Logto · Capability

Logto API references — My account

Logto API references — My account. 29 operations. Lead operation: Get profile. Self-contained Naftiko capability covering one Logto business surface.

Run with Naftiko LogtoMy account

What You Can Do

GET
Getprofile — Get profile
/v1/api/my-account
PATCH
Updateprofile — Update profile
/v1/api/my-account
GET
Getgrants — Get all active grants
/v1/api/my-account/grants
DELETE
Deletegrantbyid — Revoke a grant by ID
/v1/api/my-account/grants/{grantid}
POST
Adduseridentities — Add a user identity
/v1/api/my-account/identities
DELETE
Deleteidentity — Delete a user identity
/v1/api/my-account/identities/{target}
GET
Getsocialidentityaccesstoken — Retrieve the access token issued by a third-party social provider
/v1/api/my-account/identities/{target}/access-token
PUT
Updatesocialidentityaccesstokenbyverificationid — Update the access token for a social identity by verification ID
/v1/api/my-account/identities/{target}/access-token
GET
Getlogtoconfig — Get logto config
/v1/api/my-account/logto-configs
PATCH
Updatelogtoconfig — Update logto config
/v1/api/my-account/logto-configs
GET
Getmfasettings — Get MFA settings
/v1/api/my-account/mfa-settings
PATCH
Updatemfasettings — Update MFA settings
/v1/api/my-account/mfa-settings
GET
Getmfaverifications — Get MFA verifications
/v1/api/my-account/mfa-verifications
POST
Addmfaverification — Add a MFA verification
/v1/api/my-account/mfa-verifications
GET
Getbackupcodes — Get backup codes
/v1/api/my-account/mfa-verifications/backup-codes
POST
Generatemyaccountbackupcodes — Generate backup codes
/v1/api/my-account/mfa-verifications/backup-codes/generate
PUT
Createorreplacetotpmfaverification — Create or replace the authenticator app
/v1/api/my-account/mfa-verifications/totp
POST
Generatetotpsecret — Generate a TOTP secret
/v1/api/my-account/mfa-verifications/totp-secret/generate
DELETE
Deletemfaverification — Delete an MFA verification
/v1/api/my-account/mfa-verifications/{verificationid}
PATCH
Updatemfaverificationname — Update a MFA verification name
/v1/api/my-account/mfa-verifications/{verificationid}/name
POST
Updatepassword — Update password
/v1/api/my-account/password
POST
Updateprimaryemail — Update primary email
/v1/api/my-account/primary-email
DELETE
Deleteprimaryemail — Delete primary email
/v1/api/my-account/primary-email
POST
Updateprimaryphone — Update primary phone
/v1/api/my-account/primary-phone
DELETE
Deleteprimaryphone — Delete primary phone
/v1/api/my-account/primary-phone
PATCH
Updateotherprofile — Update other profile
/v1/api/my-account/profile
GET
Getsessions — Get all active sessions
/v1/api/my-account/sessions
DELETE
Deletesessionbyid — Revoke a session by ID
/v1/api/my-account/sessions/{sessionid}
GET
Getenterprisessoidentityaccesstoken — Retrieve the access token issued by a third-party enterprise SSO provider
/v1/api/my-account/sso-identities/{connectorid}/access-token

