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/mgmt/inboundapp/app/{projectId}/register
method: post
operationId: RegisterThirdPartyApplication
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/mgmt/mcp/client/{projectId}/{mcpServerId}/register
method: post
operationId: RegisterMcpServerClient
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/authorize
method: get
operationId: OIDCAuthZEndpointGetStart
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/authorize
method: post
operationId: OIDCAuthZEndpointPostStart
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/authorize/entramfa
method: post
operationId: OIDCAuthZEndpointEntraMFA
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/device
method: post
operationId: OIDCDeviceEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/finish-authorize
method: get
operationId: OIDCAuthZEndpointFinishPost
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/finish-authorize
method: post
operationId: OIDCAuthZEndpointFinishGet
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/logout
method: get
operationId: OIDCEndSessionEndpointGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/logout
method: post
operationId: OIDCEndSessionEndpointPost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/revoke
method: post
operationId: OIDCRevocationEndpoint
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /oauth2/v1/token
method: post
operationId: OIDCTokenEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/v1/userinfo
method: get
operationId: OIDCUserInfoEndpointGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/v1/userinfo
method: post
operationId: OIDCUserInfoEndpointPost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/saml/idp/initiate
method: get
operationId: SAMLIDPInitiateHTTPRedirectBinding
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v1/auth/saml/idp/initiate
method: post
operationId: SAMLIDPInitiateHTTPPostBinding
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/saml/idp/sso
method: get
operationId: SAMLIDPHTTPRedirectBinding
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v1/auth/saml/idp/sso
method: post
operationId: SAMLIDPHTTPPostBinding
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/saml/idp/sso-finish
method: post
operationId: SAMLIDPFinishEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/wsfed/idp/initiate
method: get
operationId: WSFedIDPInitiateGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v1/auth/wsfed/idp/initiate
method: post
operationId: WSFedIDPInitiatePost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/wsfed/idp/sso
method: get
operationId: WSFedIDPPassiveGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v1/auth/wsfed/idp/sso
method: post
operationId: WSFedIDPPassivePost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/wsfed/idp/sso-finish
method: post
operationId: WSFedIDPFinishEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /{ssoAppId}/oauth2/v1/authorize
method: get
operationId: OIDCSSOAppAuthZEndpointGetStart
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /{ssoAppId}/oauth2/v1/authorize
method: post
operationId: OIDCSSOAppAuthZEndpointPostStart
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /{ssoAppId}/oauth2/v1/authorize/entramfa
method: post
operationId: OIDCSSOAppAuthZEndpointEntraMFA
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /{ssoAppId}/oauth2/v1/device
method: post
operationId: OIDCDeviceEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /{ssoAppId}/oauth2/v1/logout
method: get
operationId: OIDCSSOAppEndSessionEndpointGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /{ssoAppId}/oauth2/v1/logout
method: post
operationId: OIDSSOAppCEndSessionEndpointPost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /{ssoAppId}/oauth2/v1/revoke
method: post
operationId: OIDCSSOAppRevocationEndpoint
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /{ssoAppId}/oauth2/v1/token
method: post
operationId: OIDCSSOAppTokenEndpoint
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /{ssoAppId}/oauth2/v1/userinfo
method: get
operationId: OIDCSSOAppUserInfoEndpointGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /{ssoAppId}/oauth2/v1/userinfo
method: post
operationId: OIDCSSOAppUserInfoEndpointPost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/accesskey/exchange
method: post
operationId: ExchangeAccessKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/enchantedlink/signup/email
method: post
operationId: SignUpEnchantedLink
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/enchantedlink/signin/email
method: post
operationId: SignInEnchantedLinkEmail
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/enchantedlink/signup-in/email
method: post
operationId: SignUpOrInEnchantedLinkEmail
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/enchantedlink/verify
method: post
operationId: VerifyEnchantedLink
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/enchantedlink/pending-session
method: post
operationId: GetEnchantedLinkSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/enchantedlink/update/email
method: post
operationId: UpdateUserEmailEnchantedLink
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/refresh
method: post
operationId: RefreshSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/try-refresh
method: post
operationId: TryRefreshSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/me
method: get
operationId: Me
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v1/auth/me/history
method: get
operationId: MeAuthHistory
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v1/auth/tenant/select
method: post
operationId: SelectTenant
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/idp/sso/logout
method: get
operationId: IDPSSOLogoutGet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v1/auth/idp/sso/logout
method: post
operationId: IDPSSOLogoutPost
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/logout
method: post
operationId: Logout
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/logoutall
method: post
operationId: LogoutAllDevices
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/validate
method: post
operationId: ValidateSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/signup/email
method: post
operationId: SignUpMagicLinkEmail
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/signup/sms
method: post
operationId: SignUpMagicLinkSMS
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/verify
method: post
operationId: VerifyMagicLink
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/signin/email
method: post
operationId: SignInMagicLinkEmail
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/signin/sms
method: post
operationId: SignInMagicLinkSMS
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/signup-in/email
method: post
operationId: SignUpOrInMagicLinkEmail
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/signup-in/sms
method: post
operationId: SignUpOrInMagicLinkSMS
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/update/email
method: post
operationId: UpdateUserEmailMagicLink
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/magiclink/update/phone/sms
method: post
operationId: UpdateUserPhoneMagicLinkSMS
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/notp/{provider}/signup
method: post
operationId: SignUpNOTP
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/notp/{provider}/signin
method: post
operationId: SignInNOTP
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/notp/{provider}/signup-in
method: post
operationId: SignUpOrInNOTP
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/notp/{provider}/update
method: post
operationId: UpdateUserNOTP
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/notp/pending-session
method: post
operationId: GetNOTPSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/oauth/authorize
method: post
operationId: AuthorizeOAuth
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/oauth/authorize/signin
method: post
operationId: CreateOAuthRedirectURISignin
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/oauth/authorize/signup
method: post
operationId: CreateOAuthRedirectURISignup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/oauth/authorize/update
method: post
operationId: CreateOAuthRedirectURIUpdateUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/oauth/native/start
method: post
operationId: OAuthNativeStart
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/oauth/exchange
method: post
operationId: ExchangeCodeoauth
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/oauth/native/finish
method: post
operationId: OAuthNativeFinish
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/onetap/idtoken/exchange
method: post
operationId: ExchangeOneTapIDToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/onetap/idtoken/verify
method: post
operationId: VerifyOneTapIDToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/onetap/clientid/{provider}
method: get
operationId: GetOneTapClientID
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /v1/auth/otp/signup/email
method: post
operationId: UserSignupOtpEmail
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /v1/auth/otp/signup/im
method: post
operationId: SignUpOTPInstantMessage
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
# --- truncated at 32 KB (148 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/descope/refs/heads/main/agentic-access/descope-agentic-access.yml