Frontegg · Agentic Access

Frontegg Agentic Access

x-agentic-access generated

Frontegg exposes 877 API operations that an AI agent could call, of which 604 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 273 read, 26 write, and 578 safety-critical.

578 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

AuthenticationAuthorizationIdentity ManagementCIAMB2B SaaSMulti-TenancyRBACSSOSCIMEntitlementsOAuthOpenID Connect
Operations: 877 Acting: 604 Human-in-the-loop: 578 Method: generated

By consequence

read 273 write 26 safety-critical 578

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
POST / safety-critical required
POST / safety-critical required
POST /export/csv safety-critical required
POST /export/csv safety-critical required
POST /export/csv/v2 safety-critical required
POST /export/csv/v2 safety-critical required
PUT /resources/account-settings/v1 safety-critical required
PUT /resources/account-settings/v1 safety-critical required
PUT /resources/applications/user-tenants/active/v1 safety-critical required
PUT /resources/applications/user-tenants/active/v1 safety-critical required
POST /resources/applications/v1 safety-critical required
DELETE /resources/applications/v1 safety-critical required
POST /resources/applications/v1 safety-critical required
DELETE /resources/applications/v1 safety-critical required
POST /resources/approval-flows/v1 safety-critical required
POST /resources/approval-flows/v1 safety-critical required
POST /resources/approval-flows/v1/approver-action safety-critical required
POST /resources/approval-flows/v1/approver-action safety-critical required
POST /resources/approval-flows/v1/step-up/execute safety-critical required
POST /resources/approval-flows/v1/step-up/execute safety-critical required
PATCH /resources/approval-flows/v1/{id} safety-critical required
DELETE /resources/approval-flows/v1/{id} safety-critical required
PATCH /resources/approval-flows/v1/{id} safety-critical required
DELETE /resources/approval-flows/v1/{id} safety-critical required
POST /resources/approval-flows/v1/{id}/execute safety-critical required