MCP Tools

get-profile

Get profile

read-only idempotent
update-profile

Update profile

idempotent
get-all-active-grants

Get all active grants

read-only idempotent
revoke-grant-id

Revoke a grant by ID

idempotent
add-user-identity

Add a user identity

delete-user-identity

Delete a user identity

idempotent
retrieve-access-token-issued-third

Retrieve the access token issued by a third-party social provider

read-only idempotent
update-access-token-social-identity

Update the access token for a social identity by verification ID

idempotent
get-logto-config

Get logto config

read-only idempotent
update-logto-config

Update logto config

idempotent
get-mfa-settings

Get MFA settings

read-only idempotent
update-mfa-settings

Update MFA settings

idempotent
get-mfa-verifications

Get MFA verifications

read-only idempotent
add-mfa-verification

Add a MFA verification

get-backup-codes

Get backup codes

read-only idempotent
generate-backup-codes

Generate backup codes

create-replace-authenticator-app

Create or replace the authenticator app

idempotent
generate-totp-secret

Generate a TOTP secret

delete-mfa-verification

Delete an MFA verification

idempotent
update-mfa-verification-name

Update a MFA verification name

idempotent
update-password

Update password

update-primary-email

Update primary email

delete-primary-email

Delete primary email

idempotent
update-primary-phone

Update primary phone

delete-primary-phone

Delete primary phone

idempotent
update-other-profile

Update other profile

idempotent
get-all-active-sessions

Get all active sessions

read-only idempotent
revoke-session-id

Revoke a session by ID

idempotent
retrieve-access-token-issued-third-2

Retrieve the access token issued by a third-party enterprise SSO provider

read-only idempotent

Capability Spec

logto-my-account.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Logto API references — My account
  description: 'Logto API references — My account. 29 operations. Lead operation: Get profile. Self-contained Naftiko capability
    covering one Logto business surface.'
  tags:
  - Logto
  - My account
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    LOGTO_API_KEY: LOGTO_API_KEY
capability:
  consumes:
  - type: http
    namespace: logto-my-account
    baseUri: https://[tenant_id].logto.app
    description: Logto API references — My account business capability. Self-contained, no shared references.
    resources:
    - name: api-my-account
      path: /api/my-account
      operations:
      - name: getprofile
        method: GET
        description: Get profile
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateprofile
        method: PATCH
        description: Update profile
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-grants
      path: /api/my-account/grants
      operations:
      - name: getgrants
        method: GET
        description: Get all active grants
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: appType
          in: query
          type: string
          description: Optional application type filter. Use 'firstParty' to return grants from first-party applications only,
            or 'thirdParty' for third-party applications only.
    - name: api-my-account-grants-grantId
      path: /api/my-account/grants/{grantId}
      operations:
      - name: deletegrantbyid
        method: DELETE
        description: Revoke a grant by ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-my-account-identities
      path: /api/my-account/identities
      operations:
      - name: adduseridentities
        method: POST
        description: Add a user identity
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-identities-target
      path: /api/my-account/identities/{target}
      operations:
      - name: deleteidentity
        method: DELETE
        description: Delete a user identity
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: target
          in: path
          type: string
          required: true
    - name: api-my-account-identities-target-access-token
      path: /api/my-account/identities/{target}/access-token
      operations:
      - name: getsocialidentityaccesstoken
        method: GET
        description: Retrieve the access token issued by a third-party social provider
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: target
          in: path
          type: string
          required: true
      - name: updatesocialidentityaccesstokenbyverificationid
        method: PUT
        description: Update the access token for a social identity by verification ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: target
          in: path
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-logto-configs
      path: /api/my-account/logto-configs
      operations:
      - name: getlogtoconfig
        method: GET
        description: Get logto config
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatelogtoconfig
        method: PATCH
        description: Update logto config
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-mfa-settings
      path: /api/my-account/mfa-settings
      operations:
      - name: getmfasettings
        method: GET
        description: Get MFA settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatemfasettings
        method: PATCH
        description: Update MFA settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-mfa-verifications
      path: /api/my-account/mfa-verifications
      operations:
      - name: getmfaverifications
        method: GET
        description: Get MFA verifications
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: addmfaverification
        method: POST
        description: Add a MFA verification
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-mfa-verifications-backup-codes
      path: /api/my-account/mfa-verifications/backup-codes
      operations:
      - name: getbackupcodes
        method: GET
        description: Get backup codes
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-my-account-mfa-verifications-backup-codes-generate
      path: /api/my-account/mfa-verifications/backup-codes/generate
      operations:
      - name: generatemyaccountbackupcodes
        method: POST
        description: Generate backup codes
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-my-account-mfa-verifications-totp
      path: /api/my-account/mfa-verifications/totp
      operations:
      - name: createorreplacetotpmfaverification
