Ory · Capability
Ory Identities API — identity
Ory Identities API — identity. 19 operations. Lead operation: List Identities. Self-contained Naftiko capability covering one Ory business surface.
What You Can Do
GET
Listidentities
— List Identities
/v1/admin/identities
PATCH
Batchpatchidentities
— Create multiple identities
/v1/admin/identities
POST
Createidentity
— Create an Identity
/v1/admin/identities
GET
Getidentitybyexternalid
— Get an Identity by its External ID
/v1/admin/identities/by/external/{externalid}
DELETE
Deleteidentity
— Delete an Identity
/v1/admin/identities/{id}
GET
Getidentity
— Get an Identity
/v1/admin/identities/{id}
PATCH
Patchidentity
— Patch an Identity
/v1/admin/identities/{id}
PUT
Updateidentity
— Update an Identity
/v1/admin/identities/{id}
DELETE
Deleteidentitycredentials
— Delete a credential for a specific identity
/v1/admin/identities/{id}/credentials/{type}
DELETE
Deleteidentitysessions
— Delete & Invalidate an Identity's Sessions
/v1/admin/identities/{id}/sessions
GET
Listidentitysessions
— List an Identity's Sessions
/v1/admin/identities/{id}/sessions
POST
Createrecoverycodeforidentity
— Create a Recovery Code
/v1/admin/recovery/code
POST
Createrecoverylinkforidentity
— Create a Recovery Link
/v1/admin/recovery/link
GET
Listsessions
— List All Sessions
/v1/admin/sessions
DELETE
Disablesession
— Deactivate a Session
/v1/admin/sessions/{id}
GET
Getsession
— Get Session
/v1/admin/sessions/{id}
PATCH
Extendsession
— Extend a Session
/v1/admin/sessions/{id}/extend
GET
Listidentityschemas
— Get all Identity Schemas
/v1/schemas
GET
Getidentityschema
— Get Identity JSON Schema
/v1/schemas/{id}
MCP Tools
list-identities
List Identities
read-only
idempotent
create-multiple-identities
Create multiple identities
idempotent
create-identity
Create an Identity
get-identity-its-external-id
Get an Identity by its External ID
read-only
idempotent
delete-identity
Delete an Identity
idempotent
get-identity
Get an Identity
read-only
idempotent
patch-identity
Patch an Identity
idempotent
update-identity
Update an Identity
idempotent
delete-credential-specific-identity
Delete a credential for a specific identity
idempotent
delete-invalidate-identity-s-sessions
Delete & Invalidate an Identity's Sessions
idempotent
list-identity-s-sessions
List an Identity's Sessions
read-only
idempotent
create-recovery-code
Create a Recovery Code
create-recovery-link
Create a Recovery Link
list-all-sessions
List All Sessions
read-only
idempotent
deactivate-session
Deactivate a Session
idempotent
get-session
Get Session
read-only
idempotent
extend-session
Extend a Session
idempotent
get-all-identity-schemas
Get all Identity Schemas
read-only
idempotent
get-identity-json-schema
Get Identity JSON Schema
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Ory Identities API — identity
description: 'Ory Identities API — identity. 19 operations. Lead operation: List Identities. Self-contained Naftiko capability
covering one Ory business surface.'
tags:
- Ory
- identity
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
ORY_API_KEY: ORY_API_KEY
capability:
consumes:
- type: http
namespace: kratos-identity
baseUri: ''
description: Ory Identities API — identity business capability. Self-contained, no shared references.
resources:
- name: admin-identities
path: /admin/identities
operations:
- name: listidentities
method: GET
description: List Identities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: per_page
in: query
type: integer
description: Deprecated Items per Page
- name: page
in: query
type: integer
description: Deprecated Pagination Page
- name: page_size
in: query
type: integer
description: Page Size
- name: page_token
in: query
type: string
description: Next Page Token
- name: consistency
in: query
type: string
description: Read Consistency Level (preview)
- name: ids
in: query
type: array
description: Retrieve multiple identities by their IDs.
- name: credentials_identifier
in: query
type: string
description: CredentialsIdentifier is the identifier (username, email) of the credentials to look up using exact
match.
- name: preview_credentials_identifier_similar
in: query
type: string
description: This is an EXPERIMENTAL parameter that WILL CHANGE. Do NOT rely on consistent, deterministic behavior.
- name: include_credential
in: query
type: array
description: Include Credentials in Response
- name: organization_id
in: query
type: string
description: List identities that belong to a specific organization.
