Passbolt · Capability

Passbolt API

This is a low-level overview of the API and its endpoints, if you need higher-level guides for interacting with the endpoints, use the Developer guide.

Run with Naftiko PassboltAPI

What You Can Do

GET
Viewauthisauthenticated — Check authentication status.
/auth/is-authenticated.json
GET
Viewauthjwtjwks — Get the JWKs server information.
/auth/jwt/jwks.json
POST
Authjwtlogin — Login.
/auth/jwt/login.json
POST
Authjwtlogout — Logout.
/auth/jwt/logout.json
POST
Authjwtrefresh — Refresh access token.
/auth/jwt/refresh.json
GET
Viewauthjwtrsa — Get the JWT RSA server information.
/auth/jwt/rsa.json
POST
Authlogin — Log in.
/auth/login.json
POST
Authlogout — Log out.
/auth/logout.json
GET
Viewauthverify — Get the server's public PGP key.
/auth/verify.json
POST
Checkauthverify — Verify the server's identity.
/auth/verify.json
GET
Viewavatar — Get an avatar as an image.
/avatars/view/{avatarId}/{avatarFormat}
PUT
Updatecomment — Update a comment.
/comments/{commentId}.json
DELETE
Deletecomment — Delete a comment.
/comments/{commentId}.json
GET
Indexcomments — Get comments for a resource.
/comments/resource/{resourceId}.json
POST
Addcomment — Add a comment.
/comments/resource/{resourceId}.json
GET
Simulatesync — Simulate directory synchronization without making changes.
/directorysync/synchronize/dry-run.json
POST
Runsync — Run the directory synchronization.
/directorysync/synchronize.json
DELETE
Deletefavorite — Unset a resource as favorite.
/favorite/{favoriteId}.json
POST
Addfavorite — Set a resource as favorite.
/favorite/{foreignModel}/{foreignId}.json
GET
Indexfolders — Get multiple folders.
/folders.json
POST
Addfolder — Create a folder.
/folders.json
GET
Viewfolder — Get a folder.
/folders/{folderId}.json
PUT
Updatefolder — Update a folder.
/folders/{folderId}.json
DELETE
Deletefolder — Delete a folder.
/folders/{folderId}.json
GET
Indexgpgkeys — Get multiple GPG keys.
/gpgkeys.json
GET
Viewgpgkey — Get a GPG key.
/gpgkeys/{gpgkeyId}.json
GET
Indexgroups — Get multiple groups.
/groups.json
POST
Addgroup — Create a group.
/groups.json
GET
Viewgroup — Get a group.
/groups/{groupId}.json
PUT
Updategroup — Update a group.
/groups/{groupId}.json
DELETE
Deletegroup — Delete a group.
/groups/{groupId}.json
PUT
Dryrunupdategroup — Dry run a group update.
/groups/{groupId}/dry-run.json
DELETE
Dryrundeletegroup — Dry run a group deletion.
/groups/{groupId}/dry-run.json
GET
Viewhealthcheck — Get healthcheck information.
/healthcheck.json
GET
Viewhealthcheckstatus — Check if passbolt is up.
/healthcheck/status.json
GET
Indexmetadatakeys — Get metadata keys.
/metadata/keys.json
POST
Addmetadatakey — Create a metadata key.
/metadata/keys.json
PUT
Updatemetadatakey — Mark a metadata key as expired.
/metadata/keys/{metadataKeyId}.json
DELETE
Deletemetadatakey — Delete a metadata key.
/metadata/keys/{metadataKeyId}.json
POST
Addmetadataprivatekey — Create a metadata private key.
/metadata/keys/privates.json
PUT
Updatemetadataprivatekey — Update a metadata private key.
/metadata/keys/private/{metadataPrivateKeyId}.json
GET
Indexmetadatakeyssettings — Get metadata keys settings.
/metadata/keys/settings.json
POST
Updatemetadatakeyssettings — Update metadata keys settings.
/metadata/keys/settings.json
GET
Viewmetadatatypessettings — Get metadata types settings
/metadata/types/settings.json
POST
Upgrademetadatatypessettings — Upgrade a resource types settings
/metadata/types/settings.json
GET
Viewmetadatarotatekeyfolders — Get folders with expired keys
/metadata/rotate-key/folders.json
POST
Rotatemetadataexpiredkeysfolders — Rotate expired metadata keys for folders
/metadata/rotate-key/folders.json
GET
Viewmetadatarotatekeyresources — Get resources with expired keys
/metadata/rotate-key/resources.json
POST
Rotatemetadataexpiredkeys — Rotate expired metadata keys for resources
/metadata/rotate-key/resources.json
GET
Viewmetadatasessionkeys — Get session keys.
/metadata/session-keys.json
POST
Addmetadatasessionkey — Add a session key.
/metadata/session-keys.json
POST
Updatemetadatasessionkey — Update a given session-key entry.
/metadata/session-key/{sessionKeyId}.json
DELETE
Deletesessionkey — Delete a given session-key entry.
/metadata/session-key/{sessionKeyId}.json
GET
Viewmetadatarotatekeytags — Get tags with expired keys
/metadata/rotate-key/tags.json
POST
Rotatemetadatakeystags — Rotate expired metadata keys for tags
/metadata/rotate-key/tags.json
GET
Viewmetadataupgradefolders — Get Upgradable Folders
/metadata/upgrade/folders.json
POST
Upgrademetadatafolders — Upgrade a folder
/metadata/upgrade/folders.json
GET
Viewmetadataupgraderesources — Get Upgradable Resources
/metadata/upgrade/resources.json
POST
Upgrademetadataresources — Upgrade a Resource
/metadata/upgrade/resources.json
GET
Viewmetadataupgradetags — Get Upgradable Tags
/metadata/upgrade/tags.json

