Ironclad Agentic Access
Ironclad exposes 98 API operations that an AI agent could call, of which 53 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 45 read, 48 write, and 5 physical.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| PATCH | /Groups/{groupId} | physical | conditional |
| POST | /workflows/{id}/sign-status/scheduled-send | physical | conditional |
| PATCH | /workflows/{id}/sign-status/scheduled-send | physical | conditional |
| DELETE | /workflows/{id}/sign-status/scheduled-send | physical | conditional |
| POST | /workflows/{id}/sign-status/send-signature-request | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/ironclad-oauth-20-api-openapi.yml, openapi/ironclad-public-api-openapi.yml,
openapi/ironclad-scim-api-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 98
by_action_class:
connected: 45
acting: 53
by_consequence:
read: 45
write: 48
physical: 5
human_in_the_loop_required: 0
operations:
- path: /authorize
method: get
operationId: oauth-authorize
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /token
method: post
operationId: oauth-token
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /company-info
method: get
operationId: oauth-company-info
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /userinfo
method: get
operationId: oauth-userinfo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /workflows
method: post
operationId: launch-a-new-workflow
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.createWorkflows
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows
method: get
operationId: list-all-workflows
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readWorkflows
token:
max-ttl: 3600
audit: none
- path: /workflows/async
method: post
operationId: create-a-new-workflow-async
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.createWorkflows
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/async/{asyncJobId}
method: get
operationId: retrieve-asynchronous-workflow-status
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.createWorkflows
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}
method: get
operationId: retrieve-a-workflow
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readWorkflows
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/approvals
method: get
operationId: list-all-workflow-approvals
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readApprovals
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/approval-requests
method: get
operationId: approval-requests
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readApprovals
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/approvals/{roleId}
method: patch
operationId: update-workflow-approval
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.updateApprovals
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/turn-history
method: get
operationId: turn-history
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readTurnHistory
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/sign-status
method: get
operationId: get-sign-status
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readSignStatus
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/sign-status/send-signature-request
method: post
operationId: send-signature-request
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- public.workflows.sendSignatureRequests
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/sign-status/scheduled-send
method: post
operationId: schedule-send-signature-request
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- public.workflows.scheduleSendSignatureRequest
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/sign-status/scheduled-send
method: patch
operationId: update-scheduled-signature-request
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- public.workflows.updateScheduledSignatureRequest
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/sign-status/scheduled-send
method: delete
operationId: delete-scheduled-signature-request
x-agentic-access:
action-class: acting
consequence: physical
subject: required
scope:
- public.workflows.deleteScheduledSignatureRequest
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/sign-status/cancel-signature-request
method: post
operationId: cancel-signature-request
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.cancelSignatureRequests
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/sign-status/signers/{signerRoleName}
method: patch
operationId: update-signer
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.updateSigners
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/sign-status/signers/{signerRoleName}
method: delete
operationId: delete-signer
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.deleteSigners
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/sign-status/signers/{signerRoleName}/remind
method: post
operationId: remind-signer
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.remindSigners
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/signatures
method: get
operationId: list-all-workflow-signers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readSignatures
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/signatures/recipient-urls
method: post
operationId: create-recipient-url
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.createSignatureRecipientUrls
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/signatures/recipient-urls/embedded
method: post
operationId: create-embeddable-recipient-url
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.createEmbeddableSignerUrls
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/upload-signed
method: post
operationId: workflow-upload-signed-document
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.uploadSignedDocuments
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/participants
method: get
operationId: list-all-workflow-participants
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readParticipants
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/roles/{roleName}
method: patch
operationId: update-workflow-role-assignment
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.updateRoleAssignment
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/roles/{roleName}/eligible-assignees
method: get
operationId: list-workflow-role-eligible-assignees
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readRoleAssignees
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/revert-to-review
method: patch
operationId: revert-to-review
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.revertToReview
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/cancel
method: post
operationId: cancel-a-workflow
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.cancel
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/pause
method: post
operationId: pause-a-workflow
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.pauseAndResume
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/resume
method: post
operationId: resume-a-workflow
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.pauseAndResume
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/comment
method: post
operationId: deprecated-create-a-comment-on-a-workflow
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.createComments
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/comments
method: post
operationId: create-a-comment-on-a-workflow
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.createComments
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/comments
method: get
operationId: list-all-comments-in-a-workflow
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readComments
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/comments/{commentId}
method: get
operationId: list-a-comment-from-a-workflow
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readComments
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/attributes
method: patch
operationId: update-workflow-metadata
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.updateWorkflows
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/documents
method: get
operationId: retrieve-workflow-documents
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readDocuments
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/signature-packet
method: patch
operationId: update-workflow-signature-packet
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.updateSignaturePacket
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/documents/{attributeId}
method: post
operationId: create-a-workflow-document
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.workflows.createDocuments
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /workflows/{id}/document/{key}/download
method: get
operationId: retrieve-a-workflow-document
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readDocuments
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/emails
method: get
operationId: retrieve-email-threads-from-workflow
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readEmailCommunications
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/emails/{emailThreadId}
method: get
operationId: retrieve-email-thread-from-workflow
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readEmailCommunications