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/frontegg-applications-openapi.yml, openapi/frontegg-audits-openapi.yml, openapi/frontegg-combined-openapi.yml,
  openapi/frontegg-entitlements-agent-openapi.yml, openapi/frontegg-entitlements-openapi.yml,
  openapi/frontegg-env-auth-openapi.yml, openapi/frontegg-identity-openapi.yml, openapi/frontegg-scim-openapi.yml,
  openapi/frontegg-sso-openapi.yml, openapi/frontegg-tenants-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 877
  by_action_class:
    connected: 273
    acting: 604
  by_consequence:
    read: 273
    write: 26
    safety-critical: 578
  human_in_the_loop_required: 578
operations:
- path: /resources/applications/v1
  method: get
  operationId: getApplications
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/applications/v1
  method: post
  operationId: createApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /resources/applications/v1/default
  method: get
  operationId: getDefaultApplication
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/applications/v1/{id}
  method: get
  operationId: getApplicationById
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/applications/v1/{id}
  method: patch
  operationId: updateApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /resources/applications/v1/{id}
  method: delete
  operationId: deleteApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /resources/applications/tenant-assignments/v1
  method: get
  operationId: getApplicationsTenantsAssignments
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/applications/tenant-assignments/v1/{appId}
  method: get
  operationId: getApplicationTenantsAssignmentsByAppId
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/applications/tenant-assignments/v1/{appId}
  method: post
  operationId: createApplicationTenantAssignment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /resources/applications/tenant-assignments/v1/{appId}/{tenantId}
  method: put
  operationId: editApplicationTenantAssignment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /resources/applications/tenant-assignments/v1/{appId}/{tenantId}
  method: delete
  operationId: deleteApplicationTenantAssignment
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /resources/applications/tenant-assignments/v2
  method: get
  operationId: getApplicationsTenantsAssignmentsV2
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/applications/v1/credentials/{appId}
  method: get
  operationId: getApplicationClientCredentials
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/applications/v1/credentials/regenerate
  method: post
  operationId: regenerateApplicationClientCredentials
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /resources/applications/v1/credentials/shared/regenerate
  method: post
  operationId: regenerateApplicationSharedSecretCredentials
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /application-clients
  method: post
  operationId: createApplicationClient
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /application-clients/app/{appId}
  method: get
  operationId: getApplicationClientsByAppId
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /application-clients/{id}
  method: get
  operationId: getApplicationClientById
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /application-clients/{id}
  method: patch
  operationId: updateApplicationClient
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /application-clients/{id}
  method: delete
  operationId: deleteApplicationClient
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /
  method: get
  operationId: AuditsController_getAudits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /
  method: post
  operationId: AuditsController_addAudits
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /stats
  method: get
  operationId: AuditsController_getAuditsStats
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /export/csv
  method: post
  operationId: AuditsController_exportCsv
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /export/csv/v2
  method: post
  operationId: AuditsController_exportCsvToStream
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/audits/v2
  method: get
  operationId: AuditsController_V2_getAudits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/audits/v2/export/csv
  method: post
  operationId: AuditsController_V2_exportCsvToStream
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/metrics/v1
  method: get
  operationId: MetricsController_getMetrics
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /v1/data/e10s/features/is_entitled_to_input_feature
  method: post
  operationId: OpenApiPDPController_isEntitledToFeature
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /v1/data/e10s/permissions/is_entitled_to_input_permission
  method: post
  operationId: OpenApiPDPController_isEntitledToPermission
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /v1/data/e10s/routes/is_entitled_to_input_route
  method: post
  operationId: OpenApiPDPController_isEntitledToRoute
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /
  method: get
  operationId: AuditsController_getAudits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /
  method: post
  operationId: AuditsController_addAudits
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /stats
  method: get
  operationId: AuditsController_getAuditsStats
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /export/csv
  method: post
  operationId: AuditsController_exportCsv
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /export/csv/v2
  method: post
  operationId: AuditsController_exportCsvToStream
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/audits/v2
  method: get
  operationId: AuditsController_V2_getAudits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/audits/v2/export/csv
  method: post
  operationId: AuditsController_V2_exportCsvToStream
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/metrics/v1
  method: get
  operationId: MetricsController_getMetrics
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/plans/v1/tenant/{tenantId}
  method: get
  operationId: PlansControllerV1_getTenantPlans
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/plans/v1
  method: get
  operationId: PlansControllerV1_getPlans
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/plans/v1
  method: post
  operationId: PlansControllerV1_createPlan
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/plans/v1/{id}
  method: get
  operationId: PlansControllerV1_getSinglePlan
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/plans/v1/{id}
  method: patch
  operationId: PlansControllerV1_updatePlan
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/plans/v1/{id}
  method: delete
  operationId: PlansControllerV1_deletePlan
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/plans/v1/{id}/features
  method: get
  operationId: PlansControllerV1_getPlanFeatures
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/plans/v1/{id}/features/link
  method: patch
  operationId: PlansControllerV1_linkFeaturesToPlan