MCP Tools

viewauthisauthenticated

Check authentication status.

read-only idempotent
viewauthjwtjwks

Get the JWKs server information.

read-only idempotent
authjwtlogin

Login.

authjwtlogout

Logout.

authjwtrefresh

Refresh access token.

viewauthjwtrsa

Get the JWT RSA server information.

read-only idempotent
authlogin

Log in.

authlogout

Log out.

viewauthverify

Get the server's public PGP key.

read-only idempotent
checkauthverify

Verify the server's identity.

viewavatar

Get an avatar as an image.

read-only idempotent
updatecomment

Update a comment.

idempotent
deletecomment

Delete a comment.

idempotent
indexcomments

Get comments for a resource.

read-only idempotent
addcomment

Add a comment.

simulatesync

Simulate directory synchronization without making changes.

read-only idempotent
runsync

Run the directory synchronization.

deletefavorite

Unset a resource as favorite.

idempotent
addfavorite

Set a resource as favorite.

indexfolders

Get multiple folders.

read-only idempotent
addfolder

Create a folder.

viewfolder

Get a folder.

read-only idempotent
updatefolder

Update a folder.

idempotent
deletefolder

Delete a folder.

idempotent
indexgpgkeys

Get multiple GPG keys.

read-only idempotent
viewgpgkey

Get a GPG key.

read-only idempotent
indexgroups

Get multiple groups.

read-only idempotent
addgroup

Create a group.

viewgroup

Get a group.

read-only idempotent
updategroup

Update a group.

idempotent
deletegroup

Delete a group.

idempotent
dryrunupdategroup

Dry run a group update.

idempotent
dryrundeletegroup

Dry run a group deletion.

idempotent
viewhealthcheck

Get healthcheck information.

read-only idempotent
viewhealthcheckstatus

Check if passbolt is up.

read-only idempotent
indexmetadatakeys

Get metadata keys.

read-only idempotent
addmetadatakey

Create a metadata key.

updatemetadatakey

Mark a metadata key as expired.

idempotent
deletemetadatakey

Delete a metadata key.

idempotent
addmetadataprivatekey

Create a metadata private key.

updatemetadataprivatekey

Update a metadata private key.

idempotent
indexmetadatakeyssettings

Get metadata keys settings.

read-only idempotent
updatemetadatakeyssettings

Update metadata keys settings.

