Rapid7 · Capability

InsightAppSec API — Apps

InsightAppSec API — Apps. 11 operations. Lead operation: Get Apps. Self-contained Naftiko capability covering one business surface.

InsightAppSec API — Apps is a Naftiko capability published by Rapid7, one of 47 capabilities the APIs.io network indexes for this provider. It bundles 11 operations across the GET, POST, DELETE, and PUT methods rooted at /v1/apps.

The capability includes 4 read-only operations and 7 state-changing operations. Lead operation: Get Apps. Can be deployed as a REST endpoint, MCP tool, or Agent Skill via Naftiko.

Tagged areas include Rapid7 and Apps.

Run with Naftiko Rapid7Apps

What You Can Do

GET
Getapps — Get Apps
/v1/apps
POST
Createapp — Create App
/v1/apps
GET
Getapp — Get App
/v1/apps/{app-id}
PUT
Updateapp — Update App
/v1/apps/{app-id}
DELETE
Deleteapp — Delete App
/v1/apps/{app-id}
GET
Getapptags — Get App Tags
/v1/apps/{app-id}/tags
POST
Addapptag — Add App Tag
/v1/apps/{app-id}/tags
DELETE
Removeapptag — Remove App Tag
/v1/apps/{app-id}/tags/{tag-id}
GET
Getappusers — Get App Users
/v1/apps/{app-id}/users
POST
Addappuser — Add App User
/v1/apps/{app-id}/users
DELETE
Removeappuser — Remove App User
/v1/apps/{app-id}/users/{user-id}

