Scaleway · Capability
IAM API — Users
IAM API — Users. 13 operations. Lead operation: List grace periods of a member. Self-contained Naftiko capability covering one Scaleway business surface.
What You Can Do
GET
Listgraceperiods
— List grace periods of a member
/v1/iam/v1alpha1/grace-periods
GET
Listusers
— List users of an Organization
/v1/iam/v1alpha1/users
POST
Createuser
— Create a new user
/v1/iam/v1alpha1/users
GET
Getuser
— Get a given user
/v1/iam/v1alpha1/users/{user-id}
PATCH
Updateuser
— Update a user
/v1/iam/v1alpha1/users/{user-id}
DELETE
Deleteuser
— Delete a guest user from an Organization
/v1/iam/v1alpha1/users/{user-id}
POST
Lockuser
— Lock a member
/v1/iam/v1alpha1/users/{user-id}/lock
POST
Createusermfaotp
— Create a MFA OTP.
/v1/iam/v1alpha1/users/{user-id}/mfa-otp
DELETE
Deleteusermfaotp
— Delete a MFA OTP.
/v1/iam/v1alpha1/users/{user-id}/mfa-otp
POST
Unlockuser
— Unlock a member
/v1/iam/v1alpha1/users/{user-id}/unlock
POST
Updateuserpassword
— Update an user's password.
/v1/iam/v1alpha1/users/{user-id}/update-password
POST
Updateuserusername
— Update an user's username.
/v1/iam/v1alpha1/users/{user-id}/update-username
POST
Validateusermfaotp
— Validate a MFA OTP.
/v1/iam/v1alpha1/users/{user-id}/validate-mfa-otp
MCP Tools
list-grace-periods-member
List grace periods of a member
read-only
idempotent
list-users-organization
List users of an Organization
read-only
idempotent
create-new-user
Create a new user
get-given-user
Get a given user
read-only
idempotent
update-user
Update a user
idempotent
delete-guest-user-organization
Delete a guest user from an Organization
idempotent
lock-member
Lock a member
create-mfa-otp
Create a MFA OTP.
delete-mfa-otp
Delete a MFA OTP.
idempotent
unlock-member
Unlock a member
update-user-s-password
Update an user's password.
update-user-s-username
Update an user's username.
validate-mfa-otp
Validate a MFA OTP.
read-only
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: IAM API — Users
description: 'IAM API — Users. 13 operations. Lead operation: List grace periods of a member. Self-contained Naftiko capability
covering one Scaleway business surface.'
tags:
- Scaleway
- Users
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
SCALEWAY_API_KEY: SCALEWAY_API_KEY
capability:
consumes:
- type: http
namespace: iam-users
baseUri: https://api.scaleway.com
description: IAM API — Users business capability. Self-contained, no shared references.
resources:
- name: iam-v1alpha1-grace-periods
path: /iam/v1alpha1/grace-periods
operations:
- name: listgraceperiods
method: GET
description: List grace periods of a member
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: query
type: string
description: ID of the user to list grace periods for.
- name: iam-v1alpha1-users
path: /iam/v1alpha1/users
operations:
- name: listusers
method: GET
description: List users of an Organization
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: order_by
in: query
type: string
description: Criteria for sorting results.
- name: page_size
in: query
type: integer
description: Number of results per page. Value must be between 1 and 100.
- name: page
in: query
type: integer
description: Page number. Value must be greater or equal to 1.
- name: organization_id
in: query
type: string
description: ID of the Organization to filter.
- name: user_ids
in: query
type: array
description: Filter by list of IDs.
- name: mfa
in: query
type: boolean
description: Filter by MFA status.
- name: tag
in: query
type: string
description: Filter by tags containing a given string.
- name: type
in: query
type: string
description: Filter by user type.