viewmetadatatypessettings

Get metadata types settings

read-only idempotent
upgrademetadatatypessettings

Upgrade a resource types settings

viewmetadatarotatekeyfolders

Get folders with expired keys

read-only idempotent
rotatemetadataexpiredkeysfolders

Rotate expired metadata keys for folders

viewmetadatarotatekeyresources

Get resources with expired keys

read-only idempotent
rotatemetadataexpiredkeys

Rotate expired metadata keys for resources

viewmetadatasessionkeys

Get session keys.

read-only idempotent
addmetadatasessionkey

Add a session key.

updatemetadatasessionkey

Update a given session-key entry.

deletesessionkey

Delete a given session-key entry.

idempotent
viewmetadatarotatekeytags

Get tags with expired keys

read-only idempotent
rotatemetadatakeystags

Rotate expired metadata keys for tags

viewmetadataupgradefolders

Get Upgradable Folders

read-only idempotent
upgrademetadatafolders

Upgrade a folder

viewmetadataupgraderesources

Get Upgradable Resources

read-only idempotent
upgrademetadataresources

Upgrade a Resource

viewmetadataupgradetags

Get Upgradable Tags

read-only idempotent

Capability Spec

passbolt-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Passbolt API
  description: This is a low-level overview of the API and its endpoints, if you need higher-level guides for interacting
    with the endpoints, use the Developer guide.
  tags:
  - Passbolt
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: passbolt
    baseUri: https://passbolt.local
    description: Passbolt API HTTP API.
    authentication:
      type: bearer
      token: '{{PASSBOLT_TOKEN}}'
    resources:
    - name: auth-is-authenticated-json
      path: /auth/is-authenticated.json
      operations:
      - name: viewauthisauthenticated
        method: GET
        description: Check authentication status.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-jwt-jwks-json
      path: /auth/jwt/jwks.json
      operations:
      - name: viewauthjwtjwks
        method: GET
        description: Get the JWKs server information.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-jwt-login-json
      path: /auth/jwt/login.json
      operations:
      - name: authjwtlogin
        method: POST
        description: Login.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-jwt-logout-json
      path: /auth/jwt/logout.json
      operations:
      - name: authjwtlogout
        method: POST
        description: Logout.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-jwt-refresh-json
      path: /auth/jwt/refresh.json
      operations:
      - name: authjwtrefresh
        method: POST
        description: Refresh access token.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-jwt-rsa-json
      path: /auth/jwt/rsa.json
      operations:
      - name: viewauthjwtrsa
        method: GET
        description: Get the JWT RSA server information.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-login-json
      path: /auth/login.json
      operations:
      - name: authlogin
        method: POST
        description: Log in.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-logout-json
      path: /auth/logout.json
      operations:
      - name: authlogout
        method: POST
        description: Log out.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-verify-json
      path: /auth/verify.json
      operations:
      - name: viewauthverify
        method: GET
        description: Get the server's public PGP key.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: checkauthverify
        method: POST
        description: Verify the server's identity.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: avatars-view-avatarid-avatarformat
      path: /avatars/view/{avatarId}/{avatarFormat}
      operations:
      - name: viewavatar
        method: GET
        description: Get an avatar as an image.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: comments-commentid-json
      path: /comments/{commentId}.json
      operations:
      - name: updatecomment
        method: PUT
        description: Update a comment.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deletecomment
        method: DELETE
        description: Delete a comment.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: comments-resource-resourceid-json
      path: /comments/resource/{resourceId}.json
      operations:
      - name: indexcomments
        method: GET
        description: Get comments for a resource.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: addcomment
        method: POST
        description: Add a comment.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: directorysync-synchronize-dry-run-json
      path: /directorysync/synchronize/dry-run.json
      operations:
      - name: simulatesync
        method: GET
        description: Simulate directory synchronization without making changes.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: directorysync-synchronize-json
      path: /directorysync/synchronize.json
      operations:
      - name: runsync
        method: POST
        description: Run the directory synchronization.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: favorite-favoriteid-json
      path: /favorite/{favoriteId}.json
      operations:
      - name: deletefavorite
        method: DELETE
        description: Unset a resource as favorite.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: favorite-foreignmodel-foreignid-json
      path: /favorite/{foreignModel}/{foreignId}.json
      operations:
      - name: addfavorite
