Auth

Authenticate, end, and inspect the runtime session. The examples use A2A code mode. MCP exposes the same code mode through its execute tool.

Functions

`auth.authorizations.grant`

auth.authorizations.grant(account_id: str, grant_kind: "capability" | "account_owner" | "super_admin", subject_id: str, subject_type: "user" | "group" | "service_account", capability_key?: str | null, resource_id?: str | null, resource_type?: "client" | "account" | "workspace" | "domain" | "dns_record" | "mailbox" | "redirect" | "forwarding" | "credential" | "tenant" | "route" | "proxy" | null) -> Session

Grant account authorizations.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/authorizations`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`grant_kind`	`"capability" \| "account_owner" \| "super_admin"`	yes	Grant kind
`subject_id`	`str`	yes	User or group identifier
`subject_type`	`"user" \| "group" \| "service_account"`	yes	Subject type: user or group
`capability_key`	`str \| null`	no	Capability key for capability grants
`resource_id`	`str \| null`	no	Scoped resource identifier
`resource_type`	`"client" \| "account" \| "workspace" \| "domain" \| "dns_record" \| "mailbox" \| "redirect" \| "forwarding" \| "credential" \| "tenant" \| "route" \| "proxy" \| null`	no	Scoped resource type

Returns

Field	Type	Required
`grant_kind`	`str`	yes
`id`	`str`	yes
`subject_id`	`str`	yes
`subject_type`	`str`	yes
`capability_key`	`str \| null`	no
`created_at`	`str \| null`	no
`resource_id`	`str \| null`	no
`resource_type`	`str \| null`	no
`revoked_at`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.authorizations.grant(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", grant_kind=\"<string>\", subject_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", subject_type=\"<string>\", capability_key=\"<string>\", resource_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", resource_type=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.authorizations.grant",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.authorizations.grant(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", grant_kind=\"<string>\", subject_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", subject_type=\"<string>\", capability_key=\"<string>\", resource_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", resource_type=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.authorizations.grant\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.authorizations.list`

auth.authorizations.list(account_id: str, capability_key?: str | null, grant_kind?: "capability" | "account_owner" | "super_admin" | null, include_revoked?: bool, subject_id?: str | null, subject_type?: "user" | "group" | "service_account" | null) -> list[Session]

List account authorization grants.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`GET /v1/public/accounts/{account_id}/auth/authorizations`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`capability_key`	`str \| null`	no	Filter by capability key
`grant_kind`	`"capability" \| "account_owner" \| "super_admin" \| null`	no	Filter by grant kind
`include_revoked`	`bool`	no	Include revoked grants or assignments
`subject_id`	`str \| null`	no	Filter by authorization subject ID
`subject_type`	`"user" \| "group" \| "service_account" \| null`	no	Filter by authorization subject type

Returns

Field	Type	Required
`grant_kind`	`str`	yes
`id`	`str`	yes
`subject_id`	`str`	yes
`subject_type`	`str`	yes
`capability_key`	`str \| null`	no
`created_at`	`str \| null`	no
`resource_id`	`str \| null`	no
`resource_type`	`str \| null`	no
`revoked_at`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.authorizations.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", capability_key=\"<string>\", grant_kind=\"<string>\", include_revoked=true, subject_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", subject_type=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.authorizations.list",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.authorizations.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", capability_key=\"<string>\", grant_kind=\"<string>\", include_revoked=true, subject_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", subject_type=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.authorizations.list\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.authorizations.revoke`

auth.authorizations.revoke(account_id: str, grant_id: str) -> {}

Revoke account authorization grants.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`DELETE /v1/public/accounts/{account_id}/auth/authorizations/{grant_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`grant_id`	`str`	yes	Authorization grant UUID from the route path

Returns

Field	Type	Required	Description
`result`	`{}`	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.authorizations.revoke(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", grant_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": {}
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.authorizations.revoke",
      "status": "completed",
      "result": {}
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.authorizations.revoke(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", grant_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": {}\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.authorizations.revoke\",\n      \"status\": \"completed\",\n      \"result\": {}\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.create`

auth.groups.create(account_id: str, payload: {"account_id": str, "name": str, "attributes"?: {} | null, "description"?: str | null}) -> Session

Create auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/groups`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`name`	`str`	yes
`attributes`	`{} \| null`	no
`description`	`str \| null`	no	Local group description