- name: batchpatchidentities
method: PATCH
description: Create multiple identities
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: createidentity
method: POST
description: Create an Identity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: admin-identities-by-external-externalID
path: /admin/identities/by/external/{externalID}
operations:
- name: getidentitybyexternalid
method: GET
description: Get an Identity by its External ID
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: externalID
in: path
type: string
description: ExternalID must be set to the ID of identity you want to get
required: true
- name: include_credential
in: query
type: array
description: Include Credentials in Response
- name: admin-identities-id
path: /admin/identities/{id}
operations:
- name: deleteidentity
method: DELETE
description: Delete an Identity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID is the identity's ID.
required: true
- name: getidentity
method: GET
description: Get an Identity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID must be set to the ID of identity you want to get
required: true
- name: include_credential
in: query
type: array
description: Include Credentials in Response
- name: patchidentity
method: PATCH
description: Patch an Identity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID must be set to the ID of identity you want to update
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: updateidentity
method: PUT
description: Update an Identity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID must be set to the ID of identity you want to update
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: admin-identities-id-credentials-type
path: /admin/identities/{id}/credentials/{type}
operations:
- name: deleteidentitycredentials
method: DELETE
description: Delete a credential for a specific identity
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID is the identity's ID.
required: true
- name: type
in: path
type: string
description: Type is the type of credentials to delete.
required: true
- name: identifier
in: query
type: string
description: Identifier is the identifier of the OIDC/SAML credential to delete.
- name: admin-identities-id-sessions
path: /admin/identities/{id}/sessions
operations:
- name: deleteidentitysessions
method: DELETE
description: Delete & Invalidate an Identity's Sessions
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID is the identity's ID.
required: true
- name: listidentitysessions
method: GET
description: List an Identity's Sessions
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: per_page
in: query
type: integer
description: Deprecated Items per Page
- name: page
in: query
type: integer
description: Deprecated Pagination Page
- name: page_size
in: query
type: integer
description: Page Size
- name: page_token
in: query
type: string
description: Next Page Token
- name: id
in: path
type: string
description: ID is the identity's ID.
required: true
- name: active
in: query
type: boolean
description: Active is a boolean flag that filters out sessions based on the state. If no value is provided, all
sessions are returned.
- name: admin-recovery-code
path: /admin/recovery/code
operations:
- name: createrecoverycodeforidentity
method: POST
description: Create a Recovery Code
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: admin-recovery-link
path: /admin/recovery/link
operations:
- name: createrecoverylinkforidentity
method: POST
description: Create a Recovery Link
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: return_to
in: query
type: string
- name: body
in: body
type: object
description: Request body (JSON).
required: false
- name: admin-sessions
path: /admin/sessions
operations:
- name: listsessions
method: GET
description: List All Sessions
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: page_size
in: query
type: integer
description: Items per Page
- name: page_token
in: query
type: string
description: Next Page Token
- name: active
in: query
type: boolean
description: Active is a boolean flag that filters out sessions based on the state. If no value is provided, all
sessions are returned.
- name: expand
in: query
type: array
description: ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.
- name: admin-sessions-id
path: /admin/sessions/{id}
operations:
- name: disablesession
method: DELETE
description: Deactivate a Session
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID is the session's ID.
required: true
- name: getsession
method: GET
description: Get Session
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: expand
in: query
type: array
description: ExpandOptions is a query parameter encoded list of all properties that must be expanded in the Session.
- name: id
in: path
type: string
description: ID is the session's ID.
required: true
- name: admin-sessions-id-extend
path: /admin/sessions/{id}/extend
operations:
- name: extendsession
method: PATCH
description: Extend a Session
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID is the session's ID.
required: true
- name: schemas
path: /schemas
operations:
- name: listidentityschemas
method: GET
description: Get all Identity Schemas
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: per_page
in: query
type: integer
description: Deprecated Items per Page
- name: page
in: query
type: integer
description: Deprecated Pagination Page
- name: page_size
in: query
type: integer
description: Page Size
- name: page_token
in: query
type: string
description: Next Page Token
- name: schemas-id
path: /schemas/{id}
operations:
- name: getidentityschema
method: GET
description: Get Identity JSON Schema
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: ID must be set to the ID of schema you want to get
required: true
authentication:
type: apikey
key: Authorization
value: '{{env.ORY_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: kratos-identity-rest
port: 8080
description: REST adapter for Ory Identities API — identity. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/admin/identities
name: admin-identities
description: REST surface for admin-identities.