        method: POST
        description: Set a resource as favorite.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: folders-json
      path: /folders.json
      operations:
      - name: indexfolders
        method: GET
        description: Get multiple folders.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: addfolder
        method: POST
        description: Create a folder.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: folders-folderid-json
      path: /folders/{folderId}.json
      operations:
      - name: viewfolder
        method: GET
        description: Get a folder.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatefolder
        method: PUT
        description: Update a folder.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deletefolder
        method: DELETE
        description: Delete a folder.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: gpgkeys-json
      path: /gpgkeys.json
      operations:
      - name: indexgpgkeys
        method: GET
        description: Get multiple GPG keys.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: gpgkeys-gpgkeyid-json
      path: /gpgkeys/{gpgkeyId}.json
      operations:
      - name: viewgpgkey
        method: GET
        description: Get a GPG key.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: groups-json
      path: /groups.json
      operations:
      - name: indexgroups
        method: GET
        description: Get multiple groups.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: addgroup
        method: POST
        description: Create a group.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: groups-groupid-json
      path: /groups/{groupId}.json
      operations:
      - name: viewgroup
        method: GET
        description: Get a group.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updategroup
        method: PUT
        description: Update a group.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deletegroup
        method: DELETE
        description: Delete a group.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: groups-groupid-dry-run-json
      path: /groups/{groupId}/dry-run.json
      operations:
      - name: dryrunupdategroup
        method: PUT
        description: Dry run a group update.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: dryrundeletegroup
        method: DELETE
        description: Dry run a group deletion.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: healthcheck-json
      path: /healthcheck.json
      operations:
      - name: viewhealthcheck
        method: GET
        description: Get healthcheck information.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: healthcheck-status-json
      path: /healthcheck/status.json
      operations:
      - name: viewhealthcheckstatus
        method: GET
        description: Check if passbolt is up.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-keys-json
      path: /metadata/keys.json
      operations:
      - name: indexmetadatakeys
        method: GET
        description: Get metadata keys.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: addmetadatakey
        method: POST
        description: Create a metadata key.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-keys-metadatakeyid-json
      path: /metadata/keys/{metadataKeyId}.json
      operations:
      - name: updatemetadatakey
        method: PUT
        description: Mark a metadata key as expired.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deletemetadatakey
        method: DELETE
        description: Delete a metadata key.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-keys-privates-json
      path: /metadata/keys/privates.json
      operations:
      - name: addmetadataprivatekey
        method: POST
        description: Create a metadata private key.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-keys-private-metadataprivatekeyid-json
      path: /metadata/keys/private/{metadataPrivateKeyId}.json
      operations:
      - name: updatemetadataprivatekey
        method: PUT
        description: Update a metadata private key.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-keys-settings-json
      path: /metadata/keys/settings.json
      operations:
      - name: indexmetadatakeyssettings
        method: GET
        description: Get metadata keys settings.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatemetadatakeyssettings
        method: POST
        description: Update metadata keys settings.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-types-settings-json
      path: /metadata/types/settings.json
      operations:
      - name: viewmetadatatypessettings
        method: GET
        description: Get metadata types settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: upgrademetadatatypessettings
        method: POST
        description: Upgrade a resource types settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-rotate-key-folders-json
      path: /metadata/rotate-key/folders.json
      operations:
      - name: viewmetadatarotatekeyfolders
        method: GET
        description: Get folders with expired keys
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: rotatemetadataexpiredkeysfolders
        method: POST
        description: Rotate expired metadata keys for folders
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-rotate-key-resources-json
      path: /metadata/rotate-key/resources.json
      operations:
      - name: viewmetadatarotatekeyresources
        method: GET