Returns

Field	Type	Required
`account_id`	`str`	yes
`id`	`str`	yes
`keycloak_name`	`str`	yes
`name`	`str`	yes
`attributes`	`{}`	no
`description`	`str \| null`	no
`keycloak_account_id`	`str \| null`	no
`linked_scopes`	`[{"resource_id": str, "resource_type": str}]`	no
`parent_id`	`str \| null`	no
`path`	`str \| null`	no
`permission_context`	`{"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}`	no
`subgroup_ids`	`[str]`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", payload=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.create",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", payload=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.create\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.delete`

auth.groups.delete(account_id: str, group_id: str) -> {}

Delete auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`DELETE /v1/public/accounts/{account_id}/auth/groups/{group_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`group_id`	`str`	yes	Auth group ID from the route path

Returns

Field	Type	Required	Description
`result`	`{}`	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.delete(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": {}
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.delete",
      "status": "completed",
      "result": {}
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.delete(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": {}\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.delete\",\n      \"status\": \"completed\",\n      \"result\": {}\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.get`

auth.groups.get(account_id: str, group_id: str) -> Session

Get auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`GET /v1/public/accounts/{account_id}/auth/groups/{group_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`group_id`	`str`	yes	Auth group ID from the route path

Returns

Field	Type	Required
`account_id`	`str`	yes
`id`	`str`	yes
`keycloak_name`	`str`	yes
`name`	`str`	yes
`attributes`	`{}`	no
`description`	`str \| null`	no
`keycloak_account_id`	`str \| null`	no
`linked_scopes`	`[{"resource_id": str, "resource_type": str}]`	no
`parent_id`	`str \| null`	no
`path`	`str \| null`	no
`permission_context`	`{"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}`	no
`subgroup_ids`	`[str]`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.get(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.get",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.get(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.get\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.invitations.create`

auth.groups.invitations.create(account_id: str, group_id: str, email: str, locale?: str | null, note?: str | null) -> Session

Create auth group invitations.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/groups/{group_id}/invitations`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`group_id`	`str`	yes	Auth group ID from the route path
`email`	`str`	yes	Target email address
`locale`	`str \| null`	no	Optional locale for transactional invitation email
`note`	`str \| null`	no

Returns

Field	Type	Required	Description
`result`	{"assignments": [{"assignment_kind": str, "position": int, "capability_key"?: str \| null, "grant_kind"?: str \| null, "group_id"?: str \| null, "id"?: str \| null, "resource_id"?: str \| null, "resource_type"?: str \| null, "role_key"?: str \| null}], "email": str, "id": str, "permission_context": {"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}, "status": str, "accepted_at"?: str \| null, "accepted_subject_id"?: str \| null, "created_at"?: str \| null, "expires_at"?: str \| null, "note"?: str \| null} \| {"accepted_subject_id": str, "assignment_count": int, "email": str, "grant_count": int, "group_membership_count": int, "permission_context": {"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}, "role_assignment_count": int, "mode"?: str, "status"?: str}	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.invitations.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", email=\"user@example.com\", locale=\"<string>\", note=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.invitations.create",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.invitations.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", email=\"user@example.com\", locale=\"<string>\", note=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.invitations.create\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.list`

auth.groups.list(account_id: str) -> list[Session]

List auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`GET /v1/public/accounts/{account_id}/auth/groups`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID

Returns

Field	Type	Required
`account_id`	`str`	yes
`id`	`str`	yes
`keycloak_name`	`str`	yes
`name`	`str`	yes
`attributes`	`{}`	no
`description`	`str \| null`	no
`keycloak_account_id`	`str \| null`	no
`linked_scopes`	`[{"resource_id": str, "resource_type": str}]`	no
`parent_id`	`str \| null`	no
`path`	`str \| null`	no
`permission_context`	`{"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}`	no
`subgroup_ids`	`[str]`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.list",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.list\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.members.add_group`

auth.groups.members.add_group(account_id: str, group_id: str, child_group_id: str) -> Session

Add child groups to auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/groups/{group_id}/members/groups`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`group_id`	`str`	yes	Auth group ID from the route path
`child_group_id`	`str`	yes

