Permit.io · Capability
Permit.io API — Roles
Permit.io API — Roles. 9 operations. Lead operation: List Roles. Self-contained Naftiko capability covering one Permit Io business surface.
What You Can Do
GET
Listroles
— List Roles
/v1/v2/schema/{proj-id}/{env-id}/roles
POST
Createrole
— Create Role
/v1/v2/schema/{proj-id}/{env-id}/roles
GET
Getrole
— Get Role
/v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}
DELETE
Deleterole
— Delete Role
/v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}
PATCH
Updaterole
— Update Role
/v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}
GET
Getroleancestors
— Get Role Ancestors
/v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/ancestors
GET
Getroledescendants
— Get Role Descendants
/v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/descendants
POST
Assignpermissionstorole
— Assign Permissions To Role
/v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/permissions
DELETE
Removepermissionsfromrole
— Remove Permissions From Role
/v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/permissions
MCP Tools
list-roles
List Roles
read-only
idempotent
create-role
Create Role
get-role
Get Role
read-only
idempotent
delete-role
Delete Role
idempotent
update-role
Update Role
idempotent
get-role-ancestors
Get Role Ancestors
read-only
idempotent
get-role-descendants
Get Role Descendants
read-only
idempotent
assign-permissions-role
Assign Permissions To Role
remove-permissions-role
Remove Permissions From Role
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Permit.io API — Roles
description: 'Permit.io API — Roles. 9 operations. Lead operation: List Roles. Self-contained Naftiko capability covering
one Permit Io business surface.'
tags:
- Permit Io
- Roles
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
PERMIT_IO_API_KEY: PERMIT_IO_API_KEY
capability:
consumes:
- type: http
namespace: permit-io-roles
baseUri: ''
description: Permit.io API — Roles business capability. Self-contained, no shared references.
resources:
- name: v2-schema-proj_id-env_id-roles
path: /v2/schema/{proj_id}/{env_id}/roles
operations:
- name: listroles
method: GET
description: List Roles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: include_total_count
in: query
type: boolean
description: Include total count in response
- name: page
in: query
type: integer
description: Page number of the results to fetch, starting at 1.
- name: per_page
in: query
type: integer
description: The number of results per page (max 100).
- name: search
in: query
type: string
description: Text search for the object name or key
- name: createrole
method: POST
description: Create Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: v2-schema-proj_id-env_id-roles-role_id
path: /v2/schema/{proj_id}/{env_id}/roles/{role_id}
operations:
- name: getrole
method: GET
description: Get Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: deleterole
method: DELETE
description: Delete Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: updaterole
method: PATCH
description: Update Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: v2-schema-proj_id-env_id-roles-role_id-ancestors
path: /v2/schema/{proj_id}/{env_id}/roles/{role_id}/ancestors
operations:
- name: getroleancestors
method: GET
description: Get Role Ancestors
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: v2-schema-proj_id-env_id-roles-role_id-descendants
path: /v2/schema/{proj_id}/{env_id}/roles/{role_id}/descendants
operations:
- name: getroledescendants
method: GET
description: Get Role Descendants
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: v2-schema-proj_id-env_id-roles-role_id-permissions
path: /v2/schema/{proj_id}/{env_id}/roles/{role_id}/permissions
operations:
- name: assignpermissionstorole
method: POST
description: Assign Permissions To Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: removepermissionsfromrole
method: DELETE
description: Remove Permissions From Role
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: role_id
in: path
type: string
description: 'Either the unique id of the role, or the URL-friendly key of the role (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
authentication:
type: bearer
token: '{{env.PERMIT_IO_API_KEY}}'
exposes:
- type: rest
namespace: permit-io-roles-rest
port: 8080
description: REST adapter for Permit.io API — Roles. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/v2/schema/{proj-id}/{env-id}/roles
name: v2-schema-proj-id-env-id-roles
description: REST surface for v2-schema-proj_id-env_id-roles.
operations:
- method: GET
name: listroles
description: List Roles
call: permit-io-roles.listroles
with:
proj_id: rest.proj_id
env_id: rest.env_id
include_total_count: rest.include_total_count
page: rest.page
per_page: rest.per_page
search: rest.search
outputParameters:
- type: object
mapping: $.