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/plans/v1/{id}/features/unlink
  method: patch
  operationId: PlansControllerV1_unlinkFeaturesFromPlan
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/routes/v1
  method: get
  operationId: RoutesControllerV1_getMany
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/routes/v1
  method: post
  operationId: RoutesControllerV1_create
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/routes/v1/{id}
  method: get
  operationId: RoutesControllerV1_getSingle
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/routes/v1/{id}
  method: delete
  operationId: RoutesControllerV1_delete
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/routes/v1/{id}
  method: patch
  operationId: RoutesControllerV1_update
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/routes/v1/import-open-api
  method: post
  operationId: RoutesControllerV1_importOpenApi
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/routes/v1/{id}/rules
  method: put
  operationId: RoutesControllerV1_replaceRules
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/routes/v1/configuration
  method: get
  operationId: RoutesConfigurationsControllerV1_getRoutesConfiguration
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/routes/v1/configuration
  method: patch
  operationId: RoutesConfigurationsControllerV1_updateRoutesConfiguration
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/features/v1
  method: get
  operationId: FeaturesControllerV1_getFeatures
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/features/v1
  method: post
  operationId: FeaturesControllerV1_createFeature
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/features/v1/{featureId}
  method: patch
  operationId: FeaturesControllerV1_updateFeature
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/features/v1/{featureId}
  method: delete
  operationId: FeaturesControllerV1_deleteFeature
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/features/v2
  method: post
  operationId: FeaturesControllerV2_create
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/features/v2/{featureId}
  method: patch
  operationId: FeaturesControllerV2_update
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entitlements/v2
  method: get
  operationId: EntitlementsControllerV2_getEntitlements
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/entitlements/v2
  method: post
  operationId: EntitlementsControllerV2_createEntitlement
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entitlements/v2/batch
  method: post
  operationId: EntitlementsControllerV2_createBatchEntitlements
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entitlements/v2/batch
  method: patch
  operationId: EntitlementsControllerV2_updateBatchEntitlements
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entitlements/v2/batch
  method: delete
  operationId: EntitlementsControllerV2_deleteBatchEntitlements
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entitlements/v2/{id}
  method: get
  operationId: EntitlementsControllerV2_getSingleEntitlement
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/entitlements/v2/{id}
  method: patch
  operationId: EntitlementsControllerV2_updateEntitlement
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entitlements/v2/{id}
  method: delete
  operationId: EntitlementsControllerV2_deleteEntitlement
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/feature-flags/v1
  method: get
  operationId: FeatureFlagsControllerV1_getFeatureFlags
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/feature-flags/v1
  method: post
  operationId: FeatureFlagsControllerV1_createFeatureFlag
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/feature-flags/v1/{id}
  method: get
  operationId: FeatureFlagsControllerV1_getSingleFeatureFlag
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/feature-flags/v1/{id}
  method: patch
  operationId: FeatureFlagsControllerV1_updateFeatureFlag
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/feature-flags/v1/{id}
  method: delete
  operationId: FeatureFlagsControllerV1_deleteFeatureFlag
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1
  method: get
  operationId: EntityTypesV1Controller_getEntityTypes
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/entity-types/v1
  method: post
  operationId: EntityTypesV1Controller_createEntityType
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1/{key}
  method: get
  operationId: EntityTypesV1Controller_getEntityType
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/entity-types/v1/{key}
  method: patch
  operationId: EntityTypesV1Controller_updateEntityType
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1/{key}
  method: delete
  operationId: EntityTypesV1Controller_deleteEntityType
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1/{key}/actions
  method: post
  operationId: EntityTypesActionsV1Controller_createEntityTypeActions
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1/{key}/actions/{actionKey}
  method: patch
  operationId: EntityTypesActionsV1Controller_updateEntityTypeAction
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1/{key}/actions/{actionKey}
  method: delete
  operationId: EntityTypesActionsV1Controller_deleteEntityTypeAction
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1/{key}/relations
  method: post
  operationId: EntityTypesRelationsV1Controller_createEntityTypeRelations
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1/{key}/relations/{relationKey}
  method: patch
  operationId: EntityTypesRelationsV1Controller_updateEntityTypeRelation
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/entity-types/v1/{key}/relations/{relationKey}
  method: delete
  operationId: EntityTypesRelationsV1Controller_deleteEntityTypeRelation
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/relations/v1/assignments
  method: get
  operationId: RelationsV1Controller_getRelationAssignments
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /resources/relations/v1/assign
  method: post
  operationId: RelationsV1Controller_createRelationAssignments
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/relations/v1/unassign
  method: post
  operationId: RelationsV1Controller_deleteRelationAssignments
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/auth/v2/api-token
  method: post
  operationId: AuthenticationApiTokenControllerV2_authApiToken
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /resources/auth/v2/api-token/token/refresh
  method: post
  operationId: AuthenticationApiTokenControllerV2_refreshToken
  x-agentic-access:
    action-class: acting
    consequence: safety-critical
    subject: required
    audience: null
    token:
      max-ttl: 120
      exchange: true
      purpose-required: true
      proof-of-possession: true
    escalation:
      human-in-the-loop: required
    audit: required
- path: /r

# --- truncated at 32 KB (317 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/frontegg/refs/heads/main/agentic-access/frontegg-agentic-access.yml