Scaleway · Capability
Instance API — Security Groups
Instance API — Security Groups. 14 operations. Lead operation: List security groups. Self-contained Naftiko capability covering one Scaleway business surface.
What You Can Do
GET
Listsecuritygroups
— List security groups
/v1/instance/v1/zones/{zone}/security-groups
POST
Createsecuritygroup
— Create a security group
/v1/instance/v1/zones/{zone}/security-groups
GET
Listdefaultsecuritygrouprules
— Get default rules
/v1/instance/v1/zones/{zone}/security-groups/default/rules
PUT
Setsecuritygroup
— Update a security group
/v1/instance/v1/zones/{zone}/security-groups/{id}
GET
Getsecuritygroup
— Get a security group
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}
PATCH
Updatesecuritygroup
— Update a security group
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}
DELETE
Deletesecuritygroup
— Delete a security group
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}
GET
Listsecuritygrouprules
— List rules
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules
POST
Createsecuritygrouprule
— Create rule
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules
PUT
Setsecuritygrouprules
— Update all the rules of a security group
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules
GET
Getsecuritygrouprule
— Get rule
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules/{security-group-rule-id}
PUT
Setsecuritygrouprule
— Set security group rule
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules/{security-group-rule-id}
PATCH
Updatesecuritygrouprule
— Update security group rule
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules/{security-group-rule-id}
DELETE
Deletesecuritygrouprule
— Delete rule
/v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules/{security-group-rule-id}
MCP Tools
list-security-groups
List security groups
read-only
idempotent
create-security-group
Create a security group
get-default-rules
Get default rules
read-only
idempotent
update-security-group
Update a security group
idempotent
get-security-group
Get a security group
read-only
idempotent
update-security-group-2
Update a security group
idempotent
delete-security-group
Delete a security group
idempotent
list-rules
List rules
read-only
idempotent
create-rule
Create rule
update-all-rules-security-group
Update all the rules of a security group
idempotent
get-rule
Get rule
read-only
idempotent
set-security-group-rule
Set security group rule
idempotent
update-security-group-rule
Update security group rule
idempotent
delete-rule
Delete rule
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Instance API — Security Groups
description: 'Instance API — Security Groups. 14 operations. Lead operation: List security groups. Self-contained Naftiko
capability covering one Scaleway business surface.'
tags:
- Scaleway
- Security Groups
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
SCALEWAY_API_KEY: SCALEWAY_API_KEY
capability:
consumes:
- type: http
namespace: instance-security-groups
baseUri: https://api.scaleway.com
description: Instance API — Security Groups business capability. Self-contained, no shared references.
resources:
- name: instance-v1-zones-zone-security_groups
path: /instance/v1/zones/{zone}/security_groups
operations:
- name: listsecuritygroups
method: GET
description: List security groups
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: name
in: query
type: string
description: Name of the security group.
- name: organization
in: query
type: string
description: Security group Organization ID.
- name: project
in: query
type: string
description: Security group Project ID.
- name: tags
in: query
type: string
description: List security groups with these exact tags (to filter with several tags, use commas to separate them).
- name: project_default
in: query
type: boolean
description: Filter security groups with this value for project_default.
- name: per_page
in: query
type: integer
description: A positive integer lower or equal to 100 to select the number of items to return.
- name: page
in: query
type: integer
description: A positive integer to choose the page to return.
- name: createsecuritygroup
method: POST
description: Create a security group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: instance-v1-zones-zone-security_groups-default-rules
path: /instance/v1/zones/{zone}/security_groups/default/rules
operations:
- name: listdefaultsecuritygrouprules
method: GET
description: Get default rules
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: instance-v1-zones-zone-security_groups-id
path: /instance/v1/zones/{zone}/security_groups/{id}
operations:
- name: setsecuritygroup
method: PUT
description: Update a security group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: id
in: path
type: string
description: UUID of the security group.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: instance-v1-zones-zone-security_groups-security_group_id
path: /instance/v1/zones/{zone}/security_groups/{security_group_id}
operations:
- name: getsecuritygroup
method: GET
description: Get a security group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
description: UUID of the security group you want to get.
required: true
- name: updatesecuritygroup
method: PATCH
description: Update a security group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
description: UUID of the security group. (UUID format)
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deletesecuritygroup
method: DELETE
description: Delete a security group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
description: UUID of the security group you want to delete.
required: true
- name: instance-v1-zones-zone-security_groups-security_group_id-rules
path: /instance/v1/zones/{zone}/security_groups/{security_group_id}/rules
operations:
- name: listsecuritygrouprules
method: GET
description: List rules
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
description: UUID of the security group.
required: true
- name: per_page
in: query
type: integer
description: A positive integer lower or equal to 100 to select the number of items to return.
- name: page
in: query
type: integer
description: A positive integer to choose the page to return.
