Lithic · Capability

Lithic Developer API — Auth Rules

Lithic Developer API — Auth Rules. 14 operations. Lead operation: Create a new rule. Self-contained Naftiko capability covering one Lithic business surface.

Run with Naftiko LithicAuth Rules

What You Can Do

POST
Post — Create a new rule
/v1/v2/auth-rules
GET
Get — List rules
/v1/v2/auth-rules
GET
Get — List rule evaluation results
/v1/v2/auth-rules/results
GET
Get — Fetch a rule
/v1/v2/auth-rules/{auth-rule-token}
PATCH
Patch — Update a rule
/v1/v2/auth-rules/{auth-rule-token}
DELETE
Delete — Delete a rule
/v1/v2/auth-rules/{auth-rule-token}
GET
Get — List backtests
/v1/v2/auth-rules/{auth-rule-token}/backtests
POST
Post — Request a backtest
/v1/v2/auth-rules/{auth-rule-token}/backtests
GET
Get — Retrieve backtest results
/v1/v2/auth-rules/{auth-rule-token}/backtests/{auth-rule-backtest-token}
POST
Post — Draft a new rule version
/v1/v2/auth-rules/{auth-rule-token}/draft
GET
Get — Calculated Feature values
/v1/v2/auth-rules/{auth-rule-token}/features
POST
Post — Promote a rule version
/v1/v2/auth-rules/{auth-rule-token}/promote
GET
Get — Retrieve a performance report
/v1/v2/auth-rules/{auth-rule-token}/report
GET
Get — List rule versions
/v1/v2/auth-rules/{auth-rule-token}/versions