- name: createuser
method: POST
description: Create a new user
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: iam-v1alpha1-users-user_id
path: /iam/v1alpha1/users/{user_id}
operations:
- name: getuser
method: GET
description: Get a given user
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: ID of the user to find.
required: true
- name: updateuser
method: PATCH
description: Update a user
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: ID of the user to update.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deleteuser
method: DELETE
description: Delete a guest user from an Organization
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: ID of the user to delete.
required: true
- name: iam-v1alpha1-users-user_id-lock
path: /iam/v1alpha1/users/{user_id}/lock
operations:
- name: lockuser
method: POST
description: Lock a member
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: ID of the user to lock.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: iam-v1alpha1-users-user_id-mfa-otp
path: /iam/v1alpha1/users/{user_id}/mfa-otp
operations:
- name: createusermfaotp
method: POST
description: Create a MFA OTP.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: User ID of the MFA OTP.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deleteusermfaotp
method: DELETE
description: Delete a MFA OTP.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: User ID of the MFA OTP.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: iam-v1alpha1-users-user_id-unlock
path: /iam/v1alpha1/users/{user_id}/unlock
operations:
- name: unlockuser
method: POST
description: Unlock a member
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: ID of the user to unlock.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: iam-v1alpha1-users-user_id-update-password
path: /iam/v1alpha1/users/{user_id}/update-password
operations:
- name: updateuserpassword
method: POST
description: Update an user's password.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: ID of the user to update.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: iam-v1alpha1-users-user_id-update-username
path: /iam/v1alpha1/users/{user_id}/update-username
operations:
- name: updateuserusername
method: POST
description: Update an user's username.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: ID of the user to update.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: iam-v1alpha1-users-user_id-validate-mfa-otp
path: /iam/v1alpha1/users/{user_id}/validate-mfa-otp
operations:
- name: validateusermfaotp
method: POST
description: Validate a MFA OTP.
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: user_id
in: path
type: string
description: User ID of the MFA OTP.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
authentication:
type: apikey
key: X-Auth-Token
value: '{{env.SCALEWAY_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: iam-users-rest
port: 8080
description: REST adapter for IAM API — Users. One Spectral-compliant resource per consumed operation, prefixed with /v1.
resources:
- path: /v1/iam/v1alpha1/grace-periods
name: iam-v1alpha1-grace-periods
description: REST surface for iam-v1alpha1-grace-periods.
operations:
- method: GET
name: listgraceperiods
description: List grace periods of a member
call: iam-users.listgraceperiods
with:
user_id: rest.user_id
outputParameters:
- type: object
mapping: $.
- path: /v1/iam/v1alpha1/users
name: iam-v1alpha1-users
description: REST surface for iam-v1alpha1-users.
operations:
- method: GET
name: listusers
description: List users of an Organization
call: iam-users.listusers
with:
order_by: rest.order_by
page_size: rest.page_size
page: rest.page
organization_id: rest.organization_id
user_ids: rest.user_ids
mfa: rest.mfa
tag: rest.tag
type: rest.type
outputParameters:
- type: object
mapping: $.
- method: POST
name: createuser
description: Create a new user
call: iam-users.createuser
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/iam/v1alpha1/users/{user-id}
name: iam-v1alpha1-users-user-id
description: REST surface for iam-v1alpha1-users-user_id.
operations:
- method: GET
name: getuser
description: Get a given user
call: iam-users.getuser
with:
user_id: rest.user_id
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: updateuser
description: Update a user
call: iam-users.updateuser
with:
user_id: rest.user_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deleteuser
description: Delete a guest user from an Organization
call: iam-users.deleteuser
with:
user_id: rest.user_id
outputParameters:
- type: object
mapping: $.
- path: /v1/iam/v1alpha1/users/{user-id}/lock
name: iam-v1alpha1-users-user-id-lock
description: REST surface for iam-v1alpha1-users-user_id-lock.
operations:
- method: POST
name: lockuser
description: Lock a member
call: iam-users.lockuser
with:
user_id: rest.user_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/iam/v1alpha1/users/{user-id}/mfa-otp
name: iam-v1alpha1-users-user-id-mfa-otp
description: REST surface for iam-v1alpha1-users-user_id-mfa-otp.
operations:
- method: POST
name: createusermfaotp
description: Create a MFA OTP.
call: iam-users.createusermfaotp
with:
user_id: rest.user_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deleteusermfaotp
description: Delete a MFA OTP.
