Gravitee · Agentic Access

Gravitee Agentic Access

x-agentic-access generated

Gravitee exposes 381 API operations that an AI agent could call, of which 193 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.

By consequence: 188 read, 176 write, 6 physical, and 11 safety-critical.

11 operations are classed safety-critical and should require human-in-the-loop approval at runtime.

Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.

API GatewayAPI ManagementAccess ManagementIdentityEvent-DrivenEvent ManagementKafka GatewayKafkaMQTTGraphQLgRPCAI GatewayMCPA2ALLM ProxyMulti-Gateway FederationDeveloper PortalOpen SourceApache 2.0
Operations: 381 Acting: 193 Human-in-the-loop: 11 Method: generated

By consequence

read 188 write 176 physical 6 safety-critical 11

Highest-consequence actions

The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.

MethodPathConsequenceHuman-in-loop
POST /environments/{envId}/apis/{apiId}/_stop safety-critical required
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/groups/{group}/roles/{role} safety-critical required
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/users/{user}/cert-credentials/{credential} safety-critical required
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/users/{user}/consents safety-critical required
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/users/{user}/consents/{consent} safety-critical required
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/users/{user}/credentials/{credential} safety-critical required
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/users/{user}/factors/{factor} safety-critical required
POST /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/users/{user}/resetPassword safety-critical required
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/users/{user}/roles/{role} safety-critical required
POST /organizations/{organizationId}/users/{user}/resetPassword safety-critical required
DELETE /organizations/{organizationId}/users/{user}/tokens/{tokenId} safety-critical required
POST /environments/{envId}/apis/{apiId}/_deploy physical conditional
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/members/{member} physical conditional
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/members/{member} physical conditional
DELETE /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/protected-resources/{protected-resource}/members/{member} physical conditional
POST /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/users/{user}/sendRegistrationConfirmation physical conditional
DELETE /organizations/{organizationId}/members/{member} physical conditional