- name: createsecuritygrouprule
method: POST
description: Create rule
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
description: UUID of the security group.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: setsecuritygrouprules
method: PUT
description: Update all the rules of a security group
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
description: UUID of the security group to update the rules on.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: instance-v1-zones-zone-security_groups-security_group_id-rules-security_group_ru
path: /instance/v1/zones/{zone}/security_groups/{security_group_id}/rules/{security_group_rule_id}
operations:
- name: getsecuritygrouprule
method: GET
description: Get rule
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
required: true
- name: security_group_rule_id
in: path
type: string
required: true
- name: setsecuritygrouprule
method: PUT
description: Set security group rule
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
required: true
- name: security_group_rule_id
in: path
type: string
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: updatesecuritygrouprule
method: PATCH
description: Update security group rule
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
description: UUID of the security group. (UUID format)
required: true
- name: security_group_rule_id
in: path
type: string
description: UUID of the rule. (UUID format)
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deletesecuritygrouprule
method: DELETE
description: Delete rule
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: zone
in: path
type: string
description: The zone you want to target
required: true
- name: security_group_id
in: path
type: string
required: true
- name: security_group_rule_id
in: path
type: string
required: true
authentication:
type: apikey
key: X-Auth-Token
value: '{{env.SCALEWAY_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: instance-security-groups-rest
port: 8080
description: REST adapter for Instance API — Security Groups. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/instance/v1/zones/{zone}/security-groups
name: instance-v1-zones-zone-security-groups
description: REST surface for instance-v1-zones-zone-security_groups.
operations:
- method: GET
name: listsecuritygroups
description: List security groups
call: instance-security-groups.listsecuritygroups
with:
zone: rest.zone
name: rest.name
organization: rest.organization
project: rest.project
tags: rest.tags
project_default: rest.project_default
per_page: rest.per_page
page: rest.page
outputParameters:
- type: object
mapping: $.
- method: POST
name: createsecuritygroup
description: Create a security group
call: instance-security-groups.createsecuritygroup
with:
zone: rest.zone
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/instance/v1/zones/{zone}/security-groups/default/rules
name: instance-v1-zones-zone-security-groups-default-rules
description: REST surface for instance-v1-zones-zone-security_groups-default-rules.
operations:
- method: GET
name: listdefaultsecuritygrouprules
description: Get default rules
call: instance-security-groups.listdefaultsecuritygrouprules
with:
zone: rest.zone
outputParameters:
- type: object
mapping: $.
- path: /v1/instance/v1/zones/{zone}/security-groups/{id}
name: instance-v1-zones-zone-security-groups-id
description: REST surface for instance-v1-zones-zone-security_groups-id.
operations:
- method: PUT
name: setsecuritygroup
description: Update a security group
call: instance-security-groups.setsecuritygroup
with:
zone: rest.zone
id: rest.id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/instance/v1/zones/{zone}/security-groups/{security-group-id}
name: instance-v1-zones-zone-security-groups-security-group-id
description: REST surface for instance-v1-zones-zone-security_groups-security_group_id.
operations:
- method: GET
name: getsecuritygroup
description: Get a security group
call: instance-security-groups.getsecuritygroup
with:
zone: rest.zone
security_group_id: rest.security_group_id
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: updatesecuritygroup
description: Update a security group
call: instance-security-groups.updatesecuritygroup
with:
zone: rest.zone
security_group_id: rest.security_group_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deletesecuritygroup
description: Delete a security group
call: instance-security-groups.deletesecuritygroup
with:
zone: rest.zone
security_group_id: rest.security_group_id
outputParameters:
- type: object
mapping: $.
- path: /v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules
name: instance-v1-zones-zone-security-groups-security-group-id-rules
description: REST surface for instance-v1-zones-zone-security_groups-security_group_id-rules.
operations:
- method: GET
name: listsecuritygrouprules
description: List rules
call: instance-security-groups.listsecuritygrouprules
with:
zone: rest.zone
security_group_id: rest.security_group_id
per_page: rest.per_page
page: rest.page
outputParameters:
- type: object
mapping: $.
- method: POST
name: createsecuritygrouprule
description: Create rule
call: instance-security-groups.createsecuritygrouprule
with:
zone: rest.zone
security_group_id: rest.security_group_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: PUT
name: setsecuritygrouprules
description: Update all the rules of a security group
call: instance-security-groups.setsecuritygrouprules
with:
zone: rest.zone
security_group_id: rest.security_group_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/instance/v1/zones/{zone}/security-groups/{security-group-id}/rules/{security-group-rule-id}
name: instance-v1-zones-zone-security-groups-security-group-id-rules-security-group-ru
description: REST surface for instance-v1-zones-zone-security_groups-security_group_id-rules-security_group_ru.
operations:
- method: GET
name: getsecuritygrouprule
description: Get rule
call: instance-security-groups.getsecuritygrouprule
with:
zone: rest.zone
security_group_id: rest.security_group_id
security_group_rule_id: rest.security_group_rule_id
outputParameters:
- type: object
mapping: $.