Returns

Field	Type	Required
`group_edges`	`int`	yes
`groups_seen`	`int`	yes
`total_edges`	`int`	yes
`user_edges`	`int`	yes
`group_id`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.members.add_group(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", child_group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.members.add_group",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.members.add_group(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", child_group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.members.add_group\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.members.add_user`

auth.groups.members.add_user(account_id: str, group_id: str, user_id: str) -> Session

Add users to auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/groups/{group_id}/members/users`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`group_id`	`str`	yes	Auth group ID from the route path
`user_id`	`str`	yes

Returns

Field	Type	Required
`group_edges`	`int`	yes
`groups_seen`	`int`	yes
`total_edges`	`int`	yes
`user_edges`	`int`	yes
`group_id`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.members.add_user(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", user_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.members.add_user",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.members.add_user(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", user_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.members.add_user\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.members.list`

auth.groups.members.list(account_id: str, group_id: str, page?: int, page_size?: int, search?: str | null) -> Session

List auth group members.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`GET /v1/public/accounts/{account_id}/auth/groups/{group_id}/members`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`group_id`	`str`	yes	Auth group ID from the route path
`page`	`int`	no	1-based result page
`page_size`	`int`	no	Maximum members per page
`search`	`str \| null`	no	Optional member search string

Returns

Field	Type	Required
`account_id`	`str`	yes
`group_id`	`str`	yes
`page`	`int`	yes
`page_size`	`int`	yes
`total`	`int`	yes
`groups`	[{"account_id": str, "id": str, "keycloak_name": str, "name": str, "attributes"?: {}, "description"?: str \| null, "keycloak_account_id"?: str \| null, "linked_scopes"?: [{"resource_id": str, "resource_type": str}], "parent_id"?: str \| null, "path"?: str \| null, "permission_context"?: {"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}, "subgroup_ids"?: [str]}]	no
`linked_scopes`	`[{"resource_id": str, "resource_type": str}]`	no
`members`	[{"resolved": bool, "subject_id": str, "subject_type": str, "group"?: {"account_id": str, "id": str, "keycloak_name": str, "name": str, "attributes"?: {}, "description"?: str \| null, "keycloak_account_id"?: str \| null, "linked_scopes"?: [{"resource_id": str, "resource_type": str}], "parent_id"?: str \| null, "path"?: str \| null, "permission_context"?: {"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}, "subgroup_ids"?: [str]} \| null, "user"?: {"id": str, "email"?: str \| null, "first_name"?: str \| null, "last_name"?: str \| null, "username"?: str \| null} \| null}]	no
`search`	`str \| null`	no
`users`	`[{"id": str, "email"?: str \| null, "first_name"?: str \| null, "last_name"?: str \| null, "username"?: str \| null}]`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.members.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", page=123, page_size=123, search=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.members.list",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.members.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", page=123, page_size=123, search=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.members.list\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.members.remove_group`

auth.groups.members.remove_group(account_id: str, child_group_id: str, group_id: str) -> Session

Remove child groups from auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`DELETE /v1/public/accounts/{account_id}/auth/groups/{group_id}/members/groups/{child_group_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`child_group_id`	`str`	yes	Child auth group ID from the route path
`group_id`	`str`	yes	Auth group ID from the route path

Returns

Field	Type	Required
`group_edges`	`int`	yes
`groups_seen`	`int`	yes
`total_edges`	`int`	yes
`user_edges`	`int`	yes
`group_id`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.members.remove_group(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", child_group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.members.remove_group",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.members.remove_group(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", child_group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.members.remove_group\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.members.remove_user`

auth.groups.members.remove_user(account_id: str, group_id: str, user_id: str) -> Session

Remove users from auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`DELETE /v1/public/accounts/{account_id}/auth/groups/{group_id}/members/users/{user_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`group_id`	`str`	yes	Auth group ID from the route path
`user_id`	`str`	yes	Auth user ID from the route path

Returns

Field	Type	Required
`group_edges`	`int`	yes
`groups_seen`	`int`	yes
`total_edges`	`int`	yes
`user_edges`	`int`	yes
`group_id`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.members.remove_user(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", user_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.members.remove_user",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.members.remove_user(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", user_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.members.remove_user\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.groups.update`

auth.groups.update(account_id: str, group_id: str, attributes?: {} | null, description?: str | null, name?: str | null) -> Session

Update auth groups.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`PATCH /v1/public/accounts/{account_id}/auth/groups/{group_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`group_id`	`str`	yes	Auth group ID from the route path
`attributes`	`{} \| null`	no
`description`	`str \| null`	no
`name`	`str \| null`	no