MCP Tools

create-new-rule

Create a new rule

list-rules

List rules

read-only idempotent
list-rule-evaluation-results

List rule evaluation results

read-only idempotent
fetch-rule

Fetch a rule

read-only idempotent
update-rule

Update a rule

idempotent
delete-rule

Delete a rule

idempotent
list-backtests

List backtests

read-only idempotent
request-backtest

Request a backtest

retrieve-backtest-results

Retrieve backtest results

read-only idempotent
draft-new-rule-version

Draft a new rule version

calculated-feature-values

Calculated Feature values

read-only idempotent
promote-rule-version

Promote a rule version

retrieve-performance-report

Retrieve a performance report

read-only idempotent
list-rule-versions

List rule versions

read-only idempotent

Capability Spec

lithic-auth-rules.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Lithic Developer API — Auth Rules
  description: 'Lithic Developer API — Auth Rules. 14 operations. Lead operation: Create a new rule. Self-contained Naftiko
    capability covering one Lithic business surface.'
  tags:
  - Lithic
  - Auth Rules
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    LITHIC_API_KEY: LITHIC_API_KEY
capability:
  consumes:
  - type: http
    namespace: lithic-auth-rules
    baseUri: https://sandbox.lithic.com
    description: Lithic Developer API — Auth Rules business capability. Self-contained, no shared references.
    resources:
    - name: v2-auth_rules
      path: /v2/auth_rules
      operations:
      - name: post
        method: POST
        description: Create a new rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: get
        method: GET
        description: List rules
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: card_token
          in: query
          type: string
          description: Only return Auth Rules that are bound to the provided card token.
        - name: account_token
          in: query
          type: string
          description: Only return Auth Rules that are bound to the provided account token.
        - name: business_account_token
          in: query
          type: string
          description: Only return Auth Rules that are bound to the provided business account token.
        - name: scope
          in: query
          type: string
          description: Only return Auth Rules that are bound to the provided scope.
        - name: event_stream
          in: query
          type: string
          description: 'Deprecated: Use event_streams instead. Only return Auth rules that are executed during the provided
            event stream.'
        - name: event_streams
          in: query
          type: array
          description: Only return Auth rules that are executed during any of the provided event streams. If event_streams
            and event_stream are specified, the values will be combined.
    - name: v2-auth_rules-results
      path: /v2/auth_rules/results
      operations:
      - name: get
        method: GET
        description: List rule evaluation results
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: event_token
          in: query
          type: string
          description: Filter by event token
        - name: auth_rule_token
          in: query
          type: string
          description: Filter by Auth Rule token
        - name: begin
          in: query
          type: string
          description: Date string in RFC 3339 format. Only events evaluated after the specified time will be included. UTC
            time zone.
        - name: end
          in: query
          type: string
          description: Date string in RFC 3339 format. Only events evaluated before the specified time will be included. UTC
            time zone.
        - name: has_actions
          in: query
          type: boolean
          description: Filter by whether the rule evaluation produced any actions. When not provided, all results are returned.
    - name: v2-auth_rules-auth_rule_token
      path: /v2/auth_rules/{auth_rule_token}
      operations:
      - name: get
        method: GET
        description: Fetch a rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: patch
        method: PATCH
        description: Update a rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: delete
        method: DELETE
        description: Delete a rule
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v2-auth_rules-auth_rule_token-backtests
      path: /v2/auth_rules/{auth_rule_token}/backtests
      operations:
      - name: get
        method: GET
        description: List backtests
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: post
        method: POST
        description: Request a backtest
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: v2-auth_rules-auth_rule_token-backtests-auth_rule_backtest_token
      path: /v2/auth_rules/{auth_rule_token}/backtests/{auth_rule_backtest_token}
      operations:
      - name: get
        method: GET
        description: Retrieve backtest results
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v2-auth_rules-auth_rule_token-draft
      path: /v2/auth_rules/{auth_rule_token}/draft
      operations:
      - name: post
        method: POST
        description: Draft a new rule version
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: v2-auth_rules-auth_rule_token-features
      path: /v2/auth_rules/{auth_rule_token}/features
      operations:
      - name: get
        method: GET
        description: Calculated Feature values
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: account_token
          in: query
          type: string
        - name: card_token
          in: query
          type: string
    - name: v2-auth_rules-auth_rule_token-promote
      path: /v2/auth_rules/{auth_rule_token}/promote
      operations:
      - name: post
        method: POST
        description: Promote a rule version
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: v2-auth_rules-auth_rule_token-report
      path: /v2/auth_rules/{auth_rule_token}/report
      operations:
      - name: get
        method: GET
        description: Retrieve a performance report
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: begin
          in: query
          type: string
          description: Start date for the report
          required: true
        - name: end
          in: query
          type: string
          description: End date for the report
          required: true
    - name: v2-auth_rules-auth_rule_token-versions
      path: /v2/auth_rules/{auth_rule_token}/versions
      operations:
      - name: get
        method: GET
        description: List rule versions
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: Authorization
      value: '{{env.LITHIC_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: lithic-auth-rules-rest
    port: 8080
    description: REST adapter for Lithic Developer API — Auth Rules. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/v2/auth-rules
      name: v2-auth-rules
      description: REST surface for v2-auth_rules.
      operations:
      - method: POST
        name: post
        description: Create a new rule
        call: lithic-auth-rules.post
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: get
        description: List rules
        call: lithic-auth-rules.get
        with:
          card_token: rest.card_token
          account_token: rest.account_token
          business_account_token: rest.business_account_token
          scope: rest.scope
          event_stream: rest.event_stream
