Deutsche Telekom · Agentic Access

Deutsche Telekom Agentic Access

x-agentic-access generated

Deutsche Telekom exposes 366 API operations that an AI agent could call, of which 187 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 179 read, 177 write, 4 physical, and 6 safety-critical.

6 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

TelecommunicationsTelcoMobile Network OperatorCPaaSNetwork API5GCloudIdentityNumber VerificationOpen GatewayCAMARAT-SystemsT-MobileMagentaMagentaBusinessAPI GatewayOpen SourceGermanyEurope
Operations: 366 Acting: 187 Human-in-the-loop: 6 Method: generated

By consequence

read 179 write 177 physical 4 safety-critical 6

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
PATCH /rovers/{roverId}/secret safety-critical required
DELETE /{realm}/attack-detection/brute-force/users safety-critical required
DELETE /{realm}/attack-detection/brute-force/users/{userId} safety-critical required
DELETE /{realm}/users/{id}/consents/{client} safety-critical required
PUT /{realm}/users/{id}/disable-credential-types safety-critical required
PUT /{realm}/users/{id}/reset-password safety-critical required
POST /{realm}/clients/{id}/nodes physical conditional
PUT /{realm}/users/{id}/execute-actions-email physical conditional
POST /{realm}/users/{id}/logout physical conditional
PUT /{realm}/users/{id}/send-verify-email physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/controlplane-cpapi-openapi.yml, openapi/controlplane-discovery-application-openapi.yml,
  openapi/controlplane-discovery-event-openapi.yml, openapi/controlplane-discovery-stargate-openapi.yml,
  openapi/controlplane-file-manager-openapi.yml, openapi/controlplane-identity-openapi.yml,
  openapi/controlplane-rover-server-openapi.yml, openapi/controlplane-secret-manager-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 366
  by_action_class:
    acting: 187
    connected: 179
  by_consequence:
    write: 177
    read: 179
    safety-critical: 6
    physical: 4
  human_in_the_loop_required: 6
operations:
- path: /remoteSubscriptions/{remoteSubscriptionId}
  method: put
  operationId: createOrUpdateRemoteSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /remoteSubscriptions/{remoteSubscriptionId}
  method: delete
  operationId: deleteRemoteSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /remoteSubscriptions/{remoteSubscriptionId}/status
  method: put
  operationId: updateRemoteSubscriptionStatus
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications
  method: get
  operationId: getAllApplications
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications
  method: post
  operationId: createApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}
  method: get
  operationId: getApplication
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}
  method: put
  operationId: updateApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}
  method: delete
  operationId: deleteApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}/status
  method: get
  operationId: getApplicationStatus
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /eventtypes
  method: get
  operationId: getAllEventTypes
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:read - tardis:user:obfuscated
    token:
      max-ttl: 3600
    audit: none
- path: /eventtypes/{eventTypeId}
  method: get
  operationId: getEventType
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /eventtypes/{eventTypeId}/status
  method: get
  operationId: getEventTypeStatus
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /eventtypes/{eventTypeName}/active
  method: get
  operationId: getActiveEventType
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/eventexposures
  method: get
  operationId: getAllEventExposures
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:read - tardis:user:obfuscated
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/eventexposures/{eventExposureName}
  method: get
  operationId: getEventExposure
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:read - tardis:user:obfuscated
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/eventexposures/{eventExposureName}/status
  method: get
  operationId: getEventExposureStatus
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/eventexposures/{eventExposureName}/eventsubscriptions
  method: get
  operationId: getAllExposureEventSubscriptions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/eventsubscriptions
  method: get
  operationId: getAllEventSubscriptions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:read - tardis:user:obfuscated
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/eventsubscriptions/{eventSubscriptionName}
  method: get
  operationId: getEventSubscription
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:read - tardis:user:obfuscated
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/eventsubscriptions/{eventSubscriptionName}/status
  method: get
  operationId: getEventSubscriptionStatus
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/apiexposures
  method: get
  operationId: getAllApiExposures
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/apiexposures
  method: post
  operationId: createApiExposure
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}/apiexposures/{apiExposureName}
  method: get
  operationId: getApiExposure
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/apiexposures/{apiExposureName}
  method: put
  operationId: updateApiExposure
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}/apiexposures/{apiExposureName}
  method: delete
  operationId: deleteApiExposure
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}/apiexposures/{apiExposureName}/status
  method: get
  operationId: getApiExposureStatus
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/apisubscriptions
  method: get
  operationId: getAllApiSubscriptions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/apisubscriptions
  method: post
  operationId: createApiSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}/apisubscriptions/{apiSubscriptionName}
  method: get
  operationId: getApiSubscription
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/apisubscriptions/{apiSubscriptionName}
  method: put
  operationId: updateApiSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}/apisubscriptions/{apiSubscriptionName}
  method: delete
  operationId: deleteApiSubscription
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    scope:
    - tardis:admin:all
    - tardis:hub:all
    - tardis:team:all
    - tardis:user:all
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /applications/{applicationId}/apisubscriptions/{apiSubscriptionName}/status
  method: get
  operationId: getApiSubscriptionStatus
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /applications/{applicationId}/apiexposures/{apiExposureName}/apisubscriptions
  method: get
  operationId: getAllExposureApiSubscriptions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    scope:
    - tardis:admin:all
    - tardis:admin:obfuscated
    - tardis:admin:read
    - tardis:hub:all
    - tardis:hub:obfuscated
    - tardis:hub:read
    - tardis:supervisor:read
    - tardis:team:all
    - tardis:team:obfuscated
    - tardis:team:read
    - tardis:user:all
    - tardis:user:obfuscated
    - tardis:user:read
    token:
      max-ttl: 3600
    audit: none
- path: /v1/files/{fileId}
  method: put
  operationId: uploadFile
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /v1/files/{fileId}
  method: get
  operationId: downloadFile
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/files/{fileId}
  method: delete
  operationId: deleteFile
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{id}/name
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/admin-events
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/admin-events
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/attack-detection/brute-force/users
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /{realm}/attack-detection/brute-force/users/{userId}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/attack-detection/brute-force/users/{userId}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /{realm}/authentication/authenticator-providers
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/client-authenticator-providers
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/config-description/{providerId}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/config/{id}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/config/{id}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/config/{id}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/executions
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/executions/{executionId}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/executions/{executionId}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/executions/{executionId}/config
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/executions/{executionId}/lower-priority
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/executions/{executionId}/raise-priority
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/flows
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/flows
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/flows/{flowAlias}/copy
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/flows/{flowAlias}/executions
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/flows/{flowAlias}/executions
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/flows/{flowAlias}/executions/execution
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/flows/{flowAlias}/executions/flow
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/flows/{id}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/flows/{id}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/flows/{id}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/form-action-providers
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/form-providers
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/per-client-config-description
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/register-required-action
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/required-actions
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/required-actions/{alias}
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/authentication/required-actions/{alias}
  method: put
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/required-actions/{alias}
  method: delete
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/required-actions/{alias}/lower-priority
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/required-actions/{alias}/raise-priority
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/authentication/unregistered-required-actions
  method: get
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /{realm}/clear-keys-cache
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/clear-realm-cache
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/clear-user-cache
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /{realm}/client-description-converter
  method: post
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      -

# --- truncated at 32 KB (112 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/deutsche-telekom/refs/heads/main/agentic-access/deutsche-telekom-agentic-access.yml