token:
max-ttl: 3600
audit: none
- path: /workflows/{id}/emails/{emailThreadId}/attachments/{attachmentId}
method: get
operationId: retrieve-attachment-from-email-thread
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readEmailCommunications
token:
max-ttl: 3600
audit: none
- path: /workflow-schemas
method: get
operationId: list-all-workflow-schemas
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readSchemas
token:
max-ttl: 3600
audit: none
- path: /workflow-schemas/{id}
method: get
operationId: retrieve-a-workflow-schema
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.workflows.readSchemas
token:
max-ttl: 3600
audit: none
- path: /records
method: get
operationId: list-all-records
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.records.readRecords
token:
max-ttl: 3600
audit: none
- path: /records
method: post
operationId: create-a-record
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.createRecords
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/attachments/download-urls
method: post
operationId: create-attachment-download-urls
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.readAttachments
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/attachments/download-urls/{jobId}
method: get
operationId: get-attachment-download-urls-status
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.records.readAttachments
token:
max-ttl: 3600
audit: none
- path: /records/smart-import
method: get
operationId: retrieve-import-predictions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.records.readSmartImportRecords
token:
max-ttl: 3600
audit: none
- path: /records/smart-import
method: post
operationId: create-a-smart-import-record
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.createSmartImportRecords
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/smart-import/{importId}
method: post
operationId: create-a-smart-import-record-to-import
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.createSmartImportRecords
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/{id}
method: get
operationId: retrieve-a-record
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.records.readRecords
token:
max-ttl: 3600
audit: none
- path: /records/{id}
method: put
operationId: replace-a-record
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.updateRecords
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/{id}
method: delete
operationId: delete-a-record
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.deleteRecords
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/{id}
method: patch
operationId: update-record-metadata
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.updateRecords
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/metadata
method: get
operationId: list-all-records-metadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.records.readSchemas
token:
max-ttl: 3600
audit: none
- path: /records/{id}/attachments/{key}
method: post
operationId: create-an-attachment-on-a-record
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.createAttachments
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/{id}/attachments/{key}
method: get
operationId: retrieve-an-attachment-on-a-record
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.records.readAttachments
token:
max-ttl: 3600
audit: none
- path: /records/{id}/attachments/{key}
method: delete
operationId: delete-an-attachment-on-a-record
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.deleteAttachments
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/{id}/actions
method: post
operationId: run-an-action-on-a-record
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.applyContractAction
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /records/export
method: get
operationId: retrieve-xlsx-export-file-of-all-records
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.records.readRecords
token:
max-ttl: 3600
audit: none
- path: /webhooks
method: post
operationId: create-a-webhook
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.webhooks.createWebhooks
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /webhooks
method: get
operationId: list-all-webhooks
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.webhooks.readWebhooks
token:
max-ttl: 3600
audit: none
- path: /webhooks/{id}
method: get
operationId: retrieve-a-webhook
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.webhooks.readWebhooks
token:
max-ttl: 3600
audit: none
- path: /webhooks/{id}
method: patch
operationId: update-a-webhook
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.webhooks.updateWebhooks
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /webhooks/{id}
method: delete
operationId: delete-a-webhook
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.webhooks.deleteWebhooks
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /webhooks/verification-key
method: get
operationId: retrieve-webhook-verification-key
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /exports
method: post
operationId: export
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.export.createReports
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /exports/{jobId}
method: get
operationId: export-job
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.export.readReports
token:
max-ttl: 3600
audit: none
- path: /exports/{jobId}/download
method: get
operationId: export-job-download
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.export.readReports
token:
max-ttl: 3600
audit: none
- path: /entities/relationship-types
method: get
operationId: get-all-entity-relationship-types
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.entities.readRelationshipTypes
token:
max-ttl: 3600
audit: none
- path: /entities
method: get
operationId: list-all-entities
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.entities.readEntities
token:
max-ttl: 3600
audit: none
- path: /entities
method: post
operationId: create-an-entity
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.entities.createEntities
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /entities/{id}
method: get
operationId: retrieve-an-entity
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.entities.readEntities
token:
max-ttl: 3600
audit: none
- path: /entities/{id}
method: patch
operationId: update-an-entity
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.entities.updateEntities
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /entities/{id}
method: delete
operationId: delete-an-entity
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.entities.deleteEntities
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /obligations
method: get
operationId: list-all-obligations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.obligations.readObligations
token:
max-ttl: 3600
audit: none
- path: /obligations
method: post
operationId: create-an-obligation
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.obligations.createObligations
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /obligations/{id}
method: get
operationId: retrieve-an-obligation
x-agentic-access:
action-class: connected
consequence: read
subject: optional
scope:
- public.obligations.readObligations
token:
max-ttl: 3600
audit: none
- path: /obligations/{id}
method: patch
operationId: update-an-obligation
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.obligations.updateObligations
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /search/conversational
method: post
operationId: run-conversational-search
x-agentic-access:
action-class: acting
consequence: write
subject: required
scope:
- public.records.readRecords
- public.search.conversational
- public.workflows.readWorkflows
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /Users
method: get
operationId: retrieve-all-users
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /Users
method: post
operationId: create-a-user
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /Users/{userId}
method: get
operationId: retrieve-a-user
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /Users/{userId}
method: patch
operationId: update-user-data
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /Users/{userId}
method: put
operationId: replace-a-user
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /Users/{userId}
method: delete
operationId: delete-a-user
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /Groups
method: get
operationId: retrieve-all-groups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /Groups
method: post
operationId: create-a-group
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /Groups/{groupId}
method: get
operationId: retrieve-a-group
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /Groups/{groupId}
method: patch
operationId: update-group-membership
x-agentic-access:
action-class: acting
consequence: physical
subject: required
audience: null
token:
max-ttl: 300
exchange: true
purpose-required: true
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /Groups/{groupId}
method: put
operationId: replace-a-group
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
# --- truncated at 32 KB (32 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/ironclad/refs/heads/main/agentic-access/ironclad-agentic-access.yml