        description: Get resources with expired keys
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: rotatemetadataexpiredkeys
        method: POST
        description: Rotate expired metadata keys for resources
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-session-keys-json
      path: /metadata/session-keys.json
      operations:
      - name: viewmetadatasessionkeys
        method: GET
        description: Get session keys.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: addmetadatasessionkey
        method: POST
        description: Add a session key.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-session-key-sessionkeyid-json
      path: /metadata/session-key/{sessionKeyId}.json
      operations:
      - name: updatemetadatasessionkey
        method: POST
        description: Update a given session-key entry.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deletesessionkey
        method: DELETE
        description: Delete a given session-key entry.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-rotate-key-tags-json
      path: /metadata/rotate-key/tags.json
      operations:
      - name: viewmetadatarotatekeytags
        method: GET
        description: Get tags with expired keys
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: rotatemetadatakeystags
        method: POST
        description: Rotate expired metadata keys for tags
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-upgrade-folders-json
      path: /metadata/upgrade/folders.json
      operations:
      - name: viewmetadataupgradefolders
        method: GET
        description: Get Upgradable Folders
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: upgrademetadatafolders
        method: POST
        description: Upgrade a folder
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-upgrade-resources-json
      path: /metadata/upgrade/resources.json
      operations:
      - name: viewmetadataupgraderesources
        method: GET
        description: Get Upgradable Resources
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: upgrademetadataresources
        method: POST
        description: Upgrade a Resource
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: metadata-upgrade-tags-json
      path: /metadata/upgrade/tags.json
      operations:
      - name: viewmetadataupgradetags
        method: GET
        description: Get Upgradable Tags
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: passbolt-rest
    description: REST adapter for Passbolt API.
    resources:
    - path: /auth/is-authenticated.json
      name: viewauthisauthenticated
      operations:
      - method: GET
        name: viewauthisauthenticated
        description: Check authentication status.
        call: passbolt.viewauthisauthenticated
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/jwt/jwks.json
      name: viewauthjwtjwks
      operations:
      - method: GET
        name: viewauthjwtjwks
        description: Get the JWKs server information.
        call: passbolt.viewauthjwtjwks
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/jwt/login.json
      name: authjwtlogin
      operations:
      - method: POST
        name: authjwtlogin
        description: Login.
        call: passbolt.authjwtlogin
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/jwt/logout.json
      name: authjwtlogout
      operations:
      - method: POST
        name: authjwtlogout
        description: Logout.
        call: passbolt.authjwtlogout
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/jwt/refresh.json
      name: authjwtrefresh
      operations:
      - method: POST
        name: authjwtrefresh
        description: Refresh access token.
        call: passbolt.authjwtrefresh
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/jwt/rsa.json
      name: viewauthjwtrsa
      operations:
      - method: GET
        name: viewauthjwtrsa
        description: Get the JWT RSA server information.
        call: passbolt.viewauthjwtrsa
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/login.json
      name: authlogin
      operations:
      - method: POST
        name: authlogin
        description: Log in.
        call: passbolt.authlogin
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/logout.json
      name: authlogout
      operations:
      - method: POST
        name: authlogout
        description: Log out.
        call: passbolt.authlogout
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/verify.json
      name: viewauthverify
      operations:
      - method: GET
        name: viewauthverify
        description: Get the server's public PGP key.
        call: passbolt.viewauthverify
        outputParameters:
        - type: object
          mapping: $.
    - path: /auth/verify.json
      name: checkauthverify
      operations:
      - method: POST
        name: checkauthverify
        description: Verify the server's identity.
        call: passbolt.checkauthverify
        outputParameters:
        - type: object
          mapping: $.
    - path: /avatars/view/{avatarId}/{avatarFormat}
      name: viewavatar
      operations:
      - method: GET
        name: viewavatar
        description: Get an avatar as an image.
        call: passbolt.viewavatar
        outputParameters:
        - type: object
          mapping: $.
    - path: /comments/{commentId}.json
      name: updatecomment
      operations:
      - method: PUT
        name: updatecomment
        description: Update a comment.
        call: passbolt.updatecomment
        outputParameters:
        - type: object
