Coveo · Capability
Coveo Push API — Security Identity
Coveo Push API — Security Identity. 5 operations. Lead operation: Add or Update an Alias. Self-contained Naftiko capability covering one Coveo business surface.
What You Can Do
PUT
Put
— Add or Update an Alias
/v1/organizations/{organizationid}/providers/{providerid}/mappings
DELETE
Delete
— Delete a Security Identity
/v1/organizations/{organizationid}/providers/{providerid}/permissions
PUT
Put
— Add or Update a Security Identity
/v1/organizations/{organizationid}/providers/{providerid}/permissions
PUT
Put
— Add, Update, and/or Delete a Batch of Security Identities
/v1/organizations/{organizationid}/providers/{providerid}/permissions/batch
DELETE
Delete
— Delete Old Security Identities
/v1/organizations/{organizationid}/providers/{providerid}/permissions/olderthan
MCP Tools
add-update-alias
Add or Update an Alias
idempotent
delete-security-identity
Delete a Security Identity
idempotent
add-update-security-identity
Add or Update a Security Identity
idempotent
add-update-and-delete-batch
Add, Update, and/or Delete a Batch of Security Identities
idempotent
delete-old-security-identities
Delete Old Security Identities
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Coveo Push API — Security Identity
description: 'Coveo Push API — Security Identity. 5 operations. Lead operation: Add or Update an Alias. Self-contained Naftiko
capability covering one Coveo business surface.'
tags:
- Coveo
- Push
- Security Identity
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
COVEO_API_KEY: COVEO_API_KEY
capability:
consumes:
- type: http
namespace: push-security-identity
baseUri: https://api.cloud.coveo.com/push/v1
description: Coveo Push API — Security Identity business capability. Self-contained, no shared references.
authentication:
type: bearer
token: '{{env.COVEO_API_KEY}}'
resources:
- name: organizations-organizationId-providers-providerId-mappings
path: /organizations/{organizationId}/providers/{providerId}/mappings
operations:
- name: put
method: PUT
description: Add or Update an Alias
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: providerId
in: path
type: string
description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s
required: true
- name: organizationId
in: path
type: string
description: 'The unique identifier of the target Coveo Cloud V2 organization. '
required: true
- name: orderingId
in: query
type: string
description: 'A value indicating the order of arrival of the Push operation in the Coveo Cloud V2 indexing pipeline.
A lower value corresponds to an older operation. '
- name: mappedIdentityBody
in: body
type: string
description: The security identity alias definition.
required: true
- name: organizations-organizationId-providers-providerId-permissions
path: /organizations/{organizationId}/providers/{providerId}/permissions
operations:
- name: delete
method: DELETE
description: Delete a Security Identity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: providerId
in: path
type: string
description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s
required: true
- name: organizationId
in: path
type: string
description: 'The unique identifier of the target Coveo Cloud V2 organization. '
required: true
- name: orderingId
in: query
type: string
description: 'A value indicating the order of arrival of the Push operation in the Coveo Cloud V2 indexing pipeline.
A lower value corresponds to an older operation. '
- name: baseIdentityBody
in: body
type: string
description: The security identity to delete.
required: true
- name: put
method: PUT
description: Add or Update a Security Identity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: providerId
in: path
type: string
description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s
required: true
- name: organizationId
in: path
type: string
description: 'The unique identifier of the target Coveo Cloud V2 organization. '
required: true
- name: orderingId
in: query
type: string
description: 'A value indicating the order of arrival of the Push operation in the Coveo Cloud V2 indexing pipeline.
A lower value corresponds to an older operation. '
- name: identityBody
in: body
type: string
description: The security identity to add or update.
required: true
- name: organizations-organizationId-providers-providerId-permissions-batch
path: /organizations/{organizationId}/providers/{providerId}/permissions/batch
operations:
- name: put
method: PUT
description: Add, Update, and/or Delete a Batch of Security Identities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: providerId
in: path
type: string
description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s
required: true
- name: fileId
in: query
type: string
description: The unique identifier of the Amazon S3 file container into which the JSON definition of the security
identity update was previously uploaded (see [Create a file
required: true
- name: organizationId
in: path
type: string
description: 'The unique identifier of the target Coveo Cloud V2 organization. '
required: true
- name: orderingId
in: query
type: string
description: 'A value indicating the order of arrival of the Push operation in the Coveo Cloud V2 indexing pipeline.
