Kinde Agentic Access
Kinde exposes 175 API operations that an AI agent could call, of which 111 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 64 read, 99 write, and 12 safety-critical.
12 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| POST | /api/v1/connected_apps/revoke | safety-critical | required |
| DELETE | /api/v1/environment/feature_flags | safety-critical | required |
| PATCH | /api/v1/environment/feature_flags/{feature_flag_key} | safety-critical | required |
| DELETE | /api/v1/environment/feature_flags/{feature_flag_key} | safety-critical | required |
| DELETE | /api/v1/organizations/{org_code}/feature_flags | safety-critical | required |
| PATCH | /api/v1/organizations/{org_code}/feature_flags/{feature_flag_key} | safety-critical | required |
| DELETE | /api/v1/organizations/{org_code}/feature_flags/{feature_flag_key} | safety-critical | required |
| DELETE | /api/v1/organizations/{org_code}/users/{user_id}/mfa | safety-critical | required |
| DELETE | /api/v1/organizations/{org_code}/users/{user_id}/mfa/{factor_id} | safety-critical | required |
| PATCH | /api/v1/users/{user_id}/feature_flags/{feature_flag_key} | safety-critical | required |
| DELETE | /api/v1/users/{user_id}/mfa | safety-critical | required |
| DELETE | /api/v1/users/{user_id}/mfa/{factor_id} | safety-critical | required |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/kinde-so-openapi.yml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 175
by_action_class:
connected: 64
acting: 111
by_consequence:
read: 64
write: 99
safety-critical: 12
human_in_the_loop_required: 12
operations:
- path: /api/v1/api_keys
method: get
operationId: getApiKeys
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/api_keys
method: post
operationId: createApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/api_keys/{key_id}
method: get
operationId: getApiKey
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/api_keys/{key_id}
method: put
operationId: rotateApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/api_keys/{key_id}
method: delete
operationId: deleteApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/api_keys/verify
method: post
operationId: verifyApiKey
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apis
method: get
operationId: getAPIs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/apis
method: post
operationId: addAPIs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apis/{api_id}
method: get
operationId: getAPI
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/apis/{api_id}
method: delete
operationId: deleteAPI
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apis/{api_id}/scopes
method: get
operationId: getAPIScopes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/apis/{api_id}/scopes
method: post
operationId: addAPIScope
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apis/{api_id}/scopes/{scope_id}
method: get
operationId: getAPIScope
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/apis/{api_id}/scopes/{scope_id}
method: patch
operationId: updateAPIScope
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apis/{api_id}/scopes/{scope_id}
method: delete
operationId: deleteAPIScope
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apis/{api_id}/applications
method: patch
operationId: updateAPIApplications
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apis/{api_id}/applications/{application_id}/scopes/{scope_id}
method: post
operationId: addAPIApplicationScope
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/apis/{api_id}/applications/{application_id}/scopes/{scope_id}
method: delete
operationId: deleteAPIApplicationScope
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications
method: get
operationId: getApplications
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/applications
method: post
operationId: createApplication
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{application_id}
method: get
operationId: getApplication
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/applications/{application_id}
method: patch
operationId: updateApplication
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{application_id}
method: delete
operationId: deleteApplication
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{application_id}/connections
method: get
operationId: GetApplicationConnections
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/applications/{application_id}/connections/{connection_id}
method: post
operationId: EnableConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{application_id}/connections/{connection_id}
method: delete
operationId: RemoveConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{application_id}/properties
method: get
operationId: getApplicationPropertyValues
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/applications/{application_id}/properties/{property_key}
method: put
operationId: updateApplicationsProperty
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{application_id}/tokens
method: patch
operationId: updateApplicationTokens
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/billing/entitlements
method: get
operationId: getBillingEntitlements
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/billing/agreements
method: get
operationId: getBillingAgreements
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/billing/agreements
method: post
operationId: createBillingAgreement
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/billing/meter_usage
method: post
operationId: createMeterUsageRecord
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/business
method: get
operationId: getBusiness
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/business
method: patch
operationId: updateBusiness
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/industries
method: get
operationId: getIndustries
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/timezones
method: get
operationId: getTimezones
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/applications/{app_id}/auth_redirect_urls
method: get
operationId: getCallbackURLs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/applications/{app_id}/auth_redirect_urls
method: post
operationId: addRedirectCallbackURLs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{app_id}/auth_redirect_urls
method: put
operationId: replaceRedirectCallbackURLs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{app_id}/auth_redirect_urls
method: delete
operationId: deleteCallbackURLs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{app_id}/auth_logout_urls
method: get
operationId: getLogoutURLs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/applications/{app_id}/auth_logout_urls
method: post
operationId: addLogoutRedirectURLs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{app_id}/auth_logout_urls
method: put
operationId: replaceLogoutRedirectURLs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/applications/{app_id}/auth_logout_urls
method: delete
operationId: deleteLogoutURLs
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/connected_apps/auth_url
method: get
operationId: GetConnectedAppAuthUrl
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/connected_apps/token
method: get
operationId: GetConnectedAppToken
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/connected_apps/revoke
