Unleash · Capability

Unleash Admin API — Auth

Unleash Admin API — Auth. 14 operations. Lead operation: Gets Access Overview. Self-contained Naftiko capability covering one Unleash business surface.

Run with Naftiko UnleashAuth

What You Can Do

GET
Getaccessoverview — Gets Access Overview
/v1/api/admin/access/overview
GET
Getoidcsettings — Get OIDC Auth Settings
/v1/api/admin/auth/oidc/settings
POST
Setoidcsettings — Set OIDC Settings
/v1/api/admin/auth/oidc/settings
GET
Getsamlsettings — Get SAML Auth Settings
/v1/api/admin/auth/saml/settings
POST
Setsamlsettings — Update SAML Auth Settings
/v1/api/admin/auth/saml/settings
GET
Getsimplesettings — Get Simple Auth Settings
/v1/api/admin/auth/simple/settings
POST
Setsimplesettings — Update Simple Auth Settings
/v1/api/admin/auth/simple/settings
GET
Getpermissions — Gets Available Permissions
/v1/api/admin/permissions
GET
Getserviceaccountpermissions — Returns the List of Permissions for the Service Account.
/v1/api/admin/service-account/{id}/permissions
POST
Changepassword — Changes a User Password
/v1/auth/reset/password
POST
Sendresetpasswordemail — Reset Password
/v1/auth/reset/password-email
GET
Validatetoken — Validates a Token
/v1/auth/reset/validate
POST
Validatepassword — Validates Password
/v1/auth/reset/validate-password
POST
Login — Log in
/v1/auth/simple/login

MCP Tools

gets-access-overview

Gets Access Overview

read-only idempotent
get-oidc-auth-settings

Get OIDC Auth Settings

read-only idempotent
set-oidc-settings

Set OIDC Settings

get-saml-auth-settings

Get SAML Auth Settings

read-only idempotent
update-saml-auth-settings

Update SAML Auth Settings

get-simple-auth-settings

Get Simple Auth Settings

read-only idempotent
update-simple-auth-settings

Update Simple Auth Settings

gets-available-permissions

Gets Available Permissions

read-only idempotent
returns-list-permissions-service-account

Returns the List of Permissions for the Service Account.