call: iam-users.deleteusermfaotp
with:
user_id: rest.user_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/iam/v1alpha1/users/{user-id}/unlock
name: iam-v1alpha1-users-user-id-unlock
description: REST surface for iam-v1alpha1-users-user_id-unlock.
operations:
- method: POST
name: unlockuser
description: Unlock a member
call: iam-users.unlockuser
with:
user_id: rest.user_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/iam/v1alpha1/users/{user-id}/update-password
name: iam-v1alpha1-users-user-id-update-password
description: REST surface for iam-v1alpha1-users-user_id-update-password.
operations:
- method: POST
name: updateuserpassword
description: Update an user's password.
call: iam-users.updateuserpassword
with:
user_id: rest.user_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/iam/v1alpha1/users/{user-id}/update-username
name: iam-v1alpha1-users-user-id-update-username
description: REST surface for iam-v1alpha1-users-user_id-update-username.
operations:
- method: POST
name: updateuserusername
description: Update an user's username.
call: iam-users.updateuserusername
with:
user_id: rest.user_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/iam/v1alpha1/users/{user-id}/validate-mfa-otp
name: iam-v1alpha1-users-user-id-validate-mfa-otp
description: REST surface for iam-v1alpha1-users-user_id-validate-mfa-otp.
operations:
- method: POST
name: validateusermfaotp
description: Validate a MFA OTP.
call: iam-users.validateusermfaotp
with:
user_id: rest.user_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: iam-users-mcp
port: 9090
transport: http
description: MCP adapter for IAM API — Users. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: list-grace-periods-member
description: List grace periods of a member
hints:
readOnly: true
destructive: false
idempotent: true
call: iam-users.listgraceperiods
with:
user_id: tools.user_id
outputParameters:
- type: object
mapping: $.
- name: list-users-organization
description: List users of an Organization
hints:
readOnly: true
destructive: false
idempotent: true
call: iam-users.listusers
with:
order_by: tools.order_by
page_size: tools.page_size
page: tools.page
organization_id: tools.organization_id
user_ids: tools.user_ids
mfa: tools.mfa
tag: tools.tag
type: tools.type
outputParameters:
- type: object
mapping: $.
- name: create-new-user
description: Create a new user
hints:
readOnly: false
destructive: false
idempotent: false
call: iam-users.createuser
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-given-user
description: Get a given user
hints:
readOnly: true
destructive: false
idempotent: true
call: iam-users.getuser
with:
user_id: tools.user_id
outputParameters:
- type: object
mapping: $.
- name: update-user
description: Update a user
hints:
readOnly: false
destructive: false
idempotent: true
call: iam-users.updateuser
with:
user_id: tools.user_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-guest-user-organization
description: Delete a guest user from an Organization
hints:
readOnly: false
destructive: true
idempotent: true
call: iam-users.deleteuser
with:
user_id: tools.user_id
outputParameters:
- type: object
mapping: $.
- name: lock-member
description: Lock a member
hints:
readOnly: false
destructive: false
idempotent: false
call: iam-users.lockuser
with:
user_id: tools.user_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: create-mfa-otp
description: Create a MFA OTP.
hints:
readOnly: false
destructive: false
idempotent: false
call: iam-users.createusermfaotp
with:
user_id: tools.user_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-mfa-otp
description: Delete a MFA OTP.
hints:
readOnly: false
destructive: true
idempotent: true
call: iam-users.deleteusermfaotp
with:
user_id: tools.user_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: unlock-member
description: Unlock a member
hints:
readOnly: false
destructive: false
idempotent: false
call: iam-users.unlockuser
with:
user_id: tools.user_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: update-user-s-password
description: Update an user's password.
hints:
readOnly: false
destructive: false
idempotent: false
call: iam-users.updateuserpassword
with:
user_id: tools.user_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: update-user-s-username
description: Update an user's username.
hints:
readOnly: false
destructive: false
idempotent: false
call: iam-users.updateuserusername
with:
user_id: tools.user_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: validate-mfa-otp
description: Validate a MFA OTP.
hints:
readOnly: true
destructive: false
idempotent: false
call: iam-users.validateusermfaotp
with:
user_id: tools.user_id
body: tools.body
outputParameters:
- type: object
mapping: $.