Returns

Field	Type	Required
`account_id`	`str`	yes
`id`	`str`	yes
`keycloak_name`	`str`	yes
`name`	`str`	yes
`attributes`	`{}`	no
`description`	`str \| null`	no
`keycloak_account_id`	`str \| null`	no
`linked_scopes`	`[{"resource_id": str, "resource_type": str}]`	no
`parent_id`	`str \| null`	no
`path`	`str \| null`	no
`permission_context`	`{"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}`	no
`subgroup_ids`	`[str]`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.groups.update(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", attributes=\"<string>\", description=\"<string>\", name=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.groups.update",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.groups.update(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", group_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", attributes=\"<string>\", description=\"<string>\", name=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.groups.update\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.invitations.create`

auth.invitations.create(account_id: str, assignments: [{"capability_key"?: str | null, "grant_kind"?: "capability" | "account_owner" | "super_admin" | null, "group_id"?: str | null, "resource_id"?: str | null, "resource_type"?: "client" | "account" | "workspace" | "domain" | "dns_record" | "mailbox" | "redirect" | "forwarding" | "credential" | "tenant" | "route" | "proxy" | null, "role_key"?: str | null}], email: str, locale?: str | null, note?: str | null) -> Session

Create account invitations.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/invitations`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`assignments`	`[{"capability_key"?: str \| null, "grant_kind"?: "capability" \| "account_owner" \| "super_admin" \| null, "group_id"?: str \| null, "resource_id"?: str \| null, "resource_type"?: "client" \| "account" \| "workspace" \| "domain" \| "dns_record" \| "mailbox" \| "redirect" \| "forwarding" \| "credential" \| "tenant" \| "route" \| "proxy" \| null, "role_key"?: str \| null}]`	yes
`email`	`str`	yes	Target email address
`locale`	`str \| null`	no	Optional locale for transactional invitation email
`note`	`str \| null`	no

Returns

Field	Type	Required	Description
`result`	{"assignments": [{"assignment_kind": str, "position": int, "capability_key"?: str \| null, "grant_kind"?: str \| null, "group_id"?: str \| null, "id"?: str \| null, "resource_id"?: str \| null, "resource_type"?: str \| null, "role_key"?: str \| null}], "email": str, "id": str, "permission_context": {"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}, "status": str, "accepted_at"?: str \| null, "accepted_subject_id"?: str \| null, "created_at"?: str \| null, "expires_at"?: str \| null, "note"?: str \| null} \| {"accepted_subject_id": str, "assignment_count": int, "email": str, "grant_count": int, "group_membership_count": int, "permission_context": {"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}, "role_assignment_count": int, "mode"?: str, "status"?: str}	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.invitations.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", assignments=\"<string>\", email=\"user@example.com\", locale=\"<string>\", note=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.invitations.create",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.invitations.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", assignments=\"<string>\", email=\"user@example.com\", locale=\"<string>\", note=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.invitations.create\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.invitations.delete`

auth.invitations.delete(account_id: str, invitation_id: str) -> {}

Delete account invitations.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`DELETE /v1/public/accounts/{account_id}/auth/invitations/{invitation_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`invitation_id`	`str`	yes	Invitation UUID from the route path

Returns

Field	Type	Required	Description
`result`	`{}`	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.invitations.delete(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", invitation_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": {}
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.invitations.delete",
      "status": "completed",
      "result": {}
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.invitations.delete(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", invitation_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": {}\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.invitations.delete\",\n      \"status\": \"completed\",\n      \"result\": {}\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.invitations.list`

auth.invitations.list(account_id: str, email?: str | null, status?: str | null) -> list[Session]

List account invitations.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`GET /v1/public/accounts/{account_id}/auth/invitations`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`email`	`str \| null`	no	Filter invitations by recipient email
`status`	`str \| null`	no	Filter invitations by status

