KU Leuven Agentic Access
KU Leuven exposes 536 API operations that an AI agent could call, of which 254 are state-changing ‘acting’ operations. This is a recommended x-agentic-access execution contract — the scope, audience, consequence tier, short-lived token constraints, and escalation each action should carry before it is handed to an autonomous agent.
By consequence: 282 read, 243 write, 4 physical, and 7 safety-critical.
7 operations are classed safety-critical and should require human-in-the-loop approval at runtime.
Contracts are classified heuristically from the provider’s OpenAPI and refresh on every APIs.io network build; audience is bound per deployment. The model follows Curity’s Access Intelligence (apidays Munich 2026). Browse every provider’s agent contracts at agentic-access.apis.io.
By consequence
Highest-consequence actions
The physical and safety-critical operations an agent could invoke — the ones that most warrant scoped tokens, tight TTLs, and escalation. Full per-operation contracts are in the source below.
| Method | Path | Consequence | Human-in-loop |
|---|---|---|---|
| DELETE | /access/datafile/{id}/revokeAccess/{identifier} | safety-critical | required |
| DELETE | /admin/dataverse/{alias}/curationLabelSet | safety-critical | required |
| DELETE | /admin/dataverse/{alias}/storageDriver | safety-critical | required |
| DELETE | /datasets/{identifier}/curationLabelSet | safety-critical | required |
| DELETE | /datasets/{identifier}/guestbookEntryAtRequest | safety-critical | required |
| DELETE | /datasets/{identifier}/pidGenerator | safety-critical | required |
| DELETE | /datasets/{identifier}/storageDriver | safety-critical | required |
| POST | /admin/makeDataCount/sendToHub | physical | conditional |
| POST | /builtin-users/{password}/{key}/{sendEmailNotification} | physical | conditional |
| PUT | /licenses/{id}/:sortOrder/{sortOrder} | physical | conditional |
| POST | /sendfeedback | physical | conditional |
Source
Agentic Access
generated: '2026-07-15'
method: generated
source: openapi/ku-leuven-rdr.yaml
description: Recommended x-agentic-access execution contracts, classified heuristically from
the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind
audience per deployment. See research/curity/agentic-governance/.
summary:
operations: 536
by_action_class:
connected: 282
acting: 254
by_consequence:
read: 282
write: 243
safety-critical: 7
physical: 4
human_in_the_loop_required: 7
operations:
- path: /access/datafile/bundle/{fileId}
method: get
operationId: Access_datafileBundle
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{fileId}
method: get
operationId: Access_datafile
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{fileId}/auxiliary
method: get
operationId: Access_listDatafileMetadataAux
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{fileId}/auxiliary/{formatTag}/{formatVersion}
method: get
operationId: Access_downloadAuxiliaryFile
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{fileId}/auxiliary/{formatTag}/{formatVersion}
method: post
operationId: Access_saveAuxiliaryFileWithVersion
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /access/datafile/{fileId}/auxiliary/{formatTag}/{formatVersion}
method: delete
operationId: Access_deleteAuxiliaryFileWithVersion
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /access/datafile/{fileId}/auxiliary/{origin}
method: get
operationId: Access_listDatafileMetadataAuxByOrigin
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{fileId}/metadata
method: get
operationId: Access_tabularDatafileMetadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{fileId}/metadata/ddi
method: get
operationId: Access_tabularDatafileMetadataDDI
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{id}/grantAccess/{identifier}
method: put
operationId: Access_grantFileAccess
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /access/datafile/{id}/listRequests
method: get
operationId: Access_listFileAccessRequests
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{id}/rejectAccess/{identifier}
method: put
operationId: Access_rejectFileAccess
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /access/datafile/{id}/requestAccess
method: put
operationId: Access_requestFileAccess
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /access/datafile/{id}/revokeAccess/{identifier}
method: delete
operationId: Access_revokeFileAccess
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /access/datafile/{id}/userFileAccessRequested
method: get
operationId: Access_getUserFileAccessRequested
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafile/{id}/userPermissions
method: get
operationId: Access_getUserPermissionsOnFile
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/datafiles
method: post
operationId: Access_postDownloadDatafiles
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /access/datafiles/{fileIds}
method: get
operationId: Access_datafiles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/dataset/{id}
method: get
operationId: Access_downloadAllFromLatest
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/dataset/{id}/versions/{versionId}
method: get
operationId: Access_downloadAllFromVersion
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/dataverseFeaturedItemImage/{itemId}
method: get
operationId: Access_getDataverseFeatureItemImage
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/dsCardImage/{versionId}
method: get
operationId: Access_dsCardImage
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/dvCardImage/{dataverseId}
method: get
operationId: Access_dvCardImage
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/fileCardImage/{fileId}
method: get
operationId: Access_fileCardImage
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /access/{id}/allowAccessRequest
method: put
