Coveo · Capability
Coveo Authorization Server API — Groups
Coveo Authorization Server API — Groups. 6 operations. Lead operation: List Groups. Self-contained Naftiko capability covering one Coveo business surface.
What You Can Do
GET
Getgroups
— List Groups
/v1/organizations/{organizationid}/groups
POST
Creategroup
— Create Group
/v1/organizations/{organizationid}/groups
GET
Getgroup
— Show Group Details
/v1/organizations/{organizationid}/groups/{groupid}
PUT
Updategroup
— Update Group
/v1/organizations/{organizationid}/groups/{groupid}
DELETE
Deletegroup
— Delete Group
/v1/organizations/{organizationid}/groups/{groupid}
GET
Getgroupexclusiveprivileges
— List Privileges Granted by Group to Current User
/v1/organizations/{organizationid}/groups/{groupid}/privileges/exclusive/me
MCP Tools
list-groups
List Groups
read-only
idempotent
create-group
Create Group
show-group-details
Show Group Details
read-only
idempotent
update-group
Update Group
idempotent
delete-group
Delete Group
idempotent
list-privileges-granted-group-current
List Privileges Granted by Group to Current User
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Coveo Authorization Server API — Groups
description: 'Coveo Authorization Server API — Groups. 6 operations. Lead operation: List Groups. Self-contained Naftiko
capability covering one Coveo business surface.'
tags:
- Coveo
- Authorization Server
- Groups
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
COVEO_API_KEY: COVEO_API_KEY
capability:
consumes:
- type: http
namespace: authorization-groups
baseUri: https://platform.cloud.coveo.com
description: Coveo Authorization Server API — Groups business capability. Self-contained, no shared references.
authentication:
type: bearer
token: '{{env.COVEO_API_KEY}}'
resources:
- name: rest-organizations-organizationId-groups
path: /rest/organizations/{organizationId}/groups
operations:
- name: getgroups
method: GET
description: List Groups
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: organizationId
in: path
type: string
description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
`mycoveocloudv2organizationg8tp8wu3`
required: true
- name: creategroup
method: POST
description: Create Group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: organizationId
in: path
type: string
description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
`mycoveocloudv2organizationg8tp8wu3`
required: true
- name: sendEmailToInvitedUsers
in: query
type: boolean
description: Whether to send an invitation email alongside the invite.
- name: canEditItself
in: query
type: boolean
description: Whether the new [group](https://docs.coveo.com/en/2867/) can edit itself.
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: rest-organizations-organizationId-groups-groupId
path: /rest/organizations/{organizationId}/groups/{groupId}
operations:
- name: getgroup
method: GET
description: Show Group Details
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: organizationId
in: path
type: string
description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
`mycoveocloudv2organizationg8tp8wu3`
required: true
- name: groupId
in: path
type: string
description: The unique identifier of the target [group](https://docs.coveo.com/en/2867/).</br>**Example:**`myorganization-bfghkjfjb674jh5egjk`
required: true
- name: updategroup
method: PUT
description: Update Group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: organizationId
in: path
type: string
description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
`mycoveocloudv2organizationg8tp8wu3`
required: true
- name: groupId
in: path
type: string
description: The unique identifier of the target [group](https://docs.coveo.com/en/2867/).</br>**Example:**`myorganization-bfghkjfjb674jh5egjk`
required: true
- name: sendEmailToInvitedUsers
in: query
type: boolean
description: Whether to send an email to the users that are invited to the [group](https://docs.coveo.com/en/2867/).
