Permit.io · Capability
Permit.io API — Users
Permit.io API — Users. 8 operations. Lead operation: List Users. Self-contained Naftiko capability covering one Permit Io business surface.
What You Can Do
GET
Listusers
— List Users
/v1/v2/facts/{proj-id}/{env-id}/users
POST
Createuser
— Create User
/v1/v2/facts/{proj-id}/{env-id}/users
GET
Getuser
— Get User
/v1/v2/facts/{proj-id}/{env-id}/users/{user-id}
PUT
Replaceuser
— Replace User
/v1/v2/facts/{proj-id}/{env-id}/users/{user-id}
DELETE
Deleteuser
— Delete User
/v1/v2/facts/{proj-id}/{env-id}/users/{user-id}
PATCH
Updateuser
— Update User
/v1/v2/facts/{proj-id}/{env-id}/users/{user-id}
POST
Assignroletouser
— Assign Role To User
/v1/v2/facts/{proj-id}/{env-id}/users/{user-id}/roles
DELETE
Unassignrolefromuser
— Unassign Role From User
/v1/v2/facts/{proj-id}/{env-id}/users/{user-id}/roles
MCP Tools
list-users
List Users
read-only
idempotent
create-user
Create User
get-user
Get User
read-only
idempotent
replace-user
Replace User
idempotent
delete-user
Delete User
idempotent
update-user
Update User
idempotent
assign-role-user
Assign Role To User
unassign-role-user
Unassign Role From User
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Permit.io API — Users
description: 'Permit.io API — Users. 8 operations. Lead operation: List Users. Self-contained Naftiko capability covering
one Permit Io business surface.'
tags:
- Permit Io
- Users
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
PERMIT_IO_API_KEY: PERMIT_IO_API_KEY
capability:
consumes:
- type: http
namespace: permit-io-users
baseUri: ''
description: Permit.io API — Users business capability. Self-contained, no shared references.
resources:
- name: v2-facts-proj_id-env_id-users
path: /v2/facts/{proj_id}/{env_id}/users
operations:
- name: listusers
method: GET
description: List Users
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: search
in: query
type: string
description: Text search for the user
- name: search_operator
in: query
type: string
description: 'The search operator to use. `contains` performs a substring match on email, key, first_name, and last_name.
`startswith` performs a prefix match on email, key, '
- name: role
in: query
type: string
description: Match users with a specific role. To filter users without any roles, send an empty string.
- name: include_resource_instance_roles
in: query
type: boolean
description: Should add resource instance roles
- name: page
in: query
type: integer
description: Page number of the results to fetch, starting at 1.
- name: per_page
in: query
type: integer
description: The number of results per page (max 100).
- name: createuser
method: POST
description: Create User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: v2-facts-proj_id-env_id-users-user_id
path: /v2/facts/{proj_id}/{env_id}/users/{user_id}
operations:
- name: getuser
method: GET
description: Get User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: replaceuser
method: PUT
description: Replace User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deleteuser
method: DELETE
description: Delete User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: updateuser
method: PATCH
description: Update User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: v2-facts-proj_id-env_id-users-user_id-roles
path: /v2/facts/{proj_id}/{env_id}/users/{user_id}/roles
operations:
- name: assignroletouser
method: POST
description: Assign Role To User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: unassignrolefromuser
method: DELETE
description: Unassign Role From User
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: 'Either the unique id of the user, or the URL-friendly key of the user (i.e: the "slug").'
required: true
- name: proj_id
in: path
type: string
description: 'Either the unique id of the project, or the URL-friendly key of the project (i.e: the "slug").'
required: true
- name: env_id
in: path
type: string
description: 'Either the unique id of the environment, or the URL-friendly key of the environment (i.e: the "slug").'
required: true
- name: return_deleted
in: query
type: boolean
description: Whether to return the deleted role assignment, status code will be 200 instead of the default 204 if
true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
authentication:
type: bearer
token: '{{env.PERMIT_IO_API_KEY}}'
exposes:
- type: rest
namespace: permit-io-users-rest
port: 8080
description: REST adapter for Permit.io API — Users. One Spectral-compliant resource per consumed operation, prefixed
with /v1.
resources:
- path: /v1/v2/facts/{proj-id}/{env-id}/users
name: v2-facts-proj-id-env-id-users
description: REST surface for v2-facts-proj_id-env_id-users.
operations:
- method: GET
name: listusers
description: List Users
call: permit-io-users.listusers
with:
proj_id: rest.proj_id
env_id: rest.env_id
search: rest.search
search_operator: rest.search_operator
role: rest.role
include_resource_instance_roles: rest.include_resource_instance_roles
page: rest.page
per_page: rest.per_page
outputParameters:
- type: object
mapping: $.