operationId: Access_allowAccessRequest
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/archiveAllUnarchivedDatasetVersions
method: post
operationId: Admin_archiveAllUnarchivedDatasetVersions
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/assignee/{idtf}
method: get
operationId: Admin_findRoleAssignee
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/assignments/assignees/{raIdtf}
method: get
operationId: Admin_getAssignmentsFor
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/authenticatedUsers
method: get
operationId: Admin_listAuthenticatedUsers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/authenticatedUsers
method: post
operationId: Admin_createAuthenicatedUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticatedUsers/convert/builtin2oauth
method: put
operationId: Admin_builtin2oauth
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticatedUsers/convert/builtin2shib
method: put
operationId: Admin_builtin2shib
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticatedUsers/id/{id}
method: delete
operationId: Admin_deleteAuthenticatedUserById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticatedUsers/id/{id}/convertRemoteToBuiltIn
method: put
operationId: Admin_convertOAuthUserToBuiltin
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticatedUsers/id/{id}/convertShibToBuiltIn
method: put
operationId: Admin_convertShibUserToBuiltin
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticatedUsers/id/{id}/deactivate
method: post
operationId: Admin_deactivateAuthenticatedUserById
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticatedUsers/{identifier}
method: get
operationId: Admin_getAuthenticatedUserByIdentifier
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/authenticatedUsers/{identifier}
method: delete
operationId: Admin_deleteAuthenticatedUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticatedUsers/{identifier}/deactivate
method: post
operationId: Admin_deactivateAuthenticatedUser
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticationProviderFactories
method: get
operationId: Admin_listAuthProviderFactories
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/authenticationProviders
method: get
operationId: Admin_listAuthProviders
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/authenticationProviders
method: post
operationId: Admin_addProvider
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticationProviders/{id}
method: get
operationId: Admin_showProvider
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/authenticationProviders/{id}
method: delete
operationId: Admin_deleteAuthenticationProvider
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticationProviders/{id}/:enabled
method: post
operationId: Admin_enableAuthenticationProvider_deprecated
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/authenticationProviders/{id}/enabled
method: get
operationId: Admin_checkAuthenticationProviderEnabled
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/authenticationProviders/{id}/enabled
method: put
operationId: Admin_enableAuthenticationProvider
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/bannerMessage
method: get
operationId: Admin_getBannerMessages
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/bannerMessage
method: post
operationId: Admin_addBannerMessage
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/bannerMessage/{id}
method: delete
operationId: Admin_deleteBannerMessage
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/bannerMessage/{id}/deactivate
method: put
operationId: Admin_deactivateBannerMessage
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/batch/jobs
method: get
operationId: BatchJobResource_listBatchJobs
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/batch/jobs/name/{jobName}
method: get
operationId: BatchJobResource_listBatchJobsByName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/batch/jobs/{jobId}
method: get
operationId: BatchJobResource_listBatchJobById
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/clearMetricsCache
method: delete
operationId: Admin_clearMetricsCache
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/clearMetricsCache/{name}
method: delete
operationId: Admin_clearMetricsCacheByName
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/clearThumbnailFailureFlag
method: delete
operationId: Admin_clearThumbnailFailureFlag
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/clearThumbnailFailureFlag/{id}
method: delete
operationId: Admin_clearThumbnailFailureFlagByDatafile
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/computeDataFileHashValue/{fileId}/algorithm/{alg}
method: post
operationId: Admin_computeDataFileHashValue
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/confirmEmail/{userId}
method: get
operationId: Admin_getConfirmEmailToken
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/confirmEmail/{userId}
method: post
operationId: Admin_startConfirmEmailProcess
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/convertUserFromBcryptToSha1
method: post
operationId: Admin_convertUserFromBcryptToSha1
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/datafiles/auditFiles
method: get
operationId: Admin_getAuditFiles
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/datafiles/integrity/fixmissingoriginalsizes
method: get
operationId: Admin_fixMissingOriginalSizes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/datafiles/integrity/fixmissingoriginaltypes
method: get
operationId: Admin_fixMissingOriginalTypes
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/datasetfield
method: get
operationId: DatasetFieldServiceApi_getAll
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/datasetfield/controlledVocabulary/subject
method: get
operationId: DatasetFieldServiceApi_showControlledVocabularyForSubject