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deletegroup
method: DELETE
description: Delete Group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: organizationId
in: path
type: string
description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
`mycoveocloudv2organizationg8tp8wu3`
required: true
- name: groupId
in: path
type: string
description: The unique identifier of the target [group](https://docs.coveo.com/en/2867/).</br>**Example:**`myorganization-bfghkjfjb674jh5egjk`
required: true
- name: rest-organizations-organizationId-groups-groupId-privileges-exclusive-me
path: /rest/organizations/{organizationId}/groups/{groupId}/privileges/exclusive/me
operations:
- name: getgroupexclusiveprivileges
method: GET
description: List Privileges Granted by Group to Current User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: organizationId
in: path
type: string
description: The unique identifier of the target [organization](https://docs.coveo.com/en/185/).<br />**Example:**
`mycoveocloudv2organizationg8tp8wu3`
required: true
- name: groupId
in: path
type: string
description: The unique identifier of the target [group](https://docs.coveo.com/en/2867/).</br>**Example:**`myorganization-bfghkjfjb674jh5egjk`
required: true
exposes:
- type: rest
namespace: authorization-groups-rest
port: 8080
description: REST adapter for Coveo Authorization Server API — Groups. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/organizations/{organizationid}/groups
name: rest-organizations-organizationid-groups
description: REST surface for rest-organizations-organizationId-groups.
operations:
- method: GET
name: getgroups
description: List Groups
call: authorization-groups.getgroups
with:
organizationId: rest.organizationId
outputParameters:
- type: object
mapping: $.
- method: POST
name: creategroup
description: Create Group
call: authorization-groups.creategroup
with:
organizationId: rest.organizationId
sendEmailToInvitedUsers: rest.sendEmailToInvitedUsers
canEditItself: rest.canEditItself
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/organizations/{organizationid}/groups/{groupid}
name: rest-organizations-organizationid-groups-groupid
description: REST surface for rest-organizations-organizationId-groups-groupId.
operations:
- method: GET
name: getgroup
description: Show Group Details
call: authorization-groups.getgroup
with:
organizationId: rest.organizationId
groupId: rest.groupId
outputParameters:
- type: object
mapping: $.
- method: PUT
name: updategroup
description: Update Group
call: authorization-groups.updategroup
with:
organizationId: rest.organizationId
groupId: rest.groupId
sendEmailToInvitedUsers: rest.sendEmailToInvitedUsers
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deletegroup
description: Delete Group
call: authorization-groups.deletegroup
with:
organizationId: rest.organizationId
groupId: rest.groupId
outputParameters:
- type: object
mapping: $.
- path: /v1/organizations/{organizationid}/groups/{groupid}/privileges/exclusive/me
name: rest-organizations-organizationid-groups-groupid-privileges-exclusive-me
description: REST surface for rest-organizations-organizationId-groups-groupId-privileges-exclusive-me.
operations:
- method: GET
name: getgroupexclusiveprivileges
description: List Privileges Granted by Group to Current User
call: authorization-groups.getgroupexclusiveprivileges
with:
organizationId: rest.organizationId
groupId: rest.groupId
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: authorization-groups-mcp
port: 9090
transport: http
description: MCP adapter for Coveo Authorization Server API — Groups. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: list-groups
description: List Groups
hints:
readOnly: true
destructive: false
idempotent: true
call: authorization-groups.getgroups
with:
organizationId: tools.organizationId
outputParameters:
- type: object
mapping: $.
- name: create-group
description: Create Group
hints:
readOnly: false
destructive: false
idempotent: false
call: authorization-groups.creategroup
with:
organizationId: tools.organizationId
sendEmailToInvitedUsers: tools.sendEmailToInvitedUsers
canEditItself: tools.canEditItself
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: show-group-details
description: Show Group Details
hints:
readOnly: true
destructive: false
idempotent: true
call: authorization-groups.getgroup
with:
organizationId: tools.organizationId
groupId: tools.groupId
outputParameters:
- type: object
mapping: $.
- name: update-group
description: Update Group
hints:
readOnly: false
destructive: false
idempotent: true
call: authorization-groups.updategroup
with:
organizationId: tools.organizationId
groupId: tools.groupId
sendEmailToInvitedUsers: tools.sendEmailToInvitedUsers
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-group
description: Delete Group
hints:
readOnly: false
destructive: true
idempotent: true
call: authorization-groups.deletegroup
with:
organizationId: tools.organizationId
groupId: tools.groupId
outputParameters:
- type: object
mapping: $.
- name: list-privileges-granted-group-current
description: List Privileges Granted by Group to Current User
hints:
readOnly: true
destructive: false
idempotent: true
call: authorization-groups.getgroupexclusiveprivileges
with:
organizationId: tools.organizationId
groupId: tools.groupId
outputParameters:
- type: object
mapping: $.