VTEX · Capability

VTex Anti-fraud Provider API — OAuth Flow

VTex Anti-fraud Provider API — OAuth Flow. 4 operations. Lead operation: VTex 4. Get Credentials. Self-contained Naftiko capability covering one Vtex business surface.

Run with Naftiko VtexOAuth Flow

What You Can Do

GET
4getcredentials — VTex 4. Get Credentials
/v1/authorization/credentials
POST
1retrievetoken — VTex 1. Retrieve Token
/v1/authorization/token
GET
3returntovtex — 3. Return to VTEX
/v1/authorizationcode
GET
2redirect — VTex 2. Redirect
/v1/redirect

MCP Tools

vtex-4-get-credentials

VTex 4. Get Credentials

read-only idempotent
vtex-1-retrieve-token

VTex 1. Retrieve Token

read-only
3-return-vtex

3. Return to VTEX

read-only idempotent
vtex-2-redirect

VTex 2. Redirect

read-only idempotent

Capability Spec

anti-fraud-provider-oauth-flow.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: VTex Anti-fraud Provider API — OAuth Flow
  description: 'VTex Anti-fraud Provider API — OAuth Flow. 4 operations. Lead operation: VTex 4. Get Credentials. Self-contained
    Naftiko capability covering one Vtex business surface.'
  tags:
  - Vtex
  - OAuth Flow
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    VTEX_API_KEY: VTEX_API_KEY
capability:
  consumes:
  - type: http
    namespace: anti-fraud-provider-oauth-flow
    baseUri: https://{providerApiEndpoint}
    description: VTex Anti-fraud Provider API — OAuth Flow business capability. Self-contained, no shared references.
    resources:
    - name: authorization-credentials
      path: /authorization/credentials
      operations:
      - name: 4getcredentials
        method: GET
        description: VTex 4. Get Credentials
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: authorizationCode
          in: query
          type: string
          description: Code generate by affiliation that will be used to identify the merchant authorization.
          required: true
        - name: applicationId
          in: query
          type: string
          description: VTEX application identifier.
          required: true
    - name: authorization-token
      path: /authorization/token
      operations:
      - name: 1retrievetoken
        method: POST
        description: VTex 1. Retrieve Token
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: authorizationCode
      path: /authorizationCode
      operations:
      - name: 3returntovtex
        method: GET
        description: 3. Return to VTEX
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: providerAuthorizationCode
          in: query
          type: string
          description: Provider authorization code information.
          required: true
    - name: redirect
      path: /redirect
      operations:
      - name: 2redirect
        method: GET
        description: VTex 2. Redirect
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: token
          in: query
          type: string
          description: Token information.
          required: true
        - name: applicationId
          in: query
          type: string
          description: VTEX application identifier.
          required: true
    authentication:
      type: apikey
      key: VtexIdclientAutCookie
      value: '{{env.VTEX_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: anti-fraud-provider-oauth-flow-rest
    port: 8080
    description: REST adapter for VTex Anti-fraud Provider API — OAuth Flow. One Spectral-compliant resource per consumed
      operation, prefixed with /v1.
    resources:
    - path: /v1/authorization/credentials
      name: authorization-credentials
      description: REST surface for authorization-credentials.
      operations:
      - method: GET
        name: 4getcredentials
        description: VTex 4. Get Credentials
        call: anti-fraud-provider-oauth-flow.4getcredentials
        with:
          authorizationCode: rest.authorizationCode
          applicationId: rest.applicationId
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authorization/token
      name: authorization-token
      description: REST surface for authorization-token.
      operations:
      - method: POST
        name: 1retrievetoken
        description: VTex 1. Retrieve Token
        call: anti-fraud-provider-oauth-flow.1retrievetoken
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/authorizationcode
      name: authorizationcode
      description: REST surface for authorizationCode.
      operations:
      - method: GET
        name: 3returntovtex
        description: 3. Return to VTEX
        call: anti-fraud-provider-oauth-flow.3returntovtex
        with:
          providerAuthorizationCode: rest.providerAuthorizationCode
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/redirect
      name: redirect
      description: REST surface for redirect.
      operations:
      - method: GET
        name: 2redirect
        description: VTex 2. Redirect
        call: anti-fraud-provider-oauth-flow.2redirect
        with:
          token: rest.token
          applicationId: rest.applicationId
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: anti-fraud-provider-oauth-flow-mcp
    port: 9090
    transport: http
    description: MCP adapter for VTex Anti-fraud Provider API — OAuth Flow. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: vtex-4-get-credentials
      description: VTex 4. Get Credentials
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: anti-fraud-provider-oauth-flow.4getcredentials
      with:
        authorizationCode: tools.authorizationCode
        applicationId: tools.applicationId
      outputParameters:
      - type: object
        mapping: $.
    - name: vtex-1-retrieve-token
      description: VTex 1. Retrieve Token
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: anti-fraud-provider-oauth-flow.1retrievetoken
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: 3-return-vtex
      description: 3. Return to VTEX
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: anti-fraud-provider-oauth-flow.3returntovtex
      with:
        providerAuthorizationCode: tools.providerAuthorizationCode
      outputParameters:
      - type: object
        mapping: $.
    - name: vtex-2-redirect
      description: VTex 2. Redirect
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: anti-fraud-provider-oauth-flow.2redirect
      with:
        token: tools.token
        applicationId: tools.applicationId
      outputParameters:
      - type: object
        mapping: $.