          event_streams: rest.event_streams
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/results
      name: v2-auth-rules-results
      description: REST surface for v2-auth_rules-results.
      operations:
      - method: GET
        name: get
        description: List rule evaluation results
        call: lithic-auth-rules.get
        with:
          event_token: rest.event_token
          auth_rule_token: rest.auth_rule_token
          begin: rest.begin
          end: rest.end
          has_actions: rest.has_actions
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/{auth-rule-token}
      name: v2-auth-rules-auth-rule-token
      description: REST surface for v2-auth_rules-auth_rule_token.
      operations:
      - method: GET
        name: get
        description: Fetch a rule
        call: lithic-auth-rules.get
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: patch
        description: Update a rule
        call: lithic-auth-rules.patch
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: delete
        description: Delete a rule
        call: lithic-auth-rules.delete
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/{auth-rule-token}/backtests
      name: v2-auth-rules-auth-rule-token-backtests
      description: REST surface for v2-auth_rules-auth_rule_token-backtests.
      operations:
      - method: GET
        name: get
        description: List backtests
        call: lithic-auth-rules.get
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: post
        description: Request a backtest
        call: lithic-auth-rules.post
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/{auth-rule-token}/backtests/{auth-rule-backtest-token}
      name: v2-auth-rules-auth-rule-token-backtests-auth-rule-backtest-token
      description: REST surface for v2-auth_rules-auth_rule_token-backtests-auth_rule_backtest_token.
      operations:
      - method: GET
        name: get
        description: Retrieve backtest results
        call: lithic-auth-rules.get
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/{auth-rule-token}/draft
      name: v2-auth-rules-auth-rule-token-draft
      description: REST surface for v2-auth_rules-auth_rule_token-draft.
      operations:
      - method: POST
        name: post
        description: Draft a new rule version
        call: lithic-auth-rules.post
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/{auth-rule-token}/features
      name: v2-auth-rules-auth-rule-token-features
      description: REST surface for v2-auth_rules-auth_rule_token-features.
      operations:
      - method: GET
        name: get
        description: Calculated Feature values
        call: lithic-auth-rules.get
        with:
          account_token: rest.account_token
          card_token: rest.card_token
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/{auth-rule-token}/promote
      name: v2-auth-rules-auth-rule-token-promote
      description: REST surface for v2-auth_rules-auth_rule_token-promote.
      operations:
      - method: POST
        name: post
        description: Promote a rule version
        call: lithic-auth-rules.post
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/{auth-rule-token}/report
      name: v2-auth-rules-auth-rule-token-report
      description: REST surface for v2-auth_rules-auth_rule_token-report.
      operations:
      - method: GET
        name: get
        description: Retrieve a performance report
        call: lithic-auth-rules.get
        with:
          begin: rest.begin
          end: rest.end
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/v2/auth-rules/{auth-rule-token}/versions
      name: v2-auth-rules-auth-rule-token-versions
      description: REST surface for v2-auth_rules-auth_rule_token-versions.
      operations:
      - method: GET
        name: get
        description: List rule versions
        call: lithic-auth-rules.get
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: lithic-auth-rules-mcp
    port: 9090
    transport: http
    description: MCP adapter for Lithic Developer API — Auth Rules. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: create-new-rule
      description: Create a new rule
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: lithic-auth-rules.post
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: list-rules
      description: List rules
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lithic-auth-rules.get
      with:
        card_token: tools.card_token
        account_token: tools.account_token
        business_account_token: tools.business_account_token
        scope: tools.scope
        event_stream: tools.event_stream
        event_streams: tools.event_streams
      outputParameters:
      - type: object
        mapping: $.
    - name: list-rule-evaluation-results
      description: List rule evaluation results
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lithic-auth-rules.get
      with:
        event_token: tools.event_token
        auth_rule_token: tools.auth_rule_token
        begin: tools.begin
        end: tools.end
        has_actions: tools.has_actions
      outputParameters:
      - type: object
        mapping: $.
    - name: fetch-rule
      description: Fetch a rule
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lithic-auth-rules.get
      outputParameters:
      - type: object
        mapping: $.
    - name: update-rule
      description: Update a rule
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: lithic-auth-rules.patch
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-rule
      description: Delete a rule
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: lithic-auth-rules.delete
      outputParameters:
      - type: object
        mapping: $.
    - name: list-backtests
      description: List backtests
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lithic-auth-rules.get
      outputParameters:
      - type: object
        mapping: $.
    - name: request-backtest
      description: Request a backtest
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: lithic-auth-rules.post
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: retrieve-backtest-results
      description: Retrieve backtest results
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lithic-auth-rules.get
      outputParameters:
      - type: object
        mapping: $.
    - name: draft-new-rule-version
      description: Draft a new rule version
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: lithic-auth-rules.post
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: calculated-feature-values
      description: Calculated Feature values
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lithic-auth-rules.get
      with:
        account_token: tools.account_token
        card_token: tools.card_token
      outputParameters:
      - type: object
        mapping: $.
    - name: promote-rule-version
      description: Promote a rule version
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: lithic-auth-rules.post
      outputParameters:
      - type: object
        mapping: $.
    - name: retrieve-performance-report
      description: Retrieve a performance report
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lithic-auth-rules.get
      with:
        begin: tools.begin
        end: tools.end
      outputParameters:
      - type: object
        mapping: $.
    - name: list-rule-versions
      description: List rule versions
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: lithic-auth-rules.get
      outputParameters:
      - type: object
        mapping: $.