ForgeRock · Agentic Access
ForgeRock Agentic Access
x-agentic-access
generated
ForgeRock exposes 122 API operations that an AI agent could call, of which 49 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 73 read and 49 write.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
Access ManagementAuthenticationAuthorizationIdentity GovernanceIdentity ManagementOAuthOpenID Connect
Operations: 122
Acting: 49
Human-in-the-loop: 0
Method: generated
By consequence
read 73
write 49
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/forgerock-access-management-openapi.yml, openapi/forgerock-autonomous-identity-openapi.yml,
openapi/forgerock-directory-services-openapi.yml, openapi/forgerock-identity-cloud-openapi.yml,
openapi/forgerock-identity-gateway-openapi.yml, openapi/forgerock-identity-governance-openapi.yml,
openapi/forgerock-identity-management-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 122
by_action_class:
acting: 49
connected: 73
by_consequence:
write: 49
read: 73
human_in_the_loop_required: 0
operations:
- path: /json/realms/root/realms/{realm}/authenticate
method: post
operationId: authenticate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/realms/root/realms/{realm}/sessions
method: get
operationId: querySessions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /json/realms/root/realms/{realm}/sessions
method: post
operationId: sessionAction
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/realms/root/realms/{realm}/policies
method: get
operationId: listPolicies
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /json/realms/root/realms/{realm}/policies
method: post
operationId: createPolicyOrEvaluate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/realms/root/realms/{realm}/policies/{policyName}
method: get
operationId: getPolicy
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /json/realms/root/realms/{realm}/policies/{policyName}
method: put
operationId: updatePolicy
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/realms/root/realms/{realm}/policies/{policyName}
method: delete
operationId: deletePolicy
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/realms/root/realms/{realm}/resourcetypes
method: get
operationId: listResourceTypes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /json/realms/root/realms/{realm}/resourcetypes
method: post
operationId: createResourceType
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId}
method: get
operationId: getResourceType
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId}
method: put
operationId: updateResourceType
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/realms/root/realms/{realm}/resourcetypes/{resourceTypeId}
method: delete
operationId: deleteResourceType
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/global-config/realms
method: get
operationId: listRealms
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /json/global-config/realms
method: post
operationId: createRealm
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/global-config/realms/{realmName}
method: get
operationId: getRealm
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /json/global-config/realms/{realmName}
method: put
operationId: updateRealm
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/global-config/realms/{realmName}
method: delete
operationId: deleteRealm
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /json/realms/root/realms/{realm}/scripts
method: get
operationId: listScripts
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /json/realms/root/realms/{realm}/scripts/{scriptId}
method: get
operationId: getScript
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/realms/root/realms/{realm}/authorize
method: get
operationId: oAuth2Authorize
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/realms/root/realms/{realm}/access_token
method: post
operationId: oAuth2Token
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /oauth2/realms/root/realms/{realm}/tokeninfo
method: get
operationId: oAuth2TokenInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /oauth2/realms/root/realms/{realm}/userinfo
method: get
operationId: oidcUserInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /.well-known/openid-configuration
method: get
operationId: oidcDiscovery
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/entitlements
method: get
operationId: listEntitlements
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/entitlements/{entitlementId}
method: get
operationId: getEntitlement
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/entitlements/{entitlementId}/users
method: get
operationId: listEntitlementUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/entitlements/{entitlementId}/recommendations
method: get
operationId: getEntitlementRecommendations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/rules
method: get
operationId: listRules
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/rules/{ruleId}
method: get
operationId: getRule
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/applications
method: get
operationId: listApplications
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/applications/{applicationId}
method: get
operationId: getApplication
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/users/{userId}/entitlements
method: get
operationId: listUserEntitlements
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/users/{userId}/recommendations
method: get
operationId: getUserRecommendations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/companyview
method: get
operationId: getCompanyView
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/analytics/status
method: get
operationId: getAnalyticsStatus
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/analytics/reports
method: get
operationId: listAnalyticsReports
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/users
method: get
operationId: listUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/users
method: post
operationId: createUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/users/{userId}
method: post
operationId: userAction
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/groups
method: get
operationId: listGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/groups
method: post
operationId: createGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/groups/{groupId}
method: get
operationId: getGroup
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/groups/{groupId}
method: put
operationId: updateGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/groups/{groupId}
method: patch
operationId: patchGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/groups/{groupId}
method: delete
operationId: deleteGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/{collection}
method: get
operationId: listEntries
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /alive
method: get
operationId: healthCheck
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /healthy
method: get
operationId: detailedHealthCheck
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /am/json/realms/root/realms/{realm}/authenticate
method: post
operationId: authenticateUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /am/json/realms/root/realms/{realm}/sessions
method: post
operationId: manageSessions
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openidm/managed/{realm}_user
method: get
operationId: listManagedUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openidm/managed/{realm}_user
method: post
operationId: createManagedUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openidm/managed/{realm}_user/{userId}
method: get
operationId: getManagedUser
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openidm/managed/{realm}_user/{userId}
method: put