- method: POST
name: createuser
description: Create User
call: permit-io-users.createuser
with:
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/facts/{proj-id}/{env-id}/users/{user-id}
name: v2-facts-proj-id-env-id-users-user-id
description: REST surface for v2-facts-proj_id-env_id-users-user_id.
operations:
- method: GET
name: getuser
description: Get User
call: permit-io-users.getuser
with:
user_id: rest.user_id
proj_id: rest.proj_id
env_id: rest.env_id
outputParameters:
- type: object
mapping: $.
- method: PUT
name: replaceuser
description: Replace User
call: permit-io-users.replaceuser
with:
user_id: rest.user_id
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deleteuser
description: Delete User
call: permit-io-users.deleteuser
with:
user_id: rest.user_id
proj_id: rest.proj_id
env_id: rest.env_id
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: updateuser
description: Update User
call: permit-io-users.updateuser
with:
user_id: rest.user_id
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/facts/{proj-id}/{env-id}/users/{user-id}/roles
name: v2-facts-proj-id-env-id-users-user-id-roles
description: REST surface for v2-facts-proj_id-env_id-users-user_id-roles.
operations:
- method: POST
name: assignroletouser
description: Assign Role To User
call: permit-io-users.assignroletouser
with:
user_id: rest.user_id
proj_id: rest.proj_id
env_id: rest.env_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: unassignrolefromuser
description: Unassign Role From User
call: permit-io-users.unassignrolefromuser
with:
user_id: rest.user_id
proj_id: rest.proj_id
env_id: rest.env_id
return_deleted: rest.return_deleted
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: permit-io-users-mcp
port: 9090
transport: http
description: MCP adapter for Permit.io API — Users. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: list-users
description: List Users
hints:
readOnly: true
destructive: false
idempotent: true
call: permit-io-users.listusers
with:
proj_id: tools.proj_id
env_id: tools.env_id
search: tools.search
search_operator: tools.search_operator
role: tools.role
include_resource_instance_roles: tools.include_resource_instance_roles
page: tools.page
per_page: tools.per_page
outputParameters:
- type: object
mapping: $.
- name: create-user
description: Create User
hints:
readOnly: false
destructive: false
idempotent: false
call: permit-io-users.createuser
with:
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-user
description: Get User
hints:
readOnly: true
destructive: false
idempotent: true
call: permit-io-users.getuser
with:
user_id: tools.user_id
proj_id: tools.proj_id
env_id: tools.env_id
outputParameters:
- type: object
mapping: $.
- name: replace-user
description: Replace User
hints:
readOnly: false
destructive: false
idempotent: true
call: permit-io-users.replaceuser
with:
user_id: tools.user_id
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-user
description: Delete User
hints:
readOnly: false
destructive: true
idempotent: true
call: permit-io-users.deleteuser
with:
user_id: tools.user_id
proj_id: tools.proj_id
env_id: tools.env_id
outputParameters:
- type: object
mapping: $.
- name: update-user
description: Update User
hints:
readOnly: false
destructive: false
idempotent: true
call: permit-io-users.updateuser
with:
user_id: tools.user_id
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: assign-role-user
description: Assign Role To User
hints:
readOnly: false
destructive: false
idempotent: false
call: permit-io-users.assignroletouser
with:
user_id: tools.user_id
proj_id: tools.proj_id
env_id: tools.env_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: unassign-role-user
description: Unassign Role From User
hints:
readOnly: false
destructive: true
idempotent: true
call: permit-io-users.unassignrolefromuser
with:
user_id: tools.user_id
proj_id: tools.proj_id
env_id: tools.env_id
return_deleted: tools.return_deleted
body: tools.body
outputParameters:
- type: object
mapping: $.