Logto · Capability

Logto API references — SAML applications

Logto API references — SAML applications. 10 operations. Lead operation: Create SAML application. Self-contained Naftiko capability covering one Logto business surface.

Run with Naftiko LogtoSAML applications

What You Can Do

POST

Createsamlapplication — Create SAML application

/v1/api/saml-applications

GET

Getsamlapplication — Get SAML application

/v1/api/saml-applications/{id}

PATCH

Updatesamlapplication — Update SAML application

/v1/api/saml-applications/{id}

DELETE

Deletesamlapplication — Delete SAML application

/v1/api/saml-applications/{id}

GET

Getsamlapplicationcallback — SAML application callback

/v1/api/saml-applications/{id}/callback

GET

Listsamlapplicationmetadata — Get SAML application metadata

/v1/api/saml-applications/{id}/metadata

POST

Createsamlapplicationsecret — Create SAML application secret

/v1/api/saml-applications/{id}/secrets

GET

Listsamlapplicationsecrets — List SAML application secrets

/v1/api/saml-applications/{id}/secrets

DELETE

Deletesamlapplicationsecret — Delete SAML application secret

/v1/api/saml-applications/{id}/secrets/{secretid}

PATCH

Updatesamlapplicationsecret — Update SAML application secret

/v1/api/saml-applications/{id}/secrets/{secretid}

MCP Tools

create-saml-application

Create SAML application

get-saml-application

Get SAML application

read-only idempotent

update-saml-application

Update SAML application

idempotent

delete-saml-application

Delete SAML application

idempotent

saml-application-callback

SAML application callback

read-only idempotent

get-saml-application-metadata

Get SAML application metadata

read-only idempotent

create-saml-application-secret

Create SAML application secret

list-saml-application-secrets

List SAML application secrets

read-only idempotent

delete-saml-application-secret

Delete SAML application secret

idempotent

update-saml-application-secret

Update SAML application secret

idempotent

Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: Logto API references — SAML applications
  description: 'Logto API references — SAML applications. 10 operations. Lead operation: Create SAML application. Self-contained
    Naftiko capability covering one Logto business surface.'
  tags:
  - Logto
  - SAML applications
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    LOGTO_API_KEY: LOGTO_API_KEY
capability:
  consumes:
  - type: http
    namespace: logto-saml-applications
    baseUri: https://[tenant_id].logto.app
    description: Logto API references — SAML applications business capability. Self-contained, no shared references.
    resources:
    - name: api-saml-applications
      path: /api/saml-applications
      operations:
      - name: createsamlapplication
        method: POST
        description: Create SAML application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-saml-applications-id
      path: /api/saml-applications/{id}
      operations:
      - name: getsamlapplication
        method: GET
        description: Get SAML application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatesamlapplication
        method: PATCH
        description: Update SAML application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deletesamlapplication
        method: DELETE
        description: Delete SAML application
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-saml-applications-id-callback
      path: /api/saml-applications/{id}/callback
      operations:
      - name: getsamlapplicationcallback
        method: GET
        description: SAML application callback
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: code
          in: query
          type: string
          description: The authorization code from OIDC callback.
        - name: state
          in: query
          type: string
          description: The state parameter from OIDC callback.
        - name: redirectUri
          in: query
          type: string
          description: The redirect URI for the callback.
        - name: error
          in: query
          type: string
        - name: error_description
          in: query
          type: string
    - name: api-saml-applications-id-metadata
      path: /api/saml-applications/{id}/metadata
      operations:
      - name: listsamlapplicationmetadata
        method: GET
        description: Get SAML application metadata
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-saml-applications-id-secrets
      path: /api/saml-applications/{id}/secrets
      operations:
      - name: createsamlapplicationsecret
        method: POST
        description: Create SAML application secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: listsamlapplicationsecrets
        method: GET
        description: List SAML application secrets
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-saml-applications-id-secrets-secretId
      path: /api/saml-applications/{id}/secrets/{secretId}
      operations:
      - name: deletesamlapplicationsecret
        method: DELETE
        description: Delete SAML application secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatesamlapplicationsecret
        method: PATCH
        description: Update SAML application secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.LOGTO_API_KEY}}'
  exposes:
  - type: rest
    namespace: logto-saml-applications-rest
    port: 8080
    description: REST adapter for Logto API references — SAML applications. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/api/saml-applications
      name: api-saml-applications
      description: REST surface for api-saml-applications.
      operations:
      - method: POST
        name: createsamlapplication
        description: Create SAML application