- method: PUT
name: setsecuritygrouprule
description: Set security group rule
call: instance-security-groups.setsecuritygrouprule
with:
zone: rest.zone
security_group_id: rest.security_group_id
security_group_rule_id: rest.security_group_rule_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: updatesecuritygrouprule
description: Update security group rule
call: instance-security-groups.updatesecuritygrouprule
with:
zone: rest.zone
security_group_id: rest.security_group_id
security_group_rule_id: rest.security_group_rule_id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deletesecuritygrouprule
description: Delete rule
call: instance-security-groups.deletesecuritygrouprule
with:
zone: rest.zone
security_group_id: rest.security_group_id
security_group_rule_id: rest.security_group_rule_id
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: instance-security-groups-mcp
port: 9090
transport: http
description: MCP adapter for Instance API — Security Groups. One tool per consumed operation, routed inline through this
capability's consumes block.
tools:
- name: list-security-groups
description: List security groups
hints:
readOnly: true
destructive: false
idempotent: true
call: instance-security-groups.listsecuritygroups
with:
zone: tools.zone
name: tools.name
organization: tools.organization
project: tools.project
tags: tools.tags
project_default: tools.project_default
per_page: tools.per_page
page: tools.page
outputParameters:
- type: object
mapping: $.
- name: create-security-group
description: Create a security group
hints:
readOnly: false
destructive: false
idempotent: false
call: instance-security-groups.createsecuritygroup
with:
zone: tools.zone
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-default-rules
description: Get default rules
hints:
readOnly: true
destructive: false
idempotent: true
call: instance-security-groups.listdefaultsecuritygrouprules
with:
zone: tools.zone
outputParameters:
- type: object
mapping: $.
- name: update-security-group
description: Update a security group
hints:
readOnly: false
destructive: false
idempotent: true
call: instance-security-groups.setsecuritygroup
with:
zone: tools.zone
id: tools.id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-security-group
description: Get a security group
hints:
readOnly: true
destructive: false
idempotent: true
call: instance-security-groups.getsecuritygroup
with:
zone: tools.zone
security_group_id: tools.security_group_id
outputParameters:
- type: object
mapping: $.
- name: update-security-group-2
description: Update a security group
hints:
readOnly: false
destructive: false
idempotent: true
call: instance-security-groups.updatesecuritygroup
with:
zone: tools.zone
security_group_id: tools.security_group_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-security-group
description: Delete a security group
hints:
readOnly: false
destructive: true
idempotent: true
call: instance-security-groups.deletesecuritygroup
with:
zone: tools.zone
security_group_id: tools.security_group_id
outputParameters:
- type: object
mapping: $.
- name: list-rules
description: List rules
hints:
readOnly: true
destructive: false
idempotent: true
call: instance-security-groups.listsecuritygrouprules
with:
zone: tools.zone
security_group_id: tools.security_group_id
per_page: tools.per_page
page: tools.page
outputParameters:
- type: object
mapping: $.
- name: create-rule
description: Create rule
hints:
readOnly: false
destructive: false
idempotent: false
call: instance-security-groups.createsecuritygrouprule
with:
zone: tools.zone
security_group_id: tools.security_group_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: update-all-rules-security-group
description: Update all the rules of a security group
hints:
readOnly: false
destructive: false
idempotent: true
call: instance-security-groups.setsecuritygrouprules
with:
zone: tools.zone
security_group_id: tools.security_group_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-rule
description: Get rule
hints:
readOnly: true
destructive: false
idempotent: true
call: instance-security-groups.getsecuritygrouprule
with:
zone: tools.zone
security_group_id: tools.security_group_id
security_group_rule_id: tools.security_group_rule_id
outputParameters:
- type: object
mapping: $.
- name: set-security-group-rule
description: Set security group rule
hints:
readOnly: false
destructive: false
idempotent: true
call: instance-security-groups.setsecuritygrouprule
with:
zone: tools.zone
security_group_id: tools.security_group_id
security_group_rule_id: tools.security_group_rule_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: update-security-group-rule
description: Update security group rule
hints:
readOnly: false
destructive: false
idempotent: true
call: instance-security-groups.updatesecuritygrouprule
with:
zone: tools.zone
security_group_id: tools.security_group_id
security_group_rule_id: tools.security_group_rule_id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-rule
description: Delete rule
hints:
readOnly: false
destructive: true
idempotent: true
call: instance-security-groups.deletesecuritygrouprule
with:
zone: tools.zone
security_group_id: tools.security_group_id
security_group_rule_id: tools.security_group_rule_id
outputParameters:
- type: object
mapping: $.