Tufin · Capability
Tufin SecureTrack REST API — Devices
Tufin SecureTrack REST API — Devices. 7 operations. Lead operation: Get All Devices. Self-contained Naftiko capability covering one Tufin business surface.
What You Can Do
GET
Getdevices
— Get All Devices
/v1/devices
POST
Addofflinedevice
— Add Offline Device
/v1/devices/offline
GET
Getdevicebyid
— Get Device By ID
/v1/devices/{deviceid}
PUT
Updatedevice
— Update Device
/v1/devices/{deviceid}
GET
Getdevicerevisions
— Get Device Revisions
/v1/devices/{deviceid}/revisions
GET
Getrulesbydevice
— Get Rules By Device
/v1/devices/{deviceid}/rules
GET
Getrulebydeviceandid
— Get Rule By Device and ID
/v1/devices/{deviceid}/rules/{ruleid}
MCP Tools
get-all-devices
Get All Devices
read-only
idempotent
add-offline-device
Add Offline Device
get-device-id
Get Device By ID
read-only
idempotent
update-device
Update Device
idempotent
get-device-revisions
Get Device Revisions
read-only
idempotent
get-rules-device
Get Rules By Device
read-only
idempotent
get-rule-device-and-id
Get Rule By Device and ID
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Tufin SecureTrack REST API — Devices
description: 'Tufin SecureTrack REST API — Devices. 7 operations. Lead operation: Get All Devices. Self-contained Naftiko
capability covering one Tufin business surface.'
tags:
- Tufin
- Devices
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
TUFIN_API_KEY: TUFIN_API_KEY
capability:
consumes:
- type: http
namespace: securetrack-devices
baseUri: https://{tos_host}/securetrack/api
description: Tufin SecureTrack REST API — Devices business capability. Self-contained, no shared references.
resources:
- name: devices
path: /devices
operations:
- name: getdevices
method: GET
description: Get All Devices
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: name
in: query
type: string
description: Filter by device name (partial match)
- name: vendor
in: query
type: string
description: Filter by vendor (e.g., Cisco, Palo Alto, Check Point)
- name: type
in: query
type: string
description: Filter by device type
- name: status
in: query
type: string
description: Filter by management status
- name: devices-offline
path: /devices/offline
operations:
- name: addofflinedevice
method: POST
description: Add Offline Device
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: devices-deviceId
path: /devices/{deviceId}
operations:
- name: getdevicebyid
method: GET
description: Get Device By ID
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: deviceId
in: path
type: integer
description: The unique identifier of the device
required: true
- name: updatedevice
method: PUT
description: Update Device
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: deviceId
in: path
type: integer
description: The unique identifier of the device
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: devices-deviceId-revisions
path: /devices/{deviceId}/revisions
operations:
- name: getdevicerevisions
method: GET
description: Get Device Revisions
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: deviceId
in: path
type: integer
description: The unique identifier of the device
required: true
- name: devices-deviceId-rules
path: /devices/{deviceId}/rules
operations:
- name: getrulesbydevice
method: GET
description: Get Rules By Device
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: deviceId
in: path
type: integer
description: The unique identifier of the device
required: true
- name: policy
in: query
type: string
description: Filter by policy name
- name: devices-deviceId-rules-ruleId
path: /devices/{deviceId}/rules/{ruleId}
operations:
- name: getrulebydeviceandid
method: GET
description: Get Rule By Device and ID
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: deviceId
in: path
type: integer
description: The unique identifier of the device
required: true
- name: ruleId
in: path
type: integer
description: The unique identifier of the rule
required: true
authentication:
type: basic
username: '{{env.TUFIN_USER}}'
password: '{{env.TUFIN_PASS}}'
exposes:
- type: rest
namespace: securetrack-devices-rest
port: 8080
description: REST adapter for Tufin SecureTrack REST API — Devices. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/devices
name: devices
description: REST surface for devices.
operations:
- method: GET
name: getdevices
description: Get All Devices
call: securetrack-devices.getdevices
with:
name: rest.name
vendor: rest.vendor
type: rest.type
status: rest.status
outputParameters:
- type: object
mapping: $.
- path: /v1/devices/offline
name: devices-offline
description: REST surface for devices-offline.
operations:
- method: POST
name: addofflinedevice
description: Add Offline Device
call: securetrack-devices.addofflinedevice
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/devices/{deviceid}
name: devices-deviceid
description: REST surface for devices-deviceId.
operations:
- method: GET
name: getdevicebyid
description: Get Device By ID
call: securetrack-devices.getdevicebyid
with:
deviceId: rest.deviceId
outputParameters:
- type: object
mapping: $.
- method: PUT
name: updatedevice
description: Update Device
call: securetrack-devices.updatedevice
with:
deviceId: rest.deviceId
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/devices/{deviceid}/revisions
name: devices-deviceid-revisions
description: REST surface for devices-deviceId-revisions.
operations:
- method: GET
name: getdevicerevisions
description: Get Device Revisions
call: securetrack-devices.getdevicerevisions
with:
deviceId: rest.deviceId
outputParameters:
- type: object
mapping: $.
- path: /v1/devices/{deviceid}/rules
name: devices-deviceid-rules
description: REST surface for devices-deviceId-rules.
operations:
- method: GET
name: getrulesbydevice
description: Get Rules By Device
call: securetrack-devices.getrulesbydevice
with:
deviceId: rest.deviceId
policy: rest.policy
outputParameters:
- type: object
mapping: $.
- path: /v1/devices/{deviceid}/rules/{ruleid}
name: devices-deviceid-rules-ruleid
description: REST surface for devices-deviceId-rules-ruleId.
operations:
- method: GET
name: getrulebydeviceandid
description: Get Rule By Device and ID
call: securetrack-devices.getrulebydeviceandid
with:
deviceId: rest.deviceId
ruleId: rest.ruleId
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: securetrack-devices-mcp
port: 9090
transport: http
description: MCP adapter for Tufin SecureTrack REST API — Devices. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: get-all-devices
description: Get All Devices
hints:
readOnly: true
destructive: false
idempotent: true
call: securetrack-devices.getdevices
with:
name: tools.name
vendor: tools.vendor
type: tools.type
status: tools.status
outputParameters:
- type: object
mapping: $.
- name: add-offline-device
description: Add Offline Device
hints:
readOnly: false
destructive: false
idempotent: false
call: securetrack-devices.addofflinedevice
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-device-id
description: Get Device By ID
hints:
readOnly: true
destructive: false
idempotent: true
call: securetrack-devices.getdevicebyid
with:
deviceId: tools.deviceId
outputParameters:
- type: object
mapping: $.
- name: update-device
description: Update Device
hints:
readOnly: false
destructive: false
idempotent: true
call: securetrack-devices.updatedevice
with:
deviceId: tools.deviceId
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-device-revisions
description: Get Device Revisions
hints:
readOnly: true
destructive: false
idempotent: true
call: securetrack-devices.getdevicerevisions
with:
deviceId: tools.deviceId
outputParameters:
- type: object
mapping: $.
- name: get-rules-device
description: Get Rules By Device
hints:
readOnly: true
destructive: false
idempotent: true
call: securetrack-devices.getrulesbydevice
with:
deviceId: tools.deviceId
policy: tools.policy
outputParameters:
- type: object
mapping: $.
- name: get-rule-device-and-id
description: Get Rule By Device and ID
hints:
readOnly: true
destructive: false
idempotent: true
call: securetrack-devices.getrulebydeviceandid
with:
deviceId: tools.deviceId
ruleId: tools.ruleId
outputParameters:
- type: object
mapping: $.