Returns

Field	Type	Required
`assignments`	`[{"assignment_kind": str, "position": int, "capability_key"?: str \| null, "grant_kind"?: str \| null, "group_id"?: str \| null, "id"?: str \| null, "resource_id"?: str \| null, "resource_type"?: str \| null, "role_key"?: str \| null}]`	yes
`email`	`str`	yes
`id`	`str`	yes
`permission_context`	`{"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}`	yes
`status`	`str`	yes
`accepted_at`	`str \| null`	no
`accepted_subject_id`	`str \| null`	no
`created_at`	`str \| null`	no
`expires_at`	`str \| null`	no
`note`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.invitations.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", email=\"user@example.com\", status=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.invitations.list",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.invitations.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", email=\"user@example.com\", status=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.invitations.list\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.invitations.resend`

auth.invitations.resend(account_id: str, invitation_id: str, payload?: {"locale"?: str | null} | null) -> Session

Resend account invitations.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/invitations/{invitation_id}/resend`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`invitation_id`	`str`	yes	Invitation UUID from the route path
`payload`	`{"locale"?: str \| null} \| null`	yes

Returns

Field	Type	Required
`assignments`	`[{"assignment_kind": str, "position": int, "capability_key"?: str \| null, "grant_kind"?: str \| null, "group_id"?: str \| null, "id"?: str \| null, "resource_id"?: str \| null, "resource_type"?: str \| null, "role_key"?: str \| null}]`	yes
`email`	`str`	yes
`id`	`str`	yes
`permission_context`	`{"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}`	yes
`status`	`str`	yes
`accepted_at`	`str \| null`	no
`accepted_subject_id`	`str \| null`	no
`created_at`	`str \| null`	no
`expires_at`	`str \| null`	no
`note`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.invitations.resend(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", invitation_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", payload=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.invitations.resend",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.invitations.resend(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", invitation_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", payload=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.invitations.resend\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.invitations.update`

auth.invitations.update(account_id: str, invitation_id: str, assignments: [{"capability_key"?: str | null, "grant_kind"?: "capability" | "account_owner" | "super_admin" | null, "group_id"?: str | null, "resource_id"?: str | null, "resource_type"?: "client" | "account" | "workspace" | "domain" | "dns_record" | "mailbox" | "redirect" | "forwarding" | "credential" | "tenant" | "route" | "proxy" | null, "role_key"?: str | null}], note?: str | null) -> Session

Update account invitations.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`PATCH /v1/public/accounts/{account_id}/auth/invitations/{invitation_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`invitation_id`	`str`	yes	Invitation UUID from the route path
`assignments`	`[{"capability_key"?: str \| null, "grant_kind"?: "capability" \| "account_owner" \| "super_admin" \| null, "group_id"?: str \| null, "resource_id"?: str \| null, "resource_type"?: "client" \| "account" \| "workspace" \| "domain" \| "dns_record" \| "mailbox" \| "redirect" \| "forwarding" \| "credential" \| "tenant" \| "route" \| "proxy" \| null, "role_key"?: str \| null}]`	yes
`note`	`str \| null`	no

Returns

Field	Type	Required
`assignments`	`[{"assignment_kind": str, "position": int, "capability_key"?: str \| null, "grant_kind"?: str \| null, "group_id"?: str \| null, "id"?: str \| null, "resource_id"?: str \| null, "resource_type"?: str \| null, "role_key"?: str \| null}]`	yes
`email`	`str`	yes
`id`	`str`	yes
`permission_context`	`{"assigned_bundle_keys"?: [str], "direct_capability_keys"?: [str], "owner_assignments"?: [{"account_id": str}], "resolved_capability_keys"?: [str], "status"?: str, "subject_id"?: str, "subject_type"?: str}`	yes
`status`	`str`	yes
`accepted_at`	`str \| null`	no
`accepted_subject_id`	`str \| null`	no
`created_at`	`str \| null`	no
`expires_at`	`str \| null`	no
`note`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.invitations.update(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", invitation_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", assignments=\"<string>\", note=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": 123
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.invitations.update",
      "status": "completed",
      "result": 123
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.invitations.update(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", invitation_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", assignments=\"<string>\", note=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": 123\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.invitations.update\",\n      \"status\": \"completed\",\n      \"result\": 123\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

auth.login(identifier?: str, email?: str, username?: str, password?: str, service_account_token?: str) -> Session

Authenticate the runtime session.