operations:
- method: GET
name: listidentities
description: List Identities
call: kratos-identity.listidentities
with:
per_page: rest.per_page
page: rest.page
page_size: rest.page_size
page_token: rest.page_token
consistency: rest.consistency
ids: rest.ids
credentials_identifier: rest.credentials_identifier
preview_credentials_identifier_similar: rest.preview_credentials_identifier_similar
include_credential: rest.include_credential
organization_id: rest.organization_id
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: batchpatchidentities
description: Create multiple identities
call: kratos-identity.batchpatchidentities
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: POST
name: createidentity
description: Create an Identity
call: kratos-identity.createidentity
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/identities/by/external/{externalid}
name: admin-identities-by-external-externalid
description: REST surface for admin-identities-by-external-externalID.
operations:
- method: GET
name: getidentitybyexternalid
description: Get an Identity by its External ID
call: kratos-identity.getidentitybyexternalid
with:
externalID: rest.externalID
include_credential: rest.include_credential
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/identities/{id}
name: admin-identities-id
description: REST surface for admin-identities-id.
operations:
- method: DELETE
name: deleteidentity
description: Delete an Identity
call: kratos-identity.deleteidentity
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: GET
name: getidentity
description: Get an Identity
call: kratos-identity.getidentity
with:
id: rest.id
include_credential: rest.include_credential
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: patchidentity
description: Patch an Identity
call: kratos-identity.patchidentity
with:
id: rest.id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: PUT
name: updateidentity
description: Update an Identity
call: kratos-identity.updateidentity
with:
id: rest.id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/identities/{id}/credentials/{type}
name: admin-identities-id-credentials-type
description: REST surface for admin-identities-id-credentials-type.
operations:
- method: DELETE
name: deleteidentitycredentials
description: Delete a credential for a specific identity
call: kratos-identity.deleteidentitycredentials
with:
id: rest.id
type: rest.type
identifier: rest.identifier
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/identities/{id}/sessions
name: admin-identities-id-sessions
description: REST surface for admin-identities-id-sessions.
operations:
- method: DELETE
name: deleteidentitysessions
description: Delete & Invalidate an Identity's Sessions
call: kratos-identity.deleteidentitysessions
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: GET
name: listidentitysessions
description: List an Identity's Sessions
call: kratos-identity.listidentitysessions
with:
per_page: rest.per_page
page: rest.page
page_size: rest.page_size
page_token: rest.page_token
id: rest.id
active: rest.active
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/recovery/code
name: admin-recovery-code
description: REST surface for admin-recovery-code.
operations:
- method: POST
name: createrecoverycodeforidentity
description: Create a Recovery Code
call: kratos-identity.createrecoverycodeforidentity
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/recovery/link
name: admin-recovery-link
description: REST surface for admin-recovery-link.
operations:
- method: POST
name: createrecoverylinkforidentity
description: Create a Recovery Link
call: kratos-identity.createrecoverylinkforidentity
with:
return_to: rest.return_to
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/sessions
name: admin-sessions
description: REST surface for admin-sessions.
operations:
- method: GET
name: listsessions
description: List All Sessions
call: kratos-identity.listsessions
with:
page_size: rest.page_size
page_token: rest.page_token
active: rest.active
expand: rest.expand
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/sessions/{id}
name: admin-sessions-id
description: REST surface for admin-sessions-id.
operations:
- method: DELETE
name: disablesession
description: Deactivate a Session
call: kratos-identity.disablesession
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: GET
name: getsession
description: Get Session
call: kratos-identity.getsession
with:
expand: rest.expand
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/admin/sessions/{id}/extend
name: admin-sessions-id-extend
description: REST surface for admin-sessions-id-extend.
operations:
- method: PATCH
name: extendsession
description: Extend a Session
call: kratos-identity.extendsession
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/schemas
name: schemas
description: REST surface for schemas.
operations:
- method: GET
name: listidentityschemas
description: Get all Identity Schemas
call: kratos-identity.listidentityschemas
with:
per_page: rest.per_page
page: rest.page
page_size: rest.page_size
page_token: rest.page_token
outputParameters:
- type: object
mapping: $.