- method: POST
name: createrole
description: Create Role
call: permit-io-roles.createrole
with:
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}
name: v2-schema-proj-id-env-id-roles-role-id
description: REST surface for v2-schema-proj_id-env_id-roles-role_id.
operations:
- method: GET
name: getrole
description: Get Role
call: permit-io-roles.getrole
with:
role_id: rest.role_id
proj_id: rest.proj_id
env_id: rest.env_id
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deleterole
description: Delete Role
call: permit-io-roles.deleterole
with:
role_id: rest.role_id
proj_id: rest.proj_id
env_id: rest.env_id
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: updaterole
description: Update Role
call: permit-io-roles.updaterole
with:
role_id: rest.role_id
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/ancestors
name: v2-schema-proj-id-env-id-roles-role-id-ancestors
description: REST surface for v2-schema-proj_id-env_id-roles-role_id-ancestors.
operations:
- method: GET
name: getroleancestors
description: Get Role Ancestors
call: permit-io-roles.getroleancestors
with:
role_id: rest.role_id
proj_id: rest.proj_id
env_id: rest.env_id
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/descendants
name: v2-schema-proj-id-env-id-roles-role-id-descendants
description: REST surface for v2-schema-proj_id-env_id-roles-role_id-descendants.
operations:
- method: GET
name: getroledescendants
description: Get Role Descendants
call: permit-io-roles.getroledescendants
with:
role_id: rest.role_id
proj_id: rest.proj_id
env_id: rest.env_id
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/schema/{proj-id}/{env-id}/roles/{role-id}/permissions
name: v2-schema-proj-id-env-id-roles-role-id-permissions
description: REST surface for v2-schema-proj_id-env_id-roles-role_id-permissions.
operations:
- method: POST
name: assignpermissionstorole
description: Assign Permissions To Role
call: permit-io-roles.assignpermissionstorole
with:
role_id: rest.role_id
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: removepermissionsfromrole
description: Remove Permissions From Role
call: permit-io-roles.removepermissionsfromrole
with:
role_id: rest.role_id
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: permit-io-roles-mcp
port: 9090
transport: http
description: MCP adapter for Permit.io API — Roles. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: list-roles
description: List Roles
hints:
readOnly: true
destructive: false
idempotent: true
call: permit-io-roles.listroles
with:
proj_id: tools.proj_id
env_id: tools.env_id
include_total_count: tools.include_total_count
page: tools.page
per_page: tools.per_page
search: tools.search
outputParameters:
- type: object
mapping: $.
- name: create-role
description: Create Role
hints:
readOnly: false
destructive: false
idempotent: false
call: permit-io-roles.createrole
with:
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-role
description: Get Role
hints:
readOnly: true
destructive: false
idempotent: true
call: permit-io-roles.getrole
with:
role_id: tools.role_id
proj_id: tools.proj_id
env_id: tools.env_id
outputParameters:
- type: object
mapping: $.
- name: delete-role
description: Delete Role
hints:
readOnly: false
destructive: true
idempotent: true
call: permit-io-roles.deleterole
with:
role_id: tools.role_id
proj_id: tools.proj_id
env_id: tools.env_id
outputParameters:
- type: object
mapping: $.
- name: update-role
description: Update Role
hints:
readOnly: false
destructive: false
idempotent: true
call: permit-io-roles.updaterole
with:
role_id: tools.role_id
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-role-ancestors
description: Get Role Ancestors
hints:
readOnly: true
destructive: false
idempotent: true
call: permit-io-roles.getroleancestors
with:
role_id: tools.role_id
proj_id: tools.proj_id
env_id: tools.env_id
outputParameters:
- type: object
mapping: $.
- name: get-role-descendants
description: Get Role Descendants
hints:
readOnly: true
destructive: false
idempotent: true
call: permit-io-roles.getroledescendants
with:
role_id: tools.role_id
proj_id: tools.proj_id
env_id: tools.env_id
outputParameters:
- type: object
mapping: $.
- name: assign-permissions-role
description: Assign Permissions To Role
hints:
readOnly: false
destructive: false
idempotent: false
call: permit-io-roles.assignpermissionstorole
with:
role_id: tools.role_id
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: remove-permissions-role
description: Remove Permissions From Role
hints:
readOnly: false
destructive: true
idempotent: true
call: permit-io-roles.removepermissionsfromrole
with:
role_id: tools.role_id
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.