Property	Value	Property	Value
Requires permission	`None`	Auth required	`no`
Execution mode	`sync`

Arguments

Name	Type	Required
`identifier`	`str`	no
`email`	`str`	no
`username`	`str`	no
`password`	`str`	no
`service_account_token`	`str`	no

Returns

Field	Type	Required
`authenticated`	`bool`	yes
`principal_type`	`str`	yes
`user_id`	`str`	no
`service_account_id`	`str`	no
`email`	`str`	no
`username`	`str`	no
`expires_at`	`str`	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.login(identifier=\"<string>\", email=\"user@example.com\", username=\"<string>\", password=\"<string>\", service_account_token=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": true
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.login",
      "status": "completed",
      "result": true
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.login(identifier=\"<string>\", email=\"user@example.com\", username=\"<string>\", password=\"<string>\", service_account_token=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": true\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.login\",\n      \"status\": \"completed\",\n      \"result\": true\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.logout`

auth.logout() -> Session

Log out the runtime session.

Property	Value	Property	Value
Requires permission	`None`	Auth required	`no`
Execution mode	`sync`

Returns

Field	Type	Required	Description
`logged_out`	`bool`	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.logout()"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": {
      "logged_out": true
    }
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.logout",
      "status": "completed",
      "result": {
        "logged_out": true
      }
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.logout()"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": {\n      \"logged_out\": true\n    }\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.logout\",\n      \"status\": \"completed\",\n      \"result\": {\n        \"logged_out\": true\n      }\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.role_assignments.create`

auth.role_assignments.create(account_id: str, resource_id: str, resource_type: "client" | "account" | "workspace" | "domain" | "dns_record" | "mailbox" | "redirect" | "forwarding" | "credential" | "tenant" | "route" | "proxy", role_key: "viewer" | "editor" | "domain_manager" | "manager" | "dns_manager" | "ip_manager" | "billing_viewer" | "billing_admin" | "credential_manager", subject_id: str, subject_type: "user" | "group" | "service_account") -> Session

Create account role assignments.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/role-assignments`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`resource_id`	`str`	yes	Assignment scope resource identifier
`resource_type`	`"client" \| "account" \| "workspace" \| "domain" \| "dns_record" \| "mailbox" \| "redirect" \| "forwarding" \| "credential" \| "tenant" \| "route" \| "proxy"`	yes	Assignment scope resource type
`role_key`	`"viewer" \| "editor" \| "domain_manager" \| "manager" \| "dns_manager" \| "ip_manager" \| "billing_viewer" \| "billing_admin" \| "credential_manager"`	yes	Code-defined role key
`subject_id`	`str`	yes	User, group, or service account identifier
`subject_type`	`"user" \| "group" \| "service_account"`	yes	Role assignment subject type: user, group, or service_account

Returns

Field	Type	Required
`expanded_capability_keys`	`[str]`	yes
`id`	`str`	yes
`resource_id`	`str`	yes
`resource_type`	`str`	yes
`role_key`	`str`	yes
`subject_id`	`str`	yes
`subject_type`	`str`	yes
`created_at`	`str \| null`	no
`revoked_at`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.role_assignments.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", resource_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", resource_type=\"<string>\", role_key=\"<string>\", subject_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", subject_type=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.role_assignments.create",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.role_assignments.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", resource_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", resource_type=\"<string>\", role_key=\"<string>\", subject_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", subject_type=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.role_assignments.create\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.role_assignments.delete`

auth.role_assignments.delete(account_id: str, assignment_id: str) -> {}

Delete account role assignments.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`DELETE /v1/public/accounts/{account_id}/auth/role-assignments/{assignment_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`assignment_id`	`str`	yes	Role assignment UUID from the route path

Returns

Field	Type	Required	Description
`result`	`{}`	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.role_assignments.delete(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", assignment_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": {}
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.role_assignments.delete",
      "status": "completed",
      "result": {}
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.role_assignments.delete(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", assignment_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": {}\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.role_assignments.delete\",\n      \"status\": \"completed\",\n      \"result\": {}\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.role_assignments.list`

auth.role_assignments.list(account_id: str, include_revoked?: bool, role_key?: "viewer" | "editor" | "domain_manager" | "manager" | "dns_manager" | "ip_manager" | "billing_viewer" | "billing_admin" | "credential_manager" | null, subject_id?: str | null, subject_type?: "user" | "group" | "service_account" | null) -> list[Session]

List account role assignments.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`GET /v1/public/accounts/{account_id}/auth/role-assignments`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`include_revoked`	`bool`	no	Include revoked grants or assignments
`role_key`	`"viewer" \| "editor" \| "domain_manager" \| "manager" \| "dns_manager" \| "ip_manager" \| "billing_viewer" \| "billing_admin" \| "credential_manager" \| null`	no	Filter by authorization role key
`subject_id`	`str \| null`	no	Filter by authorization subject ID
`subject_type`	`"user" \| "group" \| "service_account" \| null`	no	Filter by authorization subject type