        method: PUT
        description: Create or replace the authenticator app
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-mfa-verifications-totp-secret-generate
      path: /api/my-account/mfa-verifications/totp-secret/generate
      operations:
      - name: generatetotpsecret
        method: POST
        description: Generate a TOTP secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-my-account-mfa-verifications-verificationId
      path: /api/my-account/mfa-verifications/{verificationId}
      operations:
      - name: deletemfaverification
        method: DELETE
        description: Delete an MFA verification
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-my-account-mfa-verifications-verificationId-name
      path: /api/my-account/mfa-verifications/{verificationId}/name
      operations:
      - name: updatemfaverificationname
        method: PATCH
        description: Update a MFA verification name
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-password
      path: /api/my-account/password
      operations:
      - name: updatepassword
        method: POST
        description: Update password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-primary-email
      path: /api/my-account/primary-email
      operations:
      - name: updateprimaryemail
        method: POST
        description: Update primary email
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deleteprimaryemail
        method: DELETE
        description: Delete primary email
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-my-account-primary-phone
      path: /api/my-account/primary-phone
      operations:
      - name: updateprimaryphone
        method: POST
        description: Update primary phone
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deleteprimaryphone
        method: DELETE
        description: Delete primary phone
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-my-account-profile
      path: /api/my-account/profile
      operations:
      - name: updateotherprofile
        method: PATCH
        description: Update other profile
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-my-account-sessions
      path: /api/my-account/sessions
      operations:
      - name: getsessions
        method: GET
        description: Get all active sessions
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-my-account-sessions-sessionId
      path: /api/my-account/sessions/{sessionId}
      operations:
      - name: deletesessionbyid
        method: DELETE
        description: Revoke a session by ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: revokeGrantsTarget
          in: query
          type: string
          description: Optional target for revoking associated grants and tokens. 'all' revokes grants for every application
            authorized by this session. 'firstParty' revokes only firs
    - name: api-my-account-sso-identities-connectorId-access-token
      path: /api/my-account/sso-identities/{connectorId}/access-token
      operations:
      - name: getenterprisessoidentityaccesstoken
        method: GET
        description: Retrieve the access token issued by a third-party enterprise SSO provider
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: bearer
      token: '{{env.LOGTO_API_KEY}}'
  exposes:
  - type: rest
    namespace: logto-my-account-rest
    port: 8080
    description: REST adapter for Logto API references — My account. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/api/my-account
      name: api-my-account
      description: REST surface for api-my-account.
      operations:
      - method: GET
        name: getprofile
        description: Get profile
        call: logto-my-account.getprofile
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updateprofile
        description: Update profile
        call: logto-my-account.updateprofile
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/grants
      name: api-my-account-grants
      description: REST surface for api-my-account-grants.
      operations:
      - method: GET
        name: getgrants
        description: Get all active grants
        call: logto-my-account.getgrants
        with:
          appType: rest.appType
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/grants/{grantid}
      name: api-my-account-grants-grantid
      description: REST surface for api-my-account-grants-grantId.
      operations:
      - method: DELETE
        name: deletegrantbyid
        description: Revoke a grant by ID
        call: logto-my-account.deletegrantbyid
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/identities
      name: api-my-account-identities
      description: REST surface for api-my-account-identities.
      operations:
      - method: POST
        name: adduseridentities
        description: Add a user identity
        call: logto-my-account.adduseridentities
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/identities/{target}
      name: api-my-account-identities-target
      description: REST surface for api-my-account-identities-target.
      operations:
      - method: DELETE
        name: deleteidentity
        description: Delete a user identity
        call: logto-my-account.deleteidentity
        with:
          target: rest.target
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/identities/{target}/access-token
      name: api-my-account-identities-target-access-token
      description: REST surface for api-my-account-identities-target-access-token.
      operations:
      - method: GET
        name: getsocialidentityaccesstoken
        description: Retrieve the access token issued by a third-party social provider
        call: logto-my-account.getsocialidentityaccesstoken
        with:
          target: rest.target
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updatesocialidentityaccesstokenbyverificationid
        description: Update the access token for a social identity by verification ID
        call: logto-my-account.updatesocialidentityaccesstokenbyverificationid
        with:
          target: rest.target
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/logto-configs
      name: api-my-account-logto-configs
      description: REST surface for api-my-account-logto-configs.
      operations:
      - method: GET
        name: getlogtoconfig
        description: Get logto config
        call: logto-my-account.getlogtoconfig
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updatelogtoconfig