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/datasetfield/load
method: post
operationId: DatasetFieldServiceApi_loadDatasetFields
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/datasetfield/loadNAControlledVocabularyValue
method: get
operationId: DatasetFieldServiceApi_loadNAControlledVocabularyValue
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/datasetfield/loadpropertyfiles
method: post
operationId: DatasetFieldServiceApi_loadLanguagePropertyFile
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/datasetfield/setDisplayOnCreate
method: post
operationId: DatasetFieldServiceApi_setDisplayOnCreate
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/datasetfield/{name}
method: get
operationId: DatasetFieldServiceApi_getByName
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/datasets/integrity/{datasetVersionId}/fixmissingunf
method: post
operationId: Admin_fixUnf
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/datasets/thumbnailMetadata/{id}
method: get
operationId: Admin_getDatasetThumbnailMetadata
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/dataverse/curationLabelSets
method: get
operationId: Admin_listCurationLabelSets
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/dataverse/storageDrivers
method: get
operationId: Admin_listStorageDrivers
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/dataverse/{alias}/addRoleAssignmentsToChildren
method: get
operationId: Admin_addRoleAssignementsToChildren
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/dataverse/{alias}/curationLabelSet
method: get
operationId: Admin_getCurationLabelSet
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/dataverse/{alias}/curationLabelSet
method: put
operationId: Admin_setCurationLabelSet
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/dataverse/{alias}/curationLabelSet
method: delete
operationId: Admin_resetCurationLabelSet
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /admin/dataverse/{alias}/storageDriver
method: get
operationId: Admin_getStorageDriver
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/dataverse/{alias}/storageDriver
method: put
operationId: Admin_setStorageDriver
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/dataverse/{alias}/storageDriver
method: delete
operationId: Admin_resetStorageDriver
x-agentic-access:
action-class: acting
consequence: safety-critical
subject: required
audience: null
token:
max-ttl: 120
exchange: true
purpose-required: true
proof-of-possession: true
escalation:
human-in-the-loop: required
audit: required
- path: /admin/downloadTmpFile
method: get
operationId: Admin_downloadTmpFile
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/externalTools
method: get
operationId: ExternalTools_getExternalTools
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/externalTools
method: post
operationId: ExternalTools_addExternalTool
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/externalTools/{id}
method: get
operationId: ExternalTools_getExternalTool
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/externalTools/{id}
method: delete
operationId: ExternalTools_deleteExternalTool
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/featureFlags
method: get
operationId: Admin_getFeatureFlags
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/featureFlags/{flag}
method: get
operationId: Admin_getFeatureFlag
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/feedback
method: post
operationId: FeedbackApi_submitFeedback
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/groups/domain
method: get
operationId: Groups_listMailDomainGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/groups/domain
method: post
operationId: Groups_createMailDomainGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/groups/domain/{groupAlias}
method: get
operationId: Groups_getMailDomainGroup
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/groups/domain/{groupAlias}
method: put
operationId: Groups_updateMailDomainGroups
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/groups/domain/{groupAlias}
method: delete
operationId: Groups_deleteMailDomainGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/groups/ip
method: get
operationId: Groups_listIpGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/groups/ip
method: post
operationId: Groups_postIpGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/groups/ip/{group}
method: get
operationId: Groups_getIpGroup
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/groups/ip/{group}
method: put
operationId: Groups_putIpGroups
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/groups/ip/{group}
method: delete
operationId: Groups_deleteIpGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/groups/shib
method: get
operationId: Groups_listShibGroups
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/groups/shib
method: post
operationId: Groups_createShibGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/groups/shib/{primaryKey}
method: delete
operationId: Groups_deleteShibGroup
x-agentic-access:
action-class: acting
consequence: write
subject: required
audience: null
token:
max-ttl: 900
escalation:
human-in-the-loop: conditional
triggers:
- abnormal
- high-value
audit: required
- path: /admin/index
method: get
operationId: Index_indexAllOrSubset
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/index/clear
method: get
operationId: Index_clearSolrIndex
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/index/clear-orphans
method: get
operationId: Index_clearOrphans
x-agentic-access:
action-class: connected
consequence: read
subject: optional
token:
max-ttl: 3600
audit: none
- path: /admin/index/con
# --- truncated at 32 KB (156 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/ku-leuven/refs/heads/main/agentic-access/ku-leuven-agentic-access.yml