A lower value corresponds to an older operation. '
- name: organizations-organizationId-providers-providerId-permissions-olderthan
path: /organizations/{organizationId}/providers/{providerId}/permissions/olderthan
operations:
- name: delete
method: DELETE
description: Delete Old Security Identities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: providerId
in: path
type: string
description: The unique identifier of the target security identity provider (see [Create a security provider](https://docs.coveo.com/en/85/index-content/create-or-update-a-s
required: true
- name: organizationId
in: path
type: string
description: 'The unique identifier of the target Coveo Cloud V2 organization. '
required: true
- name: orderingId
in: query
type: string
description: 'The lowest Push API operation timestamp value a security identity must be associated to in order not
to be deleted from the security identity provider. '
required: true
- name: queueDelay
in: query
type: string
description: A grace period (in minutes) whose purpose is to give the Coveo Cloud V2 indexing pipeline enough time
to finish processing any previously enqueued operation tha
exposes:
- type: rest
namespace: push-security-identity-rest
port: 8080
description: REST adapter for Coveo Push API — Security Identity. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/organizations/{organizationid}/providers/{providerid}/mappings
name: organizations-organizationid-providers-providerid-mappings
description: REST surface for organizations-organizationId-providers-providerId-mappings.
operations:
- method: PUT
name: put
description: Add or Update an Alias
call: push-security-identity.put
with:
providerId: rest.providerId
organizationId: rest.organizationId
orderingId: rest.orderingId
mappedIdentityBody: rest.mappedIdentityBody
outputParameters:
- type: object
mapping: $.
- path: /v1/organizations/{organizationid}/providers/{providerid}/permissions
name: organizations-organizationid-providers-providerid-permissions
description: REST surface for organizations-organizationId-providers-providerId-permissions.
operations:
- method: DELETE
name: delete
description: Delete a Security Identity
call: push-security-identity.delete
with:
providerId: rest.providerId
organizationId: rest.organizationId
orderingId: rest.orderingId
baseIdentityBody: rest.baseIdentityBody
outputParameters:
- type: object
mapping: $.
- method: PUT
name: put
description: Add or Update a Security Identity
call: push-security-identity.put
with:
providerId: rest.providerId
organizationId: rest.organizationId
orderingId: rest.orderingId
identityBody: rest.identityBody
outputParameters:
- type: object
mapping: $.
- path: /v1/organizations/{organizationid}/providers/{providerid}/permissions/batch
name: organizations-organizationid-providers-providerid-permissions-batch
description: REST surface for organizations-organizationId-providers-providerId-permissions-batch.
operations:
- method: PUT
name: put
description: Add, Update, and/or Delete a Batch of Security Identities
call: push-security-identity.put
with:
providerId: rest.providerId
fileId: rest.fileId
organizationId: rest.organizationId
orderingId: rest.orderingId
outputParameters:
- type: object
mapping: $.
- path: /v1/organizations/{organizationid}/providers/{providerid}/permissions/olderthan
name: organizations-organizationid-providers-providerid-permissions-olderthan
description: REST surface for organizations-organizationId-providers-providerId-permissions-olderthan.
operations:
- method: DELETE
name: delete
description: Delete Old Security Identities
call: push-security-identity.delete
with:
providerId: rest.providerId
organizationId: rest.organizationId
orderingId: rest.orderingId
queueDelay: rest.queueDelay
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: push-security-identity-mcp
port: 9090
transport: http
description: MCP adapter for Coveo Push API — Security Identity. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: add-update-alias
description: Add or Update an Alias
hints:
readOnly: false
destructive: false
idempotent: true
call: push-security-identity.put
with:
providerId: tools.providerId
organizationId: tools.organizationId
orderingId: tools.orderingId
mappedIdentityBody: tools.mappedIdentityBody
outputParameters:
- type: object
mapping: $.
- name: delete-security-identity
description: Delete a Security Identity
hints:
readOnly: false
destructive: true
idempotent: true
call: push-security-identity.delete
with:
providerId: tools.providerId
organizationId: tools.organizationId
orderingId: tools.orderingId
baseIdentityBody: tools.baseIdentityBody
outputParameters:
- type: object
mapping: $.
- name: add-update-security-identity
description: Add or Update a Security Identity
hints:
readOnly: false
destructive: false
idempotent: true
call: push-security-identity.put
with:
providerId: tools.providerId
organizationId: tools.organizationId
orderingId: tools.orderingId
identityBody: tools.identityBody
outputParameters:
- type: object
mapping: $.
- name: add-update-and-delete-batch
description: Add, Update, and/or Delete a Batch of Security Identities
hints:
readOnly: false
destructive: false
idempotent: true
call: push-security-identity.put
with:
providerId: tools.providerId
fileId: tools.fileId
organizationId: tools.organizationId
orderingId: tools.orderingId
outputParameters:
- type: object
mapping: $.
- name: delete-old-security-identities
description: Delete Old Security Identities
hints:
readOnly: false
destructive: true
idempotent: true
call: push-security-identity.delete
with:
providerId: tools.providerId
organizationId: tools.organizationId
orderingId: tools.orderingId
queueDelay: tools.queueDelay
outputParameters:
- type: object
mapping: $.