Source

Agentic Access

Raw ↑
generated: '2026-07-15'
method: generated
source: openapi/gravitee-am-openapi.yml, openapi/gravitee-apim-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
  the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
  audience per deployment. See research/curity/agentic-governance/.
summary:
  operations: 381
  by_action_class:
    connected: 188
    acting: 193
  by_consequence:
    read: 188
    write: 176
    physical: 6
    safety-critical: 11
  human_in_the_loop_required: 11
operations:
- path: /organizations/{organizationId}/audits
  method: get
  operationId: listOrganizationAudits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/audits/{audit}
  method: get
  operationId: getOrganizationAudit
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/entrypoints
  method: get
  operationId: listEntrypoints
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/entrypoints
  method: post
  operationId: createEntrypoint
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/entrypoints/{entrypointId}
  method: get
  operationId: getEntrypoint
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/entrypoints/{entrypointId}
  method: put
  operationId: updateEntrypoint
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/entrypoints/{entrypointId}
  method: delete
  operationId: deleteEntrypoint
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments
  method: get
  operationId: listEnvironments
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/data-planes
  method: get
  operationId: listDataPlanes
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/data-sources
  method: get
  operationId: listAllDataSources
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains
  method: get
  operationId: listDomains
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains
  method: post
  operationId: createDomain
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/_hrid/{hrid}
  method: get
  operationId: findDomainByHrid
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}
  method: get
  operationId: findDomain
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}
  method: put
  operationId: updateDomain
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}
  method: delete
  operationId: deleteDomain
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}
  method: patch
  operationId: patchDomain
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/alerts/notifiers
  method: get
  operationId: listAlertNotifiers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/alerts/notifiers
  method: post
  operationId: createAlertNotifier
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/alerts/notifiers/{notifierId}
  method: get
  operationId: getAlertNotifier
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/alerts/notifiers/{notifierId}
  method: delete
  operationId: deleteAlertNotifier
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/alerts/notifiers/{notifierId}
  method: patch
  operationId: patchAlertNotifier
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/alerts/triggers
  method: get
  operationId: listAlertTriggers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/alerts/triggers
  method: patch
  operationId: updateAlertTriggers
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/analytics
  method: get
  operationId: findDomainAnalytics
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications
  method: get
  operationId: listApplications
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications
  method: post
  operationId: createApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}
  method: get
  operationId: findApplication
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}
  method: put
  operationId: updateApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}
  method: delete
  operationId: deleteApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}
  method: patch
  operationId: patchApplication
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/analytics
  method: get
  operationId: getApplicationAnalytics
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/emails
  method: get
  operationId: findApplicationEmail
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/emails
  method: post
  operationId: createApplicationEmail
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/emails/{email}
  method: put
  operationId: updateApplicationEmail
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/emails/{email}
  method: delete
  operationId: deleteApplicationEmail
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/flows
  method: get
  operationId: listAppFlows
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/flows
  method: put
  operationId: defineAppFlows
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/flows/{flow}
  method: get
  operationId: getAppFlow
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/flows/{flow}
  method: put
  operationId: updateAppFlow
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/forms
  method: get
  operationId: findApplicationForm
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/forms
  method: post
  operationId: createApplicationForm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/forms/{form}
  method: put
  operationId: updateApplicationForm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/forms/{form}
  method: delete
  operationId: deleteApplicationForm
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/members
  method: get
  operationId: getMembers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/members
  method: post
  operationId: addOrUpdateMember
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/members/permissions
  method: get
  operationId: getApplicationMemberPermissions
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/members/{member}
  method: delete
  operationId: removeApplicationMember
  x-agentic-access:
    action-class: acting
    consequence: physical
    subject: required
    audience: null
    token:
      max-ttl: 300
      exchange: true
      purpose-required: true
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/resources
  method: get
  operationId: listApplicationResources
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/resources/{resource}
  method: get
  operationId: getApplicationResource
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/resources/{resource}/policies
  method: get
  operationId: listApplicationPolicies
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/resources/{resource}/policies/{policy}
  method: get
  operationId: getApplicationResourcePolicy
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/secrets
  method: get
  operationId: listSecrets
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/secrets
  method: post
  operationId: createSecret
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/secrets/{secret}
  method: delete
  operationId: deleteClientSecret
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/secrets/{secret}/_renew
  method: post
  operationId: renewClientSecret
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/applications/{application}/type
  method: put
  operationId: updateApplicationType
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/audits
  method: get
  operationId: listDomainAudits
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/audits/{audit}
  method: get
  operationId: getDomainAudit
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/auth-device-notifiers
  method: get
  operationId: listAuthenticationDeviceNotifiers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/auth-device-notifiers
  method: post
  operationId: createAuthenticationDeviceNotifier
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/auth-device-notifiers/{authDeviceNotifier}
  method: get
  operationId: getAuthenticationDeviceNotifier
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/auth-device-notifiers/{authDeviceNotifier}
  method: put
  operationId: updateAuthenticationDeviceNotifier
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/auth-device-notifiers/{authDeviceNotifier}
  method: delete
  operationId: deleteAuthenticationDeviceNotifier
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/authorization-engines
  method: get
  operationId: listAuthorizationEngines
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/authorization-engines
  method: post
  operationId: createAuthorizationEngine
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/authorization-engines/{engineId}
  method: get
  operationId: findAuthorizationEngine
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/authorization-engines/{engineId}
  method: put
  operationId: updateAuthorizationEngine
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/authorization-engines/{engineId}
  method: delete
  operationId: deleteAuthorizationEngine
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/bot-detections
  method: get
  operationId: listBotDetections
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/bot-detections
  method: post
  operationId: createBotDetection
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/bot-detections/{botDetection}
  method: get
  operationId: getBotDetection
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/bot-detections/{botDetection}
  method: put
  operationId: updateBotDetection
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/bot-detections/{botDetection}
  method: delete
  operationId: deleteBotDetection
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificate-settings
  method: put
  operationId: updateDomainCertificateSettings
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificates
  method: get
  operationId: listCertificates
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificates
  method: post
  operationId: createCertificate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificates/rotate
  method: post
  operationId: rotateCertificate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificates/{certificate}
  method: get
  operationId: findCertificate
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificates/{certificate}
  method: put
  operationId: updateCertificate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificates/{certificate}
  method: delete
  operationId: deleteCertificate
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificates/{certificate}/key
  method: get
  operationId: getCertificatePublicKey
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/certificates/{certificate}/keys
  method: get
  operationId: getCertificatePublicKeys
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/cimd/applications
  method: post
  operationId: createApplicationFromCimd
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/cimd/validate
  method: post
  operationId: validateCimdUrl
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/device-identifiers
  method: get
  operationId: listDeviceIdentifiers
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/device-identifiers
  method: post
  operationId: createDeviceIdentifier
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation:
      human-in-the-loop: conditional
      triggers:
      - abnormal
      - high-value
    audit: required
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/device-identifiers/{deviceIdentifier}
  method: get
  operationId: getDeviceIdentifier
  x-agentic-access:
    action-class: connected
    consequence: read
    subject: optional
    token:
      max-ttl: 3600
    audit: none
- path: /organizations/{organizationId}/environments/{environmentId}/domains/{domain}/device-identifiers/{deviceIdentifier}
  method: put
  operationId: updateDeviceIdentifier
  x-agentic-access:
    action-class: acting
    consequence: write
    subject: required
    audience: null
    token:
      max-ttl: 900
    escalation

# --- truncated at 32 KB (125 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/gravitee/refs/heads/main/agentic-access/gravitee-agentic-access.yml