MCP Tools

rapid7-getapps

Get Apps

read-only idempotent
rapid7-createapp

Create App

rapid7-getapp

Get App

read-only idempotent
rapid7-updateapp

Update App

idempotent
rapid7-deleteapp

Delete App

idempotent
rapid7-getapptags

Get App Tags

read-only idempotent
rapid7-addapptag

Add App Tag

rapid7-removeapptag

Remove App Tag

idempotent
rapid7-getappusers

Get App Users

read-only idempotent
rapid7-addappuser

Add App User

rapid7-removeappuser

Remove App User

idempotent

Capability Spec

insightappsec-apps.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: InsightAppSec API — Apps
  description: 'InsightAppSec API — Apps. 11 operations. Lead operation: Get Apps. Self-contained Naftiko capability covering one business surface.'
  tags:
  - Rapid7
  - Apps
  created: '2026-05-20'
  modified: '2026-05-20'
binds:
- namespace: env
  keys:
    RAPID7_API_KEY: RAPID7_API_KEY
capability:
  consumes:
  - type: http
    namespace: insightappsec-apps
    baseUri: https://[region].api.insight.rapid7.com/ias/v1
    description: InsightAppSec API — Apps business capability. Self-contained, no shared references.
    resources:
    - name: apps
      path: /apps
      operations:
      - name: getapps
        method: GET
        description: Get Apps
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: index
          in: query
          type: integer
          description: query parameter index.
        - name: size
          in: query
          type: integer
          description: query parameter size.
        - name: sort
          in: query
          type: string
          description: query parameter sort.
        - name: page-token
          in: query
          type: string
          description: query parameter page-token.
      - name: createapp
        method: POST
        description: Create App
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: apps-app-id
      path: /apps/{app-id}
      operations:
      - name: getapp
        method: GET
        description: Get App
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
      - name: updateapp
        method: PUT
        description: Update App
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deleteapp
        method: DELETE
        description: Delete App
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
    - name: apps-app-id-tags
      path: /apps/{app-id}/tags
      operations:
      - name: getapptags
        method: GET
        description: Get App Tags
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
      - name: addapptag
        method: POST
        description: Add App Tag
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: apps-app-id-tags-tag-id
      path: /apps/{app-id}/tags/{tag-id}
      operations:
      - name: removeapptag
        method: DELETE
        description: Remove App Tag
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
        - name: tag-id
          in: path
          type: string
          description: path parameter tag-id.
          required: true
    - name: apps-app-id-users
      path: /apps/{app-id}/users
      operations:
      - name: getappusers
        method: GET
        description: Get App Users
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
      - name: addappuser
        method: POST
        description: Add App User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: apps-app-id-users-user-id
      path: /apps/{app-id}/users/{user-id}
      operations:
      - name: removeappuser
        method: DELETE
        description: Remove App User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: app-id
          in: path
          type: string
          description: path parameter app-id.
          required: true
        - name: user-id
          in: path
          type: string
          description: path parameter user-id.
          required: true
  exposes:
  - type: rest
    namespace: insightappsec-apps-rest
    port: 8080
    description: REST adapter for InsightAppSec API — Apps. One resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/apps
      name: apps
      description: REST surface for apps.
      operations:
      - method: GET
        name: getapps
        description: Get Apps
        call: insightappsec-apps.getapps
        with:
          index: rest.index
          size: rest.size
          sort: rest.sort
          page-token: rest.page-token
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createapp
        description: Create App
        call: insightappsec-apps.createapp
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/apps/{app-id}
      name: apps-app-id
      description: REST surface for apps-app-id.
      operations:
      - method: GET
        name: getapp
        description: Get App
        call: insightappsec-apps.getapp
        with:
          app-id: rest.app-id
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updateapp
        description: Update App
        call: insightappsec-apps.updateapp
        with:
          app-id: rest.app-id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteapp
        description: Delete App
        call: insightappsec-apps.deleteapp
        with:
          app-id: rest.app-id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/apps/{app-id}/tags
      name: apps-app-id-tags
      description: REST surface for apps-app-id-tags.
      operations:
      - method: GET
        name: getapptags
        description: Get App Tags
        call: insightappsec-apps.getapptags
        with:
          app-id: rest.app-id
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: addapptag
        description: Add App Tag
        call: insightappsec-apps.addapptag
        with:
          app-id: rest.app-id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/apps/{app-id}/tags/{tag-id}
      name: apps-app-id-tags-tag-id
      description: REST surface for apps-app-id-tags-tag-id.
      operations:
      - method: DELETE
        name: removeapptag
        description: Remove App Tag
        call: insightappsec-apps.removeapptag
        with:
          app-id: rest.app-id
          tag-id: rest.tag-id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/apps/{app-id}/users
      name: apps-app-id-users
      description: REST surface for apps-app-id-users.
      operations:
      - method: GET
        name: getappusers
        description: Get App Users
        call: insightappsec-apps.getappusers
        with:
          app-id: rest.app-id
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: addappuser
        description: Add App User
        call: insightappsec-apps.addappuser
        with:
          app-id: rest.app-id
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/apps/{app-id}/users/{user-id}
      name: apps-app-id-users-user-id
      description: REST surface for apps-app-id-users-user-id.
      operations:
      - method: DELETE
        name: removeappuser
        description: Remove App User
        call: insightappsec-apps.removeappuser
        with:
          app-id: rest.app-id
          user-id: rest.user-id
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: insightappsec-apps-mcp
    port: 9090
    transport: http
    description: MCP adapter for InsightAppSec API — Apps. One tool per consumed operation, routed inline through this capability's consumes block.
    tools:
    - name: rapid7-getapps
      description: Get Apps
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightappsec-apps.getapps
      with:
        index: tools.index
        size: tools.size
        sort: tools.sort
        page-token: tools.page-token
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-createapp
      description: Create App
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: insightappsec-apps.createapp
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getapp
      description: Get App
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightappsec-apps.getapp
      with:
        app-id: tools.app-id
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-updateapp
      description: Update App
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: insightappsec-apps.updateapp
      with:
        app-id: tools.app-id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-deleteapp
      description: Delete App
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: insightappsec-apps.deleteapp
      with:
        app-id: tools.app-id
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getapptags
      description: Get App Tags
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightappsec-apps.getapptags
      with:
        app-id: tools.app-id
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-addapptag
      description: Add App Tag
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: insightappsec-apps.addapptag
      with:
        app-id: tools.app-id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-removeapptag
      description: Remove App Tag
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: insightappsec-apps.removeapptag
      with:
        app-id: tools.app-id
        tag-id: tools.tag-id
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-getappusers
      description: Get App Users
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: insightappsec-apps.getappusers
      with:
        app-id: tools.app-id
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-addappuser
      description: Add App User
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: insightappsec-apps.addappuser
      with:
        app-id: tools.app-id
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: rapid7-removeappuser
      description: Remove App User
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: insightappsec-apps.removeappuser
      with:
        app-id: tools.app-id
        user-id: tools.user-id
      outputParameters:
      - type: object
        mapping: $.