OWASP ZAP · Capability

ZAP API — forcedUser

ZAP API — forcedUser. 4 operations. Lead operation: forcedUser. Self-contained Naftiko capability covering one Owasp Zap business surface.

Run with Naftiko Owasp ZapforcedUser

What You Can Do

GET
Forceduseractionsetforceduser — Sets the user (ID) that should be used in 'forced user' mode for the given context (ID)
/v1/json/forceduser/action/setforceduser
GET
Forceduseractionsetforcedusermodeenabled — Sets if 'forced user' mode should be enabled or not
/v1/json/forceduser/action/setforcedusermodeenabled
GET
Forceduserviewgetforceduser — Gets the user (ID) set as 'forced user' for the given context (ID)
/v1/json/forceduser/view/getforceduser
GET
Forceduserviewisforcedusermodeenabled — Returns 'true' if 'forced user' mode is enabled, 'false' otherwise
/v1/json/forceduser/view/isforcedusermodeenabled

MCP Tools

sets-user-id-that-should

Sets the user (ID) that should be used in 'forced user' mode for the given context (ID)

read-only idempotent
sets-if-forced-user-mode

Sets if 'forced user' mode should be enabled or not

read-only idempotent
gets-user-id-set-forced

Gets the user (ID) set as 'forced user' for the given context (ID)

read-only idempotent
returns-true-if-forced-user

Returns 'true' if 'forced user' mode is enabled, 'false' otherwise

read-only idempotent

Capability Spec

owasp-zap-forceduser.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: ZAP API — forcedUser
  description: 'ZAP API — forcedUser. 4 operations. Lead operation: forcedUser. Self-contained Naftiko capability covering
    one Owasp Zap business surface.'
  tags:
  - Owasp Zap
  - forcedUser
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OWASP_ZAP_API_KEY: OWASP_ZAP_API_KEY
capability:
  consumes:
  - type: http
    namespace: owasp-zap-forceduser
    baseUri: http://zap
    description: ZAP API — forcedUser business capability. Self-contained, no shared references.
    resources:
    - name: JSON-forcedUser-action-setForcedUser
      path: /JSON/forcedUser/action/setForcedUser/
      operations:
      - name: forceduseractionsetforceduser
        method: GET
        description: Sets the user (ID) that should be used in 'forced user' mode for the given context (ID)
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-forcedUser-action-setForcedUserModeEnabled
      path: /JSON/forcedUser/action/setForcedUserModeEnabled/
      operations:
      - name: forceduseractionsetforcedusermodeenabled
        method: GET
        description: Sets if 'forced user' mode should be enabled or not
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-forcedUser-view-getForcedUser
      path: /JSON/forcedUser/view/getForcedUser/
      operations:
      - name: forceduserviewgetforceduser
        method: GET
        description: Gets the user (ID) set as 'forced user' for the given context (ID)
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: JSON-forcedUser-view-isForcedUserModeEnabled
      path: /JSON/forcedUser/view/isForcedUserModeEnabled/
      operations:
      - name: forceduserviewisforcedusermodeenabled
        method: GET
        description: Returns 'true' if 'forced user' mode is enabled, 'false' otherwise
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: apikey
      key: X-ZAP-API-Key
      value: '{{env.OWASP_ZAP_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: owasp-zap-forceduser-rest
    port: 8080
    description: REST adapter for ZAP API — forcedUser. One Spectral-compliant resource per consumed operation, prefixed with
      /v1.
    resources:
    - path: /v1/json/forceduser/action/setforceduser
      name: json-forceduser-action-setforceduser
      description: REST surface for JSON-forcedUser-action-setForcedUser.
      operations:
      - method: GET
        name: forceduseractionsetforceduser
        description: Sets the user (ID) that should be used in 'forced user' mode for the given context (ID)
        call: owasp-zap-forceduser.forceduseractionsetforceduser
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/forceduser/action/setforcedusermodeenabled
      name: json-forceduser-action-setforcedusermodeenabled
      description: REST surface for JSON-forcedUser-action-setForcedUserModeEnabled.
      operations:
      - method: GET
        name: forceduseractionsetforcedusermodeenabled
        description: Sets if 'forced user' mode should be enabled or not
        call: owasp-zap-forceduser.forceduseractionsetforcedusermodeenabled
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/forceduser/view/getforceduser
      name: json-forceduser-view-getforceduser
      description: REST surface for JSON-forcedUser-view-getForcedUser.
      operations:
      - method: GET
        name: forceduserviewgetforceduser
        description: Gets the user (ID) set as 'forced user' for the given context (ID)
        call: owasp-zap-forceduser.forceduserviewgetforceduser
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/json/forceduser/view/isforcedusermodeenabled
      name: json-forceduser-view-isforcedusermodeenabled
      description: REST surface for JSON-forcedUser-view-isForcedUserModeEnabled.
      operations:
      - method: GET
        name: forceduserviewisforcedusermodeenabled
        description: Returns 'true' if 'forced user' mode is enabled, 'false' otherwise
        call: owasp-zap-forceduser.forceduserviewisforcedusermodeenabled
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: owasp-zap-forceduser-mcp
    port: 9090
    transport: http
    description: MCP adapter for ZAP API — forcedUser. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: sets-user-id-that-should
      description: Sets the user (ID) that should be used in 'forced user' mode for the given context (ID)
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-forceduser.forceduseractionsetforceduser
      outputParameters:
      - type: object
        mapping: $.
    - name: sets-if-forced-user-mode
      description: Sets if 'forced user' mode should be enabled or not
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-forceduser.forceduseractionsetforcedusermodeenabled
      outputParameters:
      - type: object
        mapping: $.
    - name: gets-user-id-set-forced
      description: Gets the user (ID) set as 'forced user' for the given context (ID)
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-forceduser.forceduserviewgetforceduser
      outputParameters:
      - type: object
        mapping: $.
    - name: returns-true-if-forced-user
      description: Returns 'true' if 'forced user' mode is enabled, 'false' otherwise
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: owasp-zap-forceduser.forceduserviewisforcedusermodeenabled
      outputParameters:
      - type: object
        mapping: $.