        description: Update logto config
        call: logto-my-account.updatelogtoconfig
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/mfa-settings
      name: api-my-account-mfa-settings
      description: REST surface for api-my-account-mfa-settings.
      operations:
      - method: GET
        name: getmfasettings
        description: Get MFA settings
        call: logto-my-account.getmfasettings
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updatemfasettings
        description: Update MFA settings
        call: logto-my-account.updatemfasettings
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/mfa-verifications
      name: api-my-account-mfa-verifications
      description: REST surface for api-my-account-mfa-verifications.
      operations:
      - method: GET
        name: getmfaverifications
        description: Get MFA verifications
        call: logto-my-account.getmfaverifications
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: addmfaverification
        description: Add a MFA verification
        call: logto-my-account.addmfaverification
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/mfa-verifications/backup-codes
      name: api-my-account-mfa-verifications-backup-codes
      description: REST surface for api-my-account-mfa-verifications-backup-codes.
      operations:
      - method: GET
        name: getbackupcodes
        description: Get backup codes
        call: logto-my-account.getbackupcodes
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/mfa-verifications/backup-codes/generate
      name: api-my-account-mfa-verifications-backup-codes-generate
      description: REST surface for api-my-account-mfa-verifications-backup-codes-generate.
      operations:
      - method: POST
        name: generatemyaccountbackupcodes
        description: Generate backup codes
        call: logto-my-account.generatemyaccountbackupcodes
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/mfa-verifications/totp
      name: api-my-account-mfa-verifications-totp
      description: REST surface for api-my-account-mfa-verifications-totp.
      operations:
      - method: PUT
        name: createorreplacetotpmfaverification
        description: Create or replace the authenticator app
        call: logto-my-account.createorreplacetotpmfaverification
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/mfa-verifications/totp-secret/generate
      name: api-my-account-mfa-verifications-totp-secret-generate
      description: REST surface for api-my-account-mfa-verifications-totp-secret-generate.
      operations:
      - method: POST
        name: generatetotpsecret
        description: Generate a TOTP secret
        call: logto-my-account.generatetotpsecret
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/mfa-verifications/{verificationid}
      name: api-my-account-mfa-verifications-verificationid
      description: REST surface for api-my-account-mfa-verifications-verificationId.
      operations:
      - method: DELETE
        name: deletemfaverification
        description: Delete an MFA verification
        call: logto-my-account.deletemfaverification
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/mfa-verifications/{verificationid}/name
      name: api-my-account-mfa-verifications-verificationid-name
      description: REST surface for api-my-account-mfa-verifications-verificationId-name.
      operations:
      - method: PATCH
        name: updatemfaverificationname
        description: Update a MFA verification name
        call: logto-my-account.updatemfaverificationname
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/password
      name: api-my-account-password
      description: REST surface for api-my-account-password.
      operations:
      - method: POST
        name: updatepassword
        description: Update password
        call: logto-my-account.updatepassword
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/primary-email
      name: api-my-account-primary-email
      description: REST surface for api-my-account-primary-email.
      operations:
      - method: POST
        name: updateprimaryemail
        description: Update primary email
        call: logto-my-account.updateprimaryemail
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteprimaryemail
        description: Delete primary email
        call: logto-my-account.deleteprimaryemail
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/primary-phone
      name: api-my-account-primary-phone
      description: REST surface for api-my-account-primary-phone.
      operations:
      - method: POST
        name: updateprimaryphone
        description: Update primary phone
        call: logto-my-account.updateprimaryphone
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteprimaryphone
        description: Delete primary phone
        call: logto-my-account.deleteprimaryphone
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/profile
      name: api-my-account-profile
      description: REST surface for api-my-account-profile.
      operations:
      - method: PATCH
        name: updateotherprofile
        description: Update other profile
        call: logto-my-account.updateotherprofile
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/sessions
      name: api-my-account-sessions
      description: REST surface for api-my-account-sessions.
      operations:
      - method: GET
        name: getsessions
        description: Get all active sessions
        call: logto-my-account.getsessions
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/sessions/{sessionid}
      name: api-my-account-sessions-sessionid
      description: REST surface for api-my-account-sessions-sessionId.
      operations:
      - method: DELETE
        name: deletesessionbyid
        description: Revoke a session by ID
        call: logto-my-account.deletesessionbyid
        with:
          revokeGrantsTarget: rest.revokeGrantsTarget
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/my-account/sso-identities/{connectorid}/access-token
      name: api-my-account-sso-identities-connectorid-access-token
      description: REST surface for api-my-account-sso-identities-connectorId-access-token.
      operations:
      - method: GET
        name: getenterprisessoidentityaccesstoken
        description: Retrieve the access token issued by a third-party enterprise SSO provider
        call: logto-my-account.getenterprisessoidentityaccesstoken
