M3ter · Capability

m3ter API — PermissionPolicy

m3ter API — PermissionPolicy. 13 operations. Lead operation: List PermissionPolicies. Self-contained Naftiko capability covering one M3ter business surface.

Run with Naftiko M3terPermissionPolicy

What You Can Do

GET

Listpermissionpolicies — List PermissionPolicies

/v1/organizations/{orgid}/permissionpolicies

POST

Postpermissionpolicy — Create Permission Policy

/v1/organizations/{orgid}/permissionpolicies

GET

Getpermissionpolicy — Retrieve Permission Policy

/v1/organizations/{orgid}/permissionpolicies/{id}

PUT

Putpermissionpolicy — Update Permission Policy

/v1/organizations/{orgid}/permissionpolicies/{id}

DELETE

Deletepermissionpolicy — Delete Permission Policy

/v1/organizations/{orgid}/permissionpolicies/{id}

POST

Addpermissionpolicytoserviceuser — Add a PermissionPolicy to a service user

/v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/addtoserviceuser

POST

Addpermissionpolicytosupportusers — Add a PermissionPolicy to support users for an organization

/v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/addtosupportusers

POST

Addpermissionpolicytouser — Add a PermissionPolicy to a user

/v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/addtouser

POST

Addpermissionpolicytousergroup — Add a PermissionPolicy to a user group

/v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/addtousergroup

POST

Removepermissionpolicyfromserviceuser — Remove a PermissionPolicy from a service user

/v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/removefromserviceuser

POST

Removepermissionpolicyfromsupportusers — Remove a PermissionPolicy from support users for an organization

/v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/removefromsupportusers

POST

Removepermissionpolicyfromuser — Remove a PermissionPolicy from a user

/v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/removefromuser

POST

Removepermissionpolicyfromusergroup — Remove a PermissionPolicy from a user group

/v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/removefromusergroup

MCP Tools

list-permissionpolicies

List PermissionPolicies

read-only idempotent

create-permission-policy

Create Permission Policy

retrieve-permission-policy

Retrieve Permission Policy

read-only idempotent

update-permission-policy

Update Permission Policy

idempotent

delete-permission-policy

Delete Permission Policy

idempotent

add-permissionpolicy-service-user

Add a PermissionPolicy to a service user

add-permissionpolicy-support-users-organization

Add a PermissionPolicy to support users for an organization

add-permissionpolicy-user

Add a PermissionPolicy to a user

add-permissionpolicy-user-group

Add a PermissionPolicy to a user group

remove-permissionpolicy-service-user

Remove a PermissionPolicy from a service user

remove-permissionpolicy-support-users-organization

Remove a PermissionPolicy from support users for an organization

remove-permissionpolicy-user

Remove a PermissionPolicy from a user

remove-permissionpolicy-user-group

Remove a PermissionPolicy from a user group

Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: m3ter API — PermissionPolicy
  description: 'm3ter API — PermissionPolicy. 13 operations. Lead operation: List PermissionPolicies. Self-contained Naftiko
    capability covering one M3ter business surface.'
  tags:
  - M3ter
  - PermissionPolicy
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    M3TER_API_KEY: M3TER_API_KEY
capability:
  consumes:
  - type: http
    namespace: m3ter-permissionpolicy
    baseUri: https://api.m3ter.com
    description: m3ter API — PermissionPolicy business capability. Self-contained, no shared references.
    resources:
    - name: organizations-orgId-permissionpolicies
      path: /organizations/{orgId}/permissionpolicies
      operations:
      - name: listpermissionpolicies
        method: GET
        description: List PermissionPolicies
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: pageSize
          in: query
          type: integer
          description: Number of permission polices to retrieve per page
        - name: nextToken
          in: query
          type: string
          description: nextToken for multi page retrievals
      - name: postpermissionpolicy
        method: POST
        description: Create Permission Policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: organizations-orgId-permissionpolicies-id
      path: /organizations/{orgId}/permissionpolicies/{id}
      operations:
      - name: getpermissionpolicy
        method: GET
        description: Retrieve Permission Policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: id
          in: path
          type: string
          description: The UUID of the PermissionPolicy to retrieve.
          required: true
      - name: putpermissionpolicy
        method: PUT
        description: Update Permission Policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The UUID of the PermissionPolicy to update.
          required: true
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deletepermissionpolicy
        method: DELETE
        description: Delete Permission Policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          description: The UUID of the PermissionPolicy to delete.
          required: true
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
    - name: organizations-orgId-permissionpolicies-permissionPolicyId-addtoserviceuser
      path: /organizations/{orgId}/permissionpolicies/{permissionPolicyId}/addtoserviceuser
      operations:
      - name: addpermissionpolicytoserviceuser
        method: POST
        description: Add a PermissionPolicy to a service user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: permissionPolicyId
          in: path
          type: string
          description: UUID of the permission policy
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: organizations-orgId-permissionpolicies-permissionPolicyId-addtosupportusers
      path: /organizations/{orgId}/permissionpolicies/{permissionPolicyId}/addtosupportusers
      operations:
      - name: addpermissionpolicytosupportusers
        method: POST
        description: Add a PermissionPolicy to support users for an organization
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: permissionPolicyId
          in: path
          type: string
          description: UUID of the permission policy
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: organizations-orgId-permissionpolicies-permissionPolicyId-addtouser
      path: /organizations/{orgId}/permissionpolicies/{permissionPolicyId}/addtouser
      operations:
      - name: addpermissionpolicytouser
        method: POST
        description: Add a PermissionPolicy to a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: permissionPolicyId
          in: path
          type: string
          description: UUID of the permission policy
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: organizations-orgId-permissionpolicies-permissionPolicyId-addtousergroup
      path: /organizations/{orgId}/permissionpolicies/{permissionPolicyId}/addtousergroup
      operations:
      - name: addpermissionpolicytousergroup
        method: POST
        description: Add a PermissionPolicy to a user group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: permissionPolicyId
          in: path
          type: string
          description: UUID of the permission policy
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: organizations-orgId-permissionpolicies-permissionPolicyId-removefromserviceuser
      path: /organizations/{orgId}/permissionpolicies/{permissionPolicyId}/removefromserviceuser
      operations:
      - name: removepermissionpolicyfromserviceuser
        method: POST
        description: Remove a PermissionPolicy from a service user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: permissionPolicyId
          in: path
          type: string
          description: UUID of the permission policy
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: organizations-orgId-permissionpolicies-permissionPolicyId-removefromsupportusers
      path: /organizations/{orgId}/permissionpolicies/{permissionPolicyId}/removefromsupportusers
      operations:
      - name: removepermissionpolicyfromsupportusers
        method: POST
        description: Remove a PermissionPolicy from support users for an organization
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: permissionPolicyId
          in: path
          type: string
          description: UUID of the permission policy
          required: true
    - name: organizations-orgId-permissionpolicies-permissionPolicyId-removefromuser
      path: /organizations/{orgId}/permissionpolicies/{permissionPolicyId}/removefromuser
      operations:
      - name: removepermissionpolicyfromuser
        method: POST
        description: Remove a PermissionPolicy from a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: permissionPolicyId
          in: path
          type: string
          description: UUID of the permission policy
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: organizations-orgId-permissionpolicies-permissionPolicyId-removefromusergroup
      path: /organizations/{orgId}/permissionpolicies/{permissionPolicyId}/removefromusergroup
      operations:
      - name: removepermissionpolicyfromusergroup
        method: POST
        description: Remove a PermissionPolicy from a user group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: orgId
          in: path
          type: string
          description: UUID of the organization
          required: true
        - name: permissionPolicyId
          in: path
          type: string
          description: UUID of the permission policy
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.M3TER_API_KEY}}'
  exposes:
  - type: rest
    namespace: m3ter-permissionpolicy-rest
    port: 8080
    description: REST adapter for m3ter API — PermissionPolicy. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/organizations/{orgid}/permissionpolicies
      name: organizations-orgid-permissionpolicies
      description: REST surface for organizations-orgId-permissionpolicies.
      operations:
      - method: GET
        name: listpermissionpolicies
        description: List PermissionPolicies
        call: m3ter-permissionpolicy.listpermissionpolicies
        with:
          orgId: rest.orgId
          pageSize: rest.pageSize
          nextToken: rest.nextToken
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: postpermissionpolicy
        description: Create Permission Policy
        call: m3ter-permissionpolicy.postpermissionpolicy
        with:
          orgId: rest.orgId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{id}
      name: organizations-orgid-permissionpolicies-id
      description: REST surface for organizations-orgId-permissionpolicies-id.
      operations:
      - method: GET
        name: getpermissionpolicy
        description: Retrieve Permission Policy
        call: m3ter-permissionpolicy.getpermissionpolicy
        with:
          orgId: rest.orgId
          id: rest.id
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: putpermissionpolicy
        description: Update Permission Policy
        call: m3ter-permissionpolicy.putpermissionpolicy
        with:
          id: rest.id
          orgId: rest.orgId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deletepermissionpolicy
        description: Delete Permission Policy
        call: m3ter-permissionpolicy.deletepermissionpolicy
        with:
          id: rest.id
          orgId: rest.orgId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/addtoserviceuser
      name: organizations-orgid-permissionpolicies-permissionpolicyid-addtoserviceuser
      description: REST surface for organizations-orgId-permissionpolicies-permissionPolicyId-addtoserviceuser.
      operations:
      - method: POST
        name: addpermissionpolicytoserviceuser
        description: Add a PermissionPolicy to a service user
        call: m3ter-permissionpolicy.addpermissionpolicytoserviceuser
        with:
          orgId: rest.orgId
          permissionPolicyId: rest.permissionPolicyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/addtosupportusers
      name: organizations-orgid-permissionpolicies-permissionpolicyid-addtosupportusers
      description: REST surface for organizations-orgId-permissionpolicies-permissionPolicyId-addtosupportusers.
      operations:
      - method: POST
        name: addpermissionpolicytosupportusers
        description: Add a PermissionPolicy to support users for an organization
        call: m3ter-permissionpolicy.addpermissionpolicytosupportusers
        with:
          orgId: rest.orgId
          permissionPolicyId: rest.permissionPolicyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/addtouser
      name: organizations-orgid-permissionpolicies-permissionpolicyid-addtouser
      description: REST surface for organizations-orgId-permissionpolicies-permissionPolicyId-addtouser.
      operations:
      - method: POST
        name: addpermissionpolicytouser
        description: Add a PermissionPolicy to a user
        call: m3ter-permissionpolicy.addpermissionpolicytouser
        with:
          orgId: rest.orgId
          permissionPolicyId: rest.permissionPolicyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/addtousergroup
      name: organizations-orgid-permissionpolicies-permissionpolicyid-addtousergroup
      description: REST surface for organizations-orgId-permissionpolicies-permissionPolicyId-addtousergroup.
      operations:
      - method: POST
        name: addpermissionpolicytousergroup
        description: Add a PermissionPolicy to a user group
        call: m3ter-permissionpolicy.addpermissionpolicytousergroup
        with:
          orgId: rest.orgId
          permissionPolicyId: rest.permissionPolicyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/removefromserviceuser
      name: organizations-orgid-permissionpolicies-permissionpolicyid-removefromserviceuser
      description: REST surface for organizations-orgId-permissionpolicies-permissionPolicyId-removefromserviceuser.
      operations:
      - method: POST
        name: removepermissionpolicyfromserviceuser
        description: Remove a PermissionPolicy from a service user
        call: m3ter-permissionpolicy.removepermissionpolicyfromserviceuser
        with:
          orgId: rest.orgId
          permissionPolicyId: rest.permissionPolicyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/removefromsupportusers
      name: organizations-orgid-permissionpolicies-permissionpolicyid-removefromsupportusers
      description: REST surface for organizations-orgId-permissionpolicies-permissionPolicyId-removefromsupportusers.
      operations:
      - method: POST
        name: removepermissionpolicyfromsupportusers
        description: Remove a PermissionPolicy from support users for an organization
        call: m3ter-permissionpolicy.removepermissionpolicyfromsupportusers
        with:
          orgId: rest.orgId
          permissionPolicyId: rest.permissionPolicyId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/removefromuser
      name: organizations-orgid-permissionpolicies-permissionpolicyid-removefromuser
      description: REST surface for organizations-orgId-permissionpolicies-permissionPolicyId-removefromuser.
      operations:
      - method: POST
        name: removepermissionpolicyfromuser
        description: Remove a PermissionPolicy from a user
        call: m3ter-permissionpolicy.removepermissionpolicyfromuser
        with:
          orgId: rest.orgId
          permissionPolicyId: rest.permissionPolicyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/organizations/{orgid}/permissionpolicies/{permissionpolicyid}/removefromusergroup
      name: organizations-orgid-permissionpolicies-permissionpolicyid-removefromusergroup
      description: REST surface for organizations-orgId-permissionpolicies-permissionPolicyId-removefromusergroup.
      operations:
      - method: POST
        name: removepermissionpolicyfromusergroup
        description: Remove a PermissionPolicy from a user group
        call: m3ter-permissionpolicy.removepermissionpolicyfromusergroup
        with:
          orgId: rest.orgId
          permissionPolicyId: rest.permissionPolicyId
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: m3ter-permissionpolicy-mcp
    port: 9090
    transport: http
    description: MCP adapter for m3ter API — PermissionPolicy. One tool per consumed operation, routed inline through this
      capability's consumes block.
    tools:
    - name: list-permissionpolicies
      description: List PermissionPolicies
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: m3ter-permissionpolicy.listpermissionpolicies
      with:
        orgId: tools.orgId
        pageSize: tools.pageSize
        nextToken: tools.nextToken
      outputParameters:
      - type: object
        mapping: $.
    - name: create-permission-policy
      description: Create Permission Policy
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.postpermissionpolicy
      with:
        orgId: tools.orgId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: retrieve-permission-policy
      description: Retrieve Permission Policy
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: m3ter-permissionpolicy.getpermissionpolicy
      with:
        orgId: tools.orgId
        id: tools.id
      outputParameters:
      - type: object
        mapping: $.
    - name: update-permission-policy
      description: Update Permission Policy
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: m3ter-permissionpolicy.putpermissionpolicy
      with:
        id: tools.id
        orgId: tools.orgId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-permission-policy
      description: Delete Permission Policy
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: m3ter-permissionpolicy.deletepermissionpolicy
      with:
        id: tools.id
        orgId: tools.orgId
      outputParameters:
      - type: object
        mapping: $.
    - name: add-permissionpolicy-service-user
      description: Add a PermissionPolicy to a service user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.addpermissionpolicytoserviceuser
      with:
        orgId: tools.orgId
        permissionPolicyId: tools.permissionPolicyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: add-permissionpolicy-support-users-organization
      description: Add a PermissionPolicy to support users for an organization
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.addpermissionpolicytosupportusers
      with:
        orgId: tools.orgId
        permissionPolicyId: tools.permissionPolicyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: add-permissionpolicy-user
      description: Add a PermissionPolicy to a user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.addpermissionpolicytouser
      with:
        orgId: tools.orgId
        permissionPolicyId: tools.permissionPolicyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: add-permissionpolicy-user-group
      description: Add a PermissionPolicy to a user group
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.addpermissionpolicytousergroup
      with:
        orgId: tools.orgId
        permissionPolicyId: tools.permissionPolicyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-permissionpolicy-service-user
      description: Remove a PermissionPolicy from a service user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.removepermissionpolicyfromserviceuser
      with:
        orgId: tools.orgId
        permissionPolicyId: tools.permissionPolicyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-permissionpolicy-support-users-organization
      description: Remove a PermissionPolicy from support users for an organization
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.removepermissionpolicyfromsupportusers
      with:
        orgId: tools.orgId
        permissionPolicyId: tools.permissionPolicyId
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-permissionpolicy-user
      description: Remove a PermissionPolicy from a user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.removepermissionpolicyfromuser
      with:
        orgId: tools.orgId
        permissionPolicyId: tools.permissionPolicyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-permissionpolicy-user-group
      description: Remove a PermissionPolicy from a user group
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: m3ter-permissionpolicy.removepermissionpolicyfromusergroup
      with:
        orgId: tools.orgId
        permissionPolicyId: tools.permissionPolicyId
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.