method: post
operationId: RevokeConnectedAppToken
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/connections
method: get
operationId: GetConnections
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/connections
method: post
operationId: CreateConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/connections/{connection_id}
method: get
operationId: GetConnection
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/connections/{connection_id}
method: put
operationId: ReplaceConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/connections/{connection_id}
method: patch
operationId: UpdateConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/connections/{connection_id}
method: delete
operationId: deleteConnection
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/directories
method: get
operationId: getDirectories
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/directories
method: post
operationId: createDirectory
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/directories/{directory_id}
method: get
operationId: getDirectory
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/directories/{directory_id}
method: patch
operationId: updateDirectory
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/directories/{directory_id}
method: delete
operationId: deleteDirectory
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/environment
method: get
operationId: getEnvironment
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/environment/feature_flags
method: get
operationId: GetEnvironementFeatureFlags
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/environment/feature_flags
method: delete
operationId: DeleteEnvironementFeatureFlagOverrides
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/environment/feature_flags/{feature_flag_key}
method: patch
operationId: UpdateEnvironementFeatureFlagOverride
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/environment/feature_flags/{feature_flag_key}
method: delete
operationId: DeleteEnvironementFeatureFlagOverride
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /api/v1/environment/logos
method: get
operationId: ReadLogo
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/environment/logos/{type}
method: put
operationId: AddLogo
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/environment/logos/{type}
method: delete
operationId: DeleteLogo
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/environment_variables
method: get
operationId: getEnvironmentVariables
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/environment_variables
method: post
operationId: createEnvironmentVariable
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/environment_variables/{variable_id}
method: get
operationId: getEnvironmentVariable
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/environment_variables/{variable_id}
method: patch
operationId: updateEnvironmentVariable
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/environment_variables/{variable_id}
method: delete
operationId: deleteEnvironmentVariable
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/feature_flags
method: post
operationId: CreateFeatureFlag
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/feature_flags/{feature_flag_key}
method: put
operationId: UpdateFeatureFlag
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/feature_flags/{feature_flag_key}
method: delete
operationId: DeleteFeatureFlag
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/identities/{identity_id}
method: get
operationId: GetIdentity
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/identities/{identity_id}
method: patch
operationId: UpdateIdentity
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/identities/{identity_id}
method: delete
operationId: DeleteIdentity
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organization/{org_code}/invites
method: get
operationId: getOrganizationInvites
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organization/{org_code}/invites
method: post
operationId: createOrganizationInvite
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organization/{org_code}/invites/{invite_code}
method: get
operationId: getOrganizationInvite
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organization/{org_code}/invites/{invite_code}
method: delete
operationId: deleteOrganizationInvite
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/mfa
method: put
operationId: ReplaceMFA
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organization
method: get
operationId: getOrganization
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organization
method: post
operationId: createOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations
method: get
operationId: getOrganizations
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organization/{org_code}
method: patch
operationId: updateOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organization/{org_code}
method: delete
operationId: deleteOrganization
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users
method: get
operationId: GetOrganizationUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organizations/{org_code}/users
method: post
operationId: AddOrganizationUsers
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users
method: patch
operationId: UpdateOrganizationUsers
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users/{user_id}/roles
method: get
operationId: GetOrganizationUserRoles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organizations/{org_code}/users/{user_id}/roles
method: post
operationId: CreateOrganizationUserRole
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users/{user_id}/roles/{role_id}
method: delete
operationId: DeleteOrganizationUserRole
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/roles/{role_id}/users
method: get
operationId: GetOrganizationRoleUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organizations/{org_code}/users/{user_id}/permissions
method: get
operationId: GetOrganizationUserPermissions
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organizations/{org_code}/users/{user_id}/permissions
method: post
operationId: CreateOrganizationUserPermission
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users/{user_id}/permissions/{permission_id}
method: delete
operationId: DeleteOrganizationUserPermission
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users/{user_id}
method: delete
operationId: RemoveOrganizationUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users/{user_id}/apis/{api_id}/scopes/{scope_id}
method: post
operationId: addOrganizationUserAPIScope
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users/{user_id}/apis/{api_id}/scopes/{scope_id}
method: delete
operationId: deleteOrganizationUserAPIScope
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /api/v1/organizations/{org_code}/users/{user_id}/mfa
method: get
operationId: GetOrgUserMFA
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /api/v1/organizations/{org_code}/users/{user_id}/mfa
method: delete
operationId: ResetOrgUserMFAAll
x-agentic-access:
action-class: acting
consequence: saf
# --- truncated at 32 KB (54 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/kinde-so/refs/heads/main/agentic-access/kinde-so-agentic-access.yml