Global System for Mobile Communications Agentic Access
Global System for Mobile Communications exposes 62 API operations that an AI agent could call, of which 43 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 19 read, 35 write, 7 physical, and 1 safety-critical.
1 operation are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /appinstances/{appInstanceId} | safety-critical | required |
| POST | /payments | physical | conditional |
| POST | /payments/prepare | physical | conditional |
| POST | /payments/{paymentId}/cancel | physical | conditional |
| POST | /payments/{paymentId}/confirm | physical | conditional |
| POST | /payments/{paymentId}/validate | physical | conditional |
| POST | /send-code | physical | conditional |
| POST | /short-message | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/application-endpoint-discovery-api-openapi.yml, openapi/application-profiles-api-openapi.yml,
openapi/call-forwarding-signal-api-openapi.yml, openapi/carrier-billing-api-openapi.yml, openapi/connectivity-insights-api-openapi.yml,
openapi/connectivity-insights-subscriptions-api-openapi.yml, openapi/device-geofencing-subscriptions-api-openapi.yml,
openapi/device-location-retrieval-api-openapi.yml, openapi/device-location-verification-api-openapi.yml,
openapi/device-roaming-status-api-openapi.yml, openapi/edge-application-management-api-openapi.yml,
openapi/home-devices-qod-api-openapi.yml, openapi/kyc-fill-in-api-openapi.yml, openapi/kyc-match-openapi.yml,
openapi/number-verification-api-openapi.yml, openapi/one-time-password-api-openapi.yml, openapi/population-density-api-openapi.yml,
openapi/quality-on-demand-api-openapi.yml, openapi/sim-swap-api-openapi.yml, openapi/sim-swap-notification-subscription-api-openapi.yml,
openapi/simple-edge-discovery-api-openapi.yml, openapi/sms-api-openapi.yml, openapi/sms-delivery-notification-subscription-api-openapi.yml,
openapi/traffic-influence-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 62
by_action_class:
connected: 19
acting: 43
by_consequence:
read: 19
write: 35
physical: 7
safety-critical: 1
human_in_the_loop_required: 1
operations:
- path: /app-endpoints
method: get
operationId: getAppEndpoints
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- application-endpoint-discovery:app-endpoints:read
token:
max-ttl: 3600
audit: none
- path: /application-profiles
method: post
operationId: createApplicationProfile
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- application-profiles:create
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /application-profiles/{applicationProfileId}
method: patch
operationId: updateApplicationProfile
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- application-profiles:update
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /application-profiles/{applicationProfileId}
method: get
operationId: readApplicationProfile
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- application-profiles:read
token:
max-ttl: 3600
audit: none
- path: /application-profiles/{applicationProfileId}
method: delete
operationId: deleteApplicationProfile
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- application-profile:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /unconditional-call-forwardings
method: post
operationId: retrieveUnconditionalCallForwarding
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- call-forwarding-signal:unconditional-call-forwardings:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /call-forwardings
method: post
operationId: retrieveCallForwarding
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- call-forwarding-signal:call-forwardings:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments
method: post
operationId: createPayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:create
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments
method: get
operationId: retrievePayments
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- carrier-billing:payments:read
token:
max-ttl: 3600
audit: none
- path: /payments/{paymentId}
method: get
operationId: retrievePayment
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- carrier-billing:payments:read
token:
max-ttl: 3600
audit: none
- path: /payments/prepare
method: post
operationId: preparePayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:create
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments/{paymentId}/validate
method: post
operationId: validatePayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments/{paymentId}/confirm
method: post
operationId: confirmPayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /payments/{paymentId}/cancel
method: post
operationId: cancelPayment
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- carrier-billing:payments:write
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /check-network-quality
method: post
operationId: checkNetworkQuality
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- connectivity-insights:check
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: post
operationId: createSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- connectivity-insights-subscriptions:org.camaraproject.connectivity-insights-subscriptions.v0.network-quality:create
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: get
operationId: getSubscriptionList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- connectivity-insights-subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: get
operationId: getSubscription
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- connectivity-insights-subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: delete
operationId: deleteSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- connectivity-insights-subscriptions:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: post
operationId: createSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- geofencing-subscriptions:org.camaraproject.geofencing-subscriptions.v0.area-entered:create
- geofencing-subscriptions:org.camaraproject.geofencing-subscriptions.v0.area-left:create
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: get
operationId: retrieveGeofencingSubscriptionList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- geofencing-subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: get
operationId: retrieveGeofencingSubscription
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- geofencing-subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: delete
operationId: deleteGeofencingSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- geofencing-subscriptions:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve
method: post
operationId: retrieveLocation
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- location-retrieval:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /verify
method: post
operationId: verifyLocation
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- location-verification:verify
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve
method: post
operationId: getRoamingStatus