        call: logto-saml-applications.createsamlapplication
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/saml-applications/{id}
      name: api-saml-applications-id
      description: REST surface for api-saml-applications-id.
      operations:
      - method: GET
        name: getsamlapplication
        description: Get SAML application
        call: logto-saml-applications.getsamlapplication
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updatesamlapplication
        description: Update SAML application
        call: logto-saml-applications.updatesamlapplication
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletesamlapplication
        description: Delete SAML application
        call: logto-saml-applications.deletesamlapplication
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/saml-applications/{id}/callback
      name: api-saml-applications-id-callback
      description: REST surface for api-saml-applications-id-callback.
      operations:
      - method: GET
        name: getsamlapplicationcallback
        description: SAML application callback
        call: logto-saml-applications.getsamlapplicationcallback
        with:
          code: rest.code
          state: rest.state
          redirectUri: rest.redirectUri
          error: rest.error
          error_description: rest.error_description
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/saml-applications/{id}/metadata
      name: api-saml-applications-id-metadata
      description: REST surface for api-saml-applications-id-metadata.
      operations:
      - method: GET
        name: listsamlapplicationmetadata
        description: Get SAML application metadata
        call: logto-saml-applications.listsamlapplicationmetadata
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/saml-applications/{id}/secrets
      name: api-saml-applications-id-secrets
      description: REST surface for api-saml-applications-id-secrets.
      operations:
      - method: POST
        name: createsamlapplicationsecret
        description: Create SAML application secret
        call: logto-saml-applications.createsamlapplicationsecret
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: listsamlapplicationsecrets
        description: List SAML application secrets
        call: logto-saml-applications.listsamlapplicationsecrets
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/saml-applications/{id}/secrets/{secretid}
      name: api-saml-applications-id-secrets-secretid
      description: REST surface for api-saml-applications-id-secrets-secretId.
      operations:
      - method: DELETE
        name: deletesamlapplicationsecret
        description: Delete SAML application secret
        call: logto-saml-applications.deletesamlapplicationsecret
        outputParameters:
        - type: object
          mapping: $.
      - method: PATCH
        name: updatesamlapplicationsecret
        description: Update SAML application secret
        call: logto-saml-applications.updatesamlapplicationsecret
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: logto-saml-applications-mcp
    port: 9090
    transport: http
    description: MCP adapter for Logto API references — SAML applications. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: create-saml-application
      description: Create SAML application
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-saml-applications.createsamlapplication
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-saml-application
      description: Get SAML application
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-saml-applications.getsamlapplication
      outputParameters:
      - type: object
        mapping: $.
    - name: update-saml-application
      description: Update SAML application
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-saml-applications.updatesamlapplication
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-saml-application
      description: Delete SAML application
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: logto-saml-applications.deletesamlapplication
      outputParameters:
      - type: object
        mapping: $.
    - name: saml-application-callback
      description: SAML application callback
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-saml-applications.getsamlapplicationcallback
      with:
        code: tools.code
        state: tools.state
        redirectUri: tools.redirectUri
        error: tools.error
        error_description: tools.error_description
      outputParameters:
      - type: object
        mapping: $.
    - name: get-saml-application-metadata
      description: Get SAML application metadata
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-saml-applications.listsamlapplicationmetadata
      outputParameters:
      - type: object
        mapping: $.
    - name: create-saml-application-secret
      description: Create SAML application secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: logto-saml-applications.createsamlapplicationsecret
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: list-saml-application-secrets
      description: List SAML application secrets
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: logto-saml-applications.listsamlapplicationsecrets
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-saml-application-secret
      description: Delete SAML application secret
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: logto-saml-applications.deletesamlapplicationsecret
      outputParameters:
      - type: object
        mapping: $.
    - name: update-saml-application-secret
      description: Update SAML application secret
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: logto-saml-applications.updatesamlapplicationsecret
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.