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: logto-my-account-mcp
    port: 9090
    transport: http
    description: MCP adapter for Logto API references — My account. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: get-profile
      description: Get profile
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-my-account.getprofile
      outputParameters:
      - type: object
        mapping: $.
    - name: update-profile
      description: Update profile
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-my-account.updateprofile
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-all-active-grants
      description: Get all active grants
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-my-account.getgrants
      with:
        appType: tools.appType
      outputParameters:
      - type: object
        mapping: $.
    - name: revoke-grant-id
      description: Revoke a grant by ID
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: logto-my-account.deletegrantbyid
      outputParameters:
      - type: object
        mapping: $.
    - name: add-user-identity
      description: Add a user identity
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-my-account.adduseridentities
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-user-identity
      description: Delete a user identity
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: logto-my-account.deleteidentity
      with:
        target: tools.target
      outputParameters:
      - type: object
        mapping: $.
    - name: retrieve-access-token-issued-third
      description: Retrieve the access token issued by a third-party social provider
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-my-account.getsocialidentityaccesstoken
      with:
        target: tools.target
      outputParameters:
      - type: object
        mapping: $.
    - name: update-access-token-social-identity
      description: Update the access token for a social identity by verification ID
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-my-account.updatesocialidentityaccesstokenbyverificationid
      with:
        target: tools.target
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-logto-config
      description: Get logto config
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-my-account.getlogtoconfig
      outputParameters:
      - type: object
        mapping: $.
    - name: update-logto-config
      description: Update logto config
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-my-account.updatelogtoconfig
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-mfa-settings
      description: Get MFA settings
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-my-account.getmfasettings
      outputParameters:
      - type: object
        mapping: $.
    - name: update-mfa-settings
      description: Update MFA settings
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-my-account.updatemfasettings
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-mfa-verifications
      description: Get MFA verifications
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-my-account.getmfaverifications
      outputParameters:
      - type: object
        mapping: $.
    - name: add-mfa-verification
      description: Add a MFA verification
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-my-account.addmfaverification
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-backup-codes
      description: Get backup codes
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-my-account.getbackupcodes
      outputParameters:
      - type: object
        mapping: $.
    - name: generate-backup-codes
      description: Generate backup codes
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-my-account.generatemyaccountbackupcodes
      outputParameters:
      - type: object
        mapping: $.
    - name: create-replace-authenticator-app
      description: Create or replace the authenticator app
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-my-account.createorreplacetotpmfaverification
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: generate-totp-secret
      description: Generate a TOTP secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-my-account.generatetotpsecret
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-mfa-verification
      description: Delete an MFA verification
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: logto-my-account.deletemfaverification
      outputParameters:
      - type: object
        mapping: $.
    - name: update-mfa-verification-name
      description: Update a MFA verification name
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-my-account.updatemfaverificationname
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: update-password
      description: Update password
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-my-account.updatepassword
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: update-primary-email
      description: Update primary email
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-my-account.updateprimaryemail
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-primary-email
      description: Delete primary email
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: logto-my-account.deleteprimaryemail
      outputParameters:
      - type: object
        mapping: $.
    - name: update-primary-phone
      description: Update primary phone
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-my-account.updateprimaryphone
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-primary-phone
      description: Delete primary phone
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: logto-my-account.deleteprimaryphone
      outputParameters:
      - type: object
        mapping: $.
    - name: update-other-profile
      description: Update other profile
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-my-account.updateotherprofile
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-all-active-sessions
      description: Get all active sessions
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-my-account.getsessions
      outputParameters:
      - type: object
        mapping: $.
    - name: revoke-session-id
      description: Revoke a session by ID
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: logto-my

# --- truncated at 32 KB (32 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/logto/refs/heads/main/capabilities/logto-my-account.yaml