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- device-roaming-status:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /apps
method: post
operationId: submitApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- edge-application-management:apps:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /apps
method: get
operationId: getApps
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- edge-application-management:apps:read
token:
max-ttl: 3600
audit: none
- path: /apps/{appId}
method: get
operationId: getApp
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- edge-application-management:apps:read
token:
max-ttl: 3600
audit: none
- path: /apps/{appId}
method: delete
operationId: deleteApp
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- edge-application-management:apps:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /appinstances
method: post
operationId: createAppInstance
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- edge-application-management:instances:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /appinstances
method: get
operationId: getAppInstance
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- edge-application-management:instances:read
token:
max-ttl: 3600
audit: none
- path: /appinstances/{appInstanceId}
method: delete
operationId: deleteAppInstance
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
scope:
- edge-application-management:instances:delete
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /edge-cloud-zones
method: get
operationId: getEdgeCloudZones
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- edge-application-management:edge-cloud-zones:read
token:
max-ttl: 3600
audit: none
- path: /qos
method: put
operationId: setQos
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
scope:
- home-devices-qod:qos:write
- path: /match
method: post
operationId: KYC_Match
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- kyc-match:match
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /match
method: post
operationId: KYC_Match
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- kyc-match:match
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /verify
method: post
operationId: phoneNumberVerify
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- number-verification:verify
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /device-phone-number
method: get
operationId: phoneNumberShare
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- number-verification:device-phone-number:read
token:
max-ttl: 3600
audit: none
- path: /send-code
method: post
operationId: sendCode
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- one-time-password-sms:send-validate
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /validate-code
method: post
operationId: validateCode
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- one-time-password-sms:send-validate
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve
method: post
operationId: retrievePopulationDensity
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- population-density-data:read
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions
method: post
operationId: createSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- quality-on-demand:sessions:create
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions/{sessionId}
method: get
operationId: getSession
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- quality-on-demand:sessions:read
token:
max-ttl: 3600
audit: none
- path: /sessions/{sessionId}
method: delete
operationId: deleteSession
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- quality-on-demand:sessions:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /sessions/{sessionId}/extend
method: post
operationId: extendQosSessionDuration
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- quality-on-demand:sessions:update
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve-sessions
method: post
operationId: retrieveSessionsByDevice
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- quality-on-demand:sessions:retrieve-by-device
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve-date
method: post
operationId: retrieveSimSwapDate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap
- sim-swap:retrieve-date
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /check
method: post
operationId: checkSimSwap
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap
- sim-swap:check
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /retrieve-date
method: post
operationId: retrieveSimSwapDate
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap
- sim-swap:retrieve-date
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /check
method: post
operationId: checkSimSwap
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap
- sim-swap:check
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /edge-cloud-zones
method: get
operationId: readClosestEdgeCloudZone
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- simple-edge-discovery:edge-cloud-zones:read
token:
max-ttl: 3600
audit: none
- path: /short-message
method: post
operationId: send-sms
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- send-sms:short-message
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: post
operationId: createSMSDeliverySubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sms-delivery:subscriptions:create
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /subscriptions
method: get
operationId: retrieveSubscriptionList
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- sim-swap:subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: get
operationId: retrieveSubscription
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- sim-swap:subscriptions:read
token:
max-ttl: 3600
audit: none
- path: /subscriptions/{subscriptionId}
method: delete
operationId: deleteSubscription
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- sim-swap:subscriptions:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /traffic-influences
method: get
operationId: getTrafficInfluence
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- traffic-influence:traffic-influences:read
token:
max-ttl: 3600
audit: none
- path: /traffic-influences
method: post
operationId: postTrafficInfluence
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- traffic-influence:traffic-influences:write
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /traffic-influences/{trafficInfluenceID}
method: get
operationId: getAllTrafficInfluences
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- traffic-influence:traffic-influences:read
token:
max-ttl: 3600
audit: none
- path: /traffic-influences/{trafficInfluenceID}
method: patch
operationId: patchTrafficInfluence
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- traffic-influence:traffic-influences:update
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /traffic-influences/{trafficInfluenceID}
method: delete
operationId: deleteTrafficInfluence
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- traffic-influence:traffic-influences:delete
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required