          mapping: $.
    - path: /comments/{commentId}.json
      name: deletecomment
      operations:
      - method: DELETE
        name: deletecomment
        description: Delete a comment.
        call: passbolt.deletecomment
        outputParameters:
        - type: object
          mapping: $.
    - path: /comments/resource/{resourceId}.json
      name: indexcomments
      operations:
      - method: GET
        name: indexcomments
        description: Get comments for a resource.
        call: passbolt.indexcomments
        outputParameters:
        - type: object
          mapping: $.
    - path: /comments/resource/{resourceId}.json
      name: addcomment
      operations:
      - method: POST
        name: addcomment
        description: Add a comment.
        call: passbolt.addcomment
        outputParameters:
        - type: object
          mapping: $.
    - path: /directorysync/synchronize/dry-run.json
      name: simulatesync
      operations:
      - method: GET
        name: simulatesync
        description: Simulate directory synchronization without making changes.
        call: passbolt.simulatesync
        outputParameters:
        - type: object
          mapping: $.
    - path: /directorysync/synchronize.json
      name: runsync
      operations:
      - method: POST
        name: runsync
        description: Run the directory synchronization.
        call: passbolt.runsync
        outputParameters:
        - type: object
          mapping: $.
    - path: /favorite/{favoriteId}.json
      name: deletefavorite
      operations:
      - method: DELETE
        name: deletefavorite
        description: Unset a resource as favorite.
        call: passbolt.deletefavorite
        outputParameters:
        - type: object
          mapping: $.
    - path: /favorite/{foreignModel}/{foreignId}.json
      name: addfavorite
      operations:
      - method: POST
        name: addfavorite
        description: Set a resource as favorite.
        call: passbolt.addfavorite
        outputParameters:
        - type: object
          mapping: $.
    - path: /folders.json
      name: indexfolders
      operations:
      - method: GET
        name: indexfolders
        description: Get multiple folders.
        call: passbolt.indexfolders
        outputParameters:
        - type: object
          mapping: $.
    - path: /folders.json
      name: addfolder
      operations:
      - method: POST
        name: addfolder
        description: Create a folder.
        call: passbolt.addfolder
        outputParameters:
        - type: object
          mapping: $.
    - path: /folders/{folderId}.json
      name: viewfolder
      operations:
      - method: GET
        name: viewfolder
        description: Get a folder.
        call: passbolt.viewfolder
        outputParameters:
        - type: object
          mapping: $.
    - path: /folders/{folderId}.json
      name: updatefolder
      operations:
      - method: PUT
        name: updatefolder
        description: Update a folder.
        call: passbolt.updatefolder
        outputParameters:
        - type: object
          mapping: $.
    - path: /folders/{folderId}.json
      name: deletefolder
      operations:
      - method: DELETE
        name: deletefolder
        description: Delete a folder.
        call: passbolt.deletefolder
        outputParameters:
        - type: object
          mapping: $.
    - path: /gpgkeys.json
      name: indexgpgkeys
      operations:
      - method: GET
        name: indexgpgkeys
        description: Get multiple GPG keys.
        call: passbolt.indexgpgkeys
        outputParameters:
        - type: object
          mapping: $.
    - path: /gpgkeys/{gpgkeyId}.json
      name: viewgpgkey
      operations:
      - method: GET
        name: viewgpgkey
        description: Get a GPG key.
        call: passbolt.viewgpgkey
        outputParameters:
        - type: object
          mapping: $.
    - path: /groups.json
      name: indexgroups
      operations:
      - method: GET
        name: indexgroups
        description: Get multiple groups.
        call: passbolt.indexgroups
        outputParameters:
        - type: object
          mapping: $.
    - path: /groups.json
      name: addgroup
      operations:
      - method: POST
        name: addgroup
        description: Create a group.
        call: passbolt.addgroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /groups/{groupId}.json
      name: viewgroup
      operations:
      - method: GET
        name: viewgroup
        description: Get a group.
        call: passbolt.viewgroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /groups/{groupId}.json
      name: updategroup
      operations:
      - method: PUT
        name: updategroup
        description: Update a group.
        call: passbolt.updategroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /groups/{groupId}.json
      name: deletegroup
      operations:
      - method: DELETE
        name: deletegroup
        description: Delete a group.
        call: passbolt.deletegroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /groups/{groupId}/dry-run.json
      name: dryrunupdategroup
      operations:
      - method: PUT
        name: dryrunupdategroup
        description: Dry run a group update.
        call: passbolt.dryrunupdategroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /groups/{groupId}/dry-run.json
      name: dryrundeletegroup
      operations:
      - method: DELETE
        name: dryrundeletegroup
        description: Dry run a group deletion.