operationId: updateManagedUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openidm/managed/{realm}_user/{userId}
method: patch
operationId: patchManagedUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openidm/managed/{realm}_user/{userId}
method: delete
operationId: deleteManagedUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openidm/managed/{realm}_role
method: get
operationId: listManagedRoles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openidm/managed/{realm}_role
method: post
operationId: createManagedRole
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openidm/managed/{realm}_role/{roleId}
method: get
operationId: getManagedRole
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /am/json/realms/root/realms/{realm}/serverinfo/*
method: get
operationId: getServerInfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /am/oauth2/realms/root/realms/{realm}/authorize
method: get
operationId: authorizeOAuth2
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /am/oauth2/realms/root/realms/{realm}/access_token
method: post
operationId: getAccessToken
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openig/api/system/objects
method: get
operationId: listObjects
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openig/api/system/objects/{objectType}/{objectId}
method: get
operationId: getObject
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openig/api/system/objects/router-handler/routes
method: get
operationId: listRoutes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openig/api/system/objects/router-handler/routes
method: post
operationId: createRoute
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openig/api/system/objects/router-handler/routes/{routeId}
method: get
operationId: getRoute
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openig/api/system/objects/router-handler/routes/{routeId}
method: put
operationId: updateRoute
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openig/api/system/objects/router-handler/routes/{routeId}
method: delete
operationId: deleteRoute
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /openig/api/system/monitoring
method: get
operationId: getMonitoringSummary
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openig/api/system/monitoring/{endpointId}
method: get
operationId: getEndpointMonitoring
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openig/api/system/health
method: get
operationId: getHealthStatus
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openig/api/studio/routes
method: get
operationId: listStudioRoutes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /openig/api/studio/routes
method: post
operationId: createStudioRoute
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /governance/certification
method: get
operationId: listCertifications
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/certification
method: post
operationId: createCertification
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /governance/certification/{certificationId}
method: get
operationId: getCertification
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/certification/{certificationId}
method: patch
operationId: patchCertification
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /governance/certification/{certificationId}/items
method: get
operationId: listCertificationItems
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/certification/{certificationId}/items/{itemId}
method: get
operationId: getCertificationItem
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/certification/{certificationId}/items/{itemId}
method: patch
operationId: reviewCertificationItem
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /governance/request
method: get
operationId: listAccessRequests
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/request
method: post
operationId: createAccessRequest
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /governance/request/{requestId}
method: get
operationId: getAccessRequest
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/request/{requestId}
method: post
operationId: accessRequestAction
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /governance/entitlement
method: get
operationId: listEntitlements
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/entitlement/{entitlementId}
method: get
operationId: getEntitlement
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/role
method: get
operationId: listGovernanceRoles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/violation
method: get
operationId: listViolations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/violation/{violationId}
method: get
operationId: getViolation
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /governance/violation/{violationId}
method: post
operationId: violationAction
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /managed/{objectType}
method: get
operationId: listManagedObjects
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /managed/{objectType}
method: post
operationId: createManagedObject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /managed/{objectType}/{objectId}
method: get
operationId: getManagedObject
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /managed/{objectType}/{objectId}
method: put
operationId: updateManagedObject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /managed/{objectType}/{objectId}
method: patch
operationId: patchManagedObject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /managed/{objectType}/{objectId}
method: delete
operationId: deleteManagedObject
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /system/{systemName}/{objectType}
method: get
operationId: listSystemObjects
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /system/{systemName}/{objectType}/{objectId}
method: get
operationId: getSystemObject
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /config
method: get
operationId: listConfigurations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /config/{configId}
method: get
operationId: getConfiguration
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /config/{configId}
method: put
operationId: updateConfiguration
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /config/{configId}
method: delete
operationId: deleteConfiguration
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /recon/{mappingName}
method: post
operationId: triggerReconciliation
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /recon
method: get
operationId: listReconciliations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /recon/{reconId}
method: get
operationId: getReconciliation
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /sync
method: post
operationId: triggerSync
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /audit/{auditTopic}
method: get
operationId: queryAuditLogs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /audit/{auditTopic}/{auditId}
method: get
operationId: getAuditLogEntry
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /scheduler/job
method: get
operationId: listScheduledJobs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /scheduler/job
method: post
operationId: createScheduledJob
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /scheduler/job/{jobId}
method: get
operationId: getScheduledJob
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /scheduler/job/{jobId}
method: put
operationId: updateScheduledJob
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /scheduler/job/{jobId}
method: delete
operationId: deleteScheduledJob
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-
# --- truncated at 32 KB (33 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/forgerock/refs/heads/main/agentic-access/forgerock-agentic-access.yml