read-only idempotent
changes-user-password

Changes a User Password

reset-password

Reset Password

validates-token

Validates a Token

read-only idempotent
validates-password

Validates Password

read-only
log

Log in

Capability Spec

admin-auth.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Unleash Admin API — Auth
  description: 'Unleash Admin API — Auth. 14 operations. Lead operation: Gets Access Overview. Self-contained Naftiko capability
    covering one Unleash business surface.'
  tags:
  - Unleash
  - Auth
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    UNLEASH_API_KEY: UNLEASH_API_KEY
capability:
  consumes:
  - type: http
    namespace: admin-auth
    baseUri: https://app.unleash-instance.example.com
    description: Unleash Admin API — Auth business capability. Self-contained, no shared references.
    resources:
    - name: api-admin-access-overview
      path: /api/admin/access/overview
      operations:
      - name: getaccessoverview
        method: GET
        description: Gets Access Overview
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-admin-auth-oidc-settings
      path: /api/admin/auth/oidc/settings
      operations:
      - name: getoidcsettings
        method: GET
        description: Get OIDC Auth Settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: setoidcsettings
        method: POST
        description: Set OIDC Settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-admin-auth-saml-settings
      path: /api/admin/auth/saml/settings
      operations:
      - name: getsamlsettings
        method: GET
        description: Get SAML Auth Settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: setsamlsettings
        method: POST
        description: Update SAML Auth Settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-admin-auth-simple-settings
      path: /api/admin/auth/simple/settings
      operations:
      - name: getsimplesettings
        method: GET
        description: Get Simple Auth Settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: setsimplesettings
        method: POST
        description: Update Simple Auth Settings
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-admin-permissions
      path: /api/admin/permissions
      operations:
      - name: getpermissions
        method: GET
        description: Gets Available Permissions
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-admin-service-account-id-permissions
      path: /api/admin/service-account/{id}/permissions
      operations:
      - name: getserviceaccountpermissions
        method: GET
        description: Returns the List of Permissions for the Service Account.
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: id
          in: path
          type: string
          required: true
        - name: project
          in: query
          type: string
        - name: environment
          in: query
          type: string
    - name: auth-reset-password
      path: /auth/reset/password
      operations:
      - name: changepassword
        method: POST
        description: Changes a User Password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-reset-password-email
      path: /auth/reset/password-email
      operations:
      - name: sendresetpasswordemail
        method: POST
        description: Reset Password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-reset-validate
      path: /auth/reset/validate
      operations:
      - name: validatetoken
        method: GET
        description: Validates a Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: auth-reset-validate-password
      path: /auth/reset/validate-password
      operations:
      - name: validatepassword
        method: POST
        description: Validates Password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: auth-simple-login
      path: /auth/simple/login
      operations:
      - name: login
        method: POST
        description: Log in
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: bearer
      token: '{{env.UNLEASH_API_KEY}}'
  exposes:
  - type: rest
    namespace: admin-auth-rest
    port: 8080
    description: REST adapter for Unleash Admin API — Auth. One Spectral-compliant resource per consumed operation, prefixed
      with /v1.
    resources:
    - path: /v1/api/admin/access/overview
      name: api-admin-access-overview
      description: REST surface for api-admin-access-overview.
      operations:
      - method: GET
        name: getaccessoverview
        description: Gets Access Overview
        call: admin-auth.getaccessoverview
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/admin/auth/oidc/settings
      name: api-admin-auth-oidc-settings
      description: REST surface for api-admin-auth-oidc-settings.
      operations:
      - method: GET
        name: getoidcsettings
        description: Get OIDC Auth Settings
        call: admin-auth.getoidcsettings
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: setoidcsettings
        description: Set OIDC Settings
        call: admin-auth.setoidcsettings
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/admin/auth/saml/settings
      name: api-admin-auth-saml-settings
      description: REST surface for api-admin-auth-saml-settings.
      operations:
      - method: GET
        name: getsamlsettings
        description: Get SAML Auth Settings
        call: admin-auth.getsamlsettings
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: setsamlsettings
        description: Update SAML Auth Settings
        call: admin-auth.setsamlsettings
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/admin/auth/simple/settings
      name: api-admin-auth-simple-settings
      description: REST surface for api-admin-auth-simple-settings.
      operations:
      - method: GET
        name: getsimplesettings
        description: Get Simple Auth Settings
        call: admin-auth.getsimplesettings
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: setsimplesettings
        description: Update Simple Auth Settings
        call: admin-auth.setsimplesettings
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/admin/permissions
      name: api-admin-permissions
      description: REST surface for api-admin-permissions.
      operations:
      - method: GET
        name: getpermissions
        description: Gets Available Permissions
        call: admin-auth.getpermissions
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/admin/service-account/{id}/permissions
      name: api-admin-service-account-id-permissions
      description: REST surface for api-admin-service-account-id-permissions.
      operations:
      - method: GET
        name: getserviceaccountpermissions
        description: Returns the List of Permissions for the Service Account.
        call: admin-auth.getserviceaccountpermissions
        with:
          id: rest.id
          project: rest.project
          environment: rest.environment
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/reset/password
      name: auth-reset-password
      description: REST surface for auth-reset-password.
      operations:
      - method: POST
        name: changepassword
        description: Changes a User Password
        call: admin-auth.changepassword
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/reset/password-email
      name: auth-reset-password-email
      description: REST surface for auth-reset-password-email.
      operations:
      - method: POST
        name: sendresetpasswordemail
        description: Reset Password
        call: admin-auth.sendresetpasswordemail
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/reset/validate
      name: auth-reset-validate
      description: REST surface for auth-reset-validate.
      operations:
      - method: GET
        name: validatetoken
        description: Validates a Token
        call: admin-auth.validatetoken
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/reset/validate-password
      name: auth-reset-validate-password
      description: REST surface for auth-reset-validate-password.
      operations:
      - method: POST
        name: validatepassword
        description: Validates Password
        call: admin-auth.validatepassword
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/auth/simple/login
      name: auth-simple-login
      description: REST surface for auth-simple-login.
      operations:
      - method: POST
        name: login
        description: Log in
        call: admin-auth.login
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: admin-auth-mcp
    port: 9090
    transport: http
    description: MCP adapter for Unleash Admin API — Auth. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: gets-access-overview
      description: Gets Access Overview
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-auth.getaccessoverview
      outputParameters:
      - type: object
        mapping: $.
    - name: get-oidc-auth-settings
      description: Get OIDC Auth Settings
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-auth.getoidcsettings
      outputParameters:
      - type: object
        mapping: $.
    - name: set-oidc-settings
      description: Set OIDC Settings
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: admin-auth.setoidcsettings
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-saml-auth-settings
      description: Get SAML Auth Settings
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-auth.getsamlsettings
      outputParameters:
      - type: object
        mapping: $.
    - name: update-saml-auth-settings
      description: Update SAML Auth Settings
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: admin-auth.setsamlsettings
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-simple-auth-settings
      description: Get Simple Auth Settings
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-auth.getsimplesettings
      outputParameters:
      - type: object
        mapping: $.
    - name: update-simple-auth-settings
      description: Update Simple Auth Settings
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: admin-auth.setsimplesettings
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: gets-available-permissions
      description: Gets Available Permissions
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-auth.getpermissions
      outputParameters:
      - type: object
        mapping: $.
    - name: returns-list-permissions-service-account
      description: Returns the List of Permissions for the Service Account.
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-auth.getserviceaccountpermissions
      with:
        id: tools.id
        project: tools.project
        environment: tools.environment
      outputParameters:
      - type: object
        mapping: $.
    - name: changes-user-password
      description: Changes a User Password
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: admin-auth.changepassword
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: reset-password
      description: Reset Password
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: admin-auth.sendresetpasswordemail
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: validates-token
      description: Validates a Token
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-auth.validatetoken
      outputParameters:
      - type: object
        mapping: $.
    - name: validates-password
      description: Validates Password
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: admin-auth.validatepassword
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: log
      description: Log in
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: admin-auth.login
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.