        call: passbolt.dryrundeletegroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /healthcheck.json
      name: viewhealthcheck
      operations:
      - method: GET
        name: viewhealthcheck
        description: Get healthcheck information.
        call: passbolt.viewhealthcheck
        outputParameters:
        - type: object
          mapping: $.
    - path: /healthcheck/status.json
      name: viewhealthcheckstatus
      operations:
      - method: GET
        name: viewhealthcheckstatus
        description: Check if passbolt is up.
        call: passbolt.viewhealthcheckstatus
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/keys.json
      name: indexmetadatakeys
      operations:
      - method: GET
        name: indexmetadatakeys
        description: Get metadata keys.
        call: passbolt.indexmetadatakeys
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/keys.json
      name: addmetadatakey
      operations:
      - method: POST
        name: addmetadatakey
        description: Create a metadata key.
        call: passbolt.addmetadatakey
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/keys/{metadataKeyId}.json
      name: updatemetadatakey
      operations:
      - method: PUT
        name: updatemetadatakey
        description: Mark a metadata key as expired.
        call: passbolt.updatemetadatakey
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/keys/{metadataKeyId}.json
      name: deletemetadatakey
      operations:
      - method: DELETE
        name: deletemetadatakey
        description: Delete a metadata key.
        call: passbolt.deletemetadatakey
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/keys/privates.json
      name: addmetadataprivatekey
      operations:
      - method: POST
        name: addmetadataprivatekey
        description: Create a metadata private key.
        call: passbolt.addmetadataprivatekey
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/keys/private/{metadataPrivateKeyId}.json
      name: updatemetadataprivatekey
      operations:
      - method: PUT
        name: updatemetadataprivatekey
        description: Update a metadata private key.
        call: passbolt.updatemetadataprivatekey
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/keys/settings.json
      name: indexmetadatakeyssettings
      operations:
      - method: GET
        name: indexmetadatakeyssettings
        description: Get metadata keys settings.
        call: passbolt.indexmetadatakeyssettings
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/keys/settings.json
      name: updatemetadatakeyssettings
      operations:
      - method: POST
        name: updatemetadatakeyssettings
        description: Update metadata keys settings.
        call: passbolt.updatemetadatakeyssettings
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/types/settings.json
      name: viewmetadatatypessettings
      operations:
      - method: GET
        name: viewmetadatatypessettings
        description: Get metadata types settings
        call: passbolt.viewmetadatatypessettings
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/types/settings.json
      name: upgrademetadatatypessettings
      operations:
      - method: POST
        name: upgrademetadatatypessettings
        description: Upgrade a resource types settings
        call: passbolt.upgrademetadatatypessettings
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/rotate-key/folders.json
      name: viewmetadatarotatekeyfolders
      operations:
      - method: GET
        name: viewmetadatarotatekeyfolders
        description: Get folders with expired keys
        call: passbolt.viewmetadatarotatekeyfolders
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/rotate-key/folders.json
      name: rotatemetadataexpiredkeysfolders
      operations:
      - method: POST
        name: rotatemetadataexpiredkeysfolders
        description: Rotate expired metadata keys for folders
        call: passbolt.rotatemetadataexpiredkeysfolders
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/rotate-key/resources.json
      name: viewmetadatarotatekeyresources
      operations:
      - method: GET
        name: viewmetadatarotatekeyresources
        description: Get resources with expired keys
        call: passbolt.viewmetadatarotatekeyresources
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/rotate-key/resources.json
      name: rotatemetadataexpiredkeys
      operations:
      - method: POST
        name: rotatemetadataexpiredkeys
        description: Rotate expired metadata keys for resources
        call: passbolt.rotatemetadataexpiredkeys
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/session-keys.json
      name: viewmetadatasessionkeys
      operations:
      - method: GET
        name: viewmetadatasessionkeys
        description: Get session keys.
        call: passbolt.viewmetadatasessionkeys
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/session-keys.json
      name: addmetadatasessionkey
      operations:
      - method: POST
        name: addmetadatasessionkey
        description: Add a session key.
        call: passbolt.addmetadatasessionkey
        outputParameters:
        - type: object
          mapping: $.
    - path: /metadata/session-key/{sessionKeyId}.json
      name: updatemetadatasessionkey
      operations:
      - method: POST
        name: updatemetadatasessionkey
       

# --- truncated at 32 KB (50 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/passbolt/refs/heads/main/capabilities/passbolt-capability.yaml