Returns

Field	Type	Required
`expanded_capability_keys`	`[str]`	yes
`id`	`str`	yes
`resource_id`	`str`	yes
`resource_type`	`str`	yes
`role_key`	`str`	yes
`subject_id`	`str`	yes
`subject_type`	`str`	yes
`created_at`	`str \| null`	no
`revoked_at`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.role_assignments.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", include_revoked=true, role_key=\"<string>\", subject_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", subject_type=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.role_assignments.list",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.role_assignments.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", include_revoked=true, role_key=\"<string>\", subject_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", subject_type=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.role_assignments.list\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.service_accounts.create`

auth.service_accounts.create(account_id: str, name: str, expires_at?: str | null) -> Session

Create a service account and reveal its token once.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/service-accounts`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`name`	`str`	yes	Human-readable service account name
`expires_at`	`str \| null`	no	Optional UTC token expiry timestamp

Returns

Field	Type	Required	Description
`account_id`	`str`	yes
`created_at`	`str`	yes
`id`	`str`	yes
`name`	`str`	yes
`token`	`str`	yes	Plaintext bearer token. Store it now; it is never returned again.
`token_last4`	`str`	yes
`token_prefix`	`str`	yes
`token_public_id`	`str`	yes
`updated_at`	`str`	yes
`created_by_user_id`	`str \| null`	no
`expires_at`	`str \| null`	no
`last_used_at`	`str \| null`	no
`revoked_at`	`str \| null`	no
`revoked_by_user_id`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.service_accounts.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", name=\"<string>\", expires_at=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.service_accounts.create",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.service_accounts.create(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", name=\"<string>\", expires_at=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.service_accounts.create\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.service_accounts.list`

auth.service_accounts.list(account_id: str, include_revoked?: bool) -> list[Session]

List service accounts.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`GET /v1/public/accounts/{account_id}/auth/service-accounts`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`include_revoked`	`bool`	no	Include revoked service accounts

Returns

Field	Type	Required
`account_id`	`str`	yes
`created_at`	`str`	yes
`id`	`str`	yes
`name`	`str`	yes
`token_last4`	`str`	yes
`token_prefix`	`str`	yes
`token_public_id`	`str`	yes
`updated_at`	`str`	yes
`created_by_user_id`	`str \| null`	no
`expires_at`	`str \| null`	no
`last_used_at`	`str \| null`	no
`revoked_at`	`str \| null`	no
`revoked_by_user_id`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.service_accounts.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", include_revoked=true)"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.service_accounts.list",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.service_accounts.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", include_revoked=true)"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.service_accounts.list\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.service_accounts.revoke`

auth.service_accounts.revoke(account_id: str, service_account_id: str) -> {}

Revoke a service account.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`DELETE /v1/public/accounts/{account_id}/auth/service-accounts/{service_account_id}`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`service_account_id`	`str`	yes	Service account UUID from the route path

Returns

Field	Type	Required	Description
`result`	`{}`	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.service_accounts.revoke(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", service_account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": {}
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.service_accounts.revoke",
      "status": "completed",
      "result": {}
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.service_accounts.revoke(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", service_account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": {}\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.service_accounts.revoke\",\n      \"status\": \"completed\",\n      \"result\": {}\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.service_accounts.rotate`

auth.service_accounts.rotate(account_id: str, service_account_id: str) -> Session

Rotate a service account token and reveal the replacement once.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`POST /v1/public/accounts/{account_id}/auth/service-accounts/{service_account_id}/rotate`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`service_account_id`	`str`	yes	Service account UUID from the route path

Returns

Field	Type	Required	Description
`account_id`	`str`	yes
`created_at`	`str`	yes
`id`	`str`	yes
`name`	`str`	yes
`token`	`str`	yes	Plaintext bearer token. Store it now; it is never returned again.
`token_last4`	`str`	yes
`token_prefix`	`str`	yes
`token_public_id`	`str`	yes
`updated_at`	`str`	yes
`created_by_user_id`	`str \| null`	no
`expires_at`	`str \| null`	no
`last_used_at`	`str \| null`	no
`revoked_at`	`str \| null`	no
`revoked_by_user_id`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.service_accounts.rotate(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", service_account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.service_accounts.rotate",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.service_accounts.rotate(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", service_account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.service_accounts.rotate\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.users.list`

auth.users.list(account_id: str, limit?: int, search?: str | null) -> list[Session]

List auth users.