- path: /v1/schemas/{id}
name: schemas-id
description: REST surface for schemas-id.
operations:
- method: GET
name: getidentityschema
description: Get Identity JSON Schema
call: kratos-identity.getidentityschema
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: kratos-identity-mcp
port: 9090
transport: http
description: MCP adapter for Ory Identities API — identity. One tool per consumed operation, routed inline through this
capability's consumes block.
tools:
- name: list-identities
description: List Identities
hints:
readOnly: true
destructive: false
idempotent: true
call: kratos-identity.listidentities
with:
per_page: tools.per_page
page: tools.page
page_size: tools.page_size
page_token: tools.page_token
consistency: tools.consistency
ids: tools.ids
credentials_identifier: tools.credentials_identifier
preview_credentials_identifier_similar: tools.preview_credentials_identifier_similar
include_credential: tools.include_credential
organization_id: tools.organization_id
outputParameters:
- type: object
mapping: $.
- name: create-multiple-identities
description: Create multiple identities
hints:
readOnly: false
destructive: false
idempotent: true
call: kratos-identity.batchpatchidentities
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-identity
description: Create an Identity
hints:
readOnly: false
destructive: false
idempotent: false
call: kratos-identity.createidentity
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-identity-its-external-id
description: Get an Identity by its External ID
hints:
readOnly: true
destructive: false
idempotent: true
call: kratos-identity.getidentitybyexternalid
with:
externalID: tools.externalID
include_credential: tools.include_credential
outputParameters:
- type: object
mapping: $.
- name: delete-identity
description: Delete an Identity
hints:
readOnly: false
destructive: true
idempotent: true
call: kratos-identity.deleteidentity
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: get-identity
description: Get an Identity
hints:
readOnly: true
destructive: false
idempotent: true
call: kratos-identity.getidentity
with:
id: tools.id
include_credential: tools.include_credential
outputParameters:
- type: object
mapping: $.
- name: patch-identity
description: Patch an Identity
hints:
readOnly: false
destructive: false
idempotent: true
call: kratos-identity.patchidentity
with:
id: tools.id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: update-identity
description: Update an Identity
hints:
readOnly: false
destructive: false
idempotent: true
call: kratos-identity.updateidentity
with:
id: tools.id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-credential-specific-identity
description: Delete a credential for a specific identity
hints:
readOnly: false
destructive: true
idempotent: true
call: kratos-identity.deleteidentitycredentials
with:
id: tools.id
type: tools.type
identifier: tools.identifier
outputParameters:
- type: object
mapping: $.
- name: delete-invalidate-identity-s-sessions
description: Delete & Invalidate an Identity's Sessions
hints:
readOnly: false
destructive: true
idempotent: true
call: kratos-identity.deleteidentitysessions
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: list-identity-s-sessions
description: List an Identity's Sessions
hints:
readOnly: true
destructive: false
idempotent: true
call: kratos-identity.listidentitysessions
with:
per_page: tools.per_page
page: tools.page
page_size: tools.page_size
page_token: tools.page_token
id: tools.id
active: tools.active
outputParameters:
- type: object
mapping: $.
- name: create-recovery-code
description: Create a Recovery Code
hints:
readOnly: false
destructive: false
idempotent: false
call: kratos-identity.createrecoverycodeforidentity
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-recovery-link
description: Create a Recovery Link
hints:
readOnly: false
destructive: false
idempotent: false
call: kratos-identity.createrecoverylinkforidentity
with:
return_to: tools.return_to
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: list-all-sessions
description: List All Sessions
hints:
readOnly: true
destructive: false
idempotent: true
call: kratos-identity.listsessions
with:
page_size: tools.page_size
page_token: tools.page_token
active: tools.active
expand: tools.expand
outputParameters:
- type: object
mapping: $.
- name: deactivate-session
description: Deactivate a Session
hints:
readOnly: false
destructive: true
idempotent: true
call: kratos-identity.disablesession
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: get-session
description: Get Session
hints:
readOnly: true
destructive: false
idempotent: true
call: kratos-identity.getsession
with:
expand: tools.expand
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: extend-session
description: Extend a Session
hints:
readOnly: false
destructive: false
idempotent: true
call: kratos-identity.extendsession
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: get-all-identity-schemas
description: Get all Identity Schemas
hints:
readOnly: true
destructive: false
idempotent: true
call: kratos-identity.listidentityschemas
with:
per_page: tools.per_page
page: tools.page
page_size: tools.page_size
page_token: tools.page_token
outputParameters:
- type: object
mapping: $.
- name: get-identity-json-schema
description: Get Identity JSON Schema
hints:
readOnly: true
destructive: false
idempotent: true
call: kratos-identity.getidentityschema
with:
id: tools.id
outputParameters:
- type: object
mapping: $.