Property	Value	Property	Value
Requires permission	`auth.manage`	Auth required	`yes`
Execution mode	`sync`	Capability	`auth.manage`
Resource type	`account`	Resource ID field	`account_id`
Public API route	`GET /v1/public/accounts/{account_id}/auth/users`

Arguments

Name	Type	Required	Description
`account_id`	`str`	yes	Account UUID
`limit`	`int`	no	Maximum number of users to return
`search`	`str \| null`	no	Optional user search string

Returns

Field	Type	Required
`id`	`str`	yes
`email`	`str \| null`	no
`first_name`	`str \| null`	no
`last_name`	`str \| null`	no
`username`	`str \| null`	no

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.users.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", limit=123, search=\"<string>\")"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": "<string>"
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.users.list",
      "status": "completed",
      "result": "<string>"
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.users.list(account_id=\"3c90c3cc-0d44-4b50-8888-8dd25736052a\", limit=123, search=\"<string>\")"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": \"<string>\"\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.users.list\",\n      \"status\": \"completed\",\n      \"result\": \"<string>\"\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

`auth.whoami`

auth.whoami() -> Session

Describe the current runtime session.

Property	Value	Property	Value
Requires permission	`None`	Auth required	`no`
Execution mode	`sync`

Returns

Field	Type	Required
`authenticated`	`bool`	yes
`user_id`	`str`	no
`email`	`str`	no
`username`	`str`	no
`expires_at`	`str`	yes

A2A example

Request:

{
  "request_id": "example",
  "session_id": "session_123",
  "code": "auth.whoami()"
}

Response:

{
  "request_id": "example",
  "status": "completed",
  "result": {
    "last_value": true
  },
  "responses": [
    {
      "index": 0,
      "function": "auth.whoami",
      "status": "completed",
      "result": true
    }
  ],
  "complexity_score": 1
}

MCP example

Request:

{
  "jsonrpc": "2.0",
  "id": "example",
  "method": "tools/call",
  "params": {
    "name": "hybridbox_execute",
    "arguments": {
      "code": "auth.whoami()"
    }
  }
}

Response:

{
  "jsonrpc": "2.0",
  "id": "example",
  "result": {
    "content": [
      {
        "type": "text",
        "text": "{\n  \"request_id\": \"example\",\n  \"status\": \"completed\",\n  \"result\": {\n    \"last_value\": true\n  },\n  \"responses\": [\n    {\n      \"index\": 0,\n      \"function\": \"auth.whoami\",\n      \"status\": \"completed\",\n      \"result\": true\n    }\n  ],\n  \"complexity_score\": 1\n}"
      }
    ],
    "isError": false
  }
}

​Auth

​Functions

​auth.authorizations.grant

​auth.authorizations.list

​auth.authorizations.revoke

​auth.groups.create

​auth.groups.delete

​auth.groups.get

​auth.groups.invitations.create

​auth.groups.list

​auth.groups.members.add_group

​auth.groups.members.add_user

​auth.groups.members.list

​auth.groups.members.remove_group

​auth.groups.members.remove_user

​auth.groups.update

​auth.invitations.create

​auth.invitations.delete

​auth.invitations.list

​auth.invitations.resend

​auth.invitations.update

​auth.login

​auth.logout

​auth.role_assignments.create

​auth.role_assignments.delete

​auth.role_assignments.list

​auth.service_accounts.create

​auth.service_accounts.list

​auth.service_accounts.revoke

​auth.service_accounts.rotate

​auth.users.list

​auth.whoami

Auth

Functions

`auth.authorizations.grant`

`auth.authorizations.list`

`auth.authorizations.revoke`

`auth.groups.create`

`auth.groups.delete`

`auth.groups.get`

`auth.groups.invitations.create`

`auth.groups.list`

`auth.groups.members.add_group`

`auth.groups.members.add_user`

`auth.groups.members.list`

`auth.groups.members.remove_group`

`auth.groups.members.remove_user`

`auth.groups.update`

`auth.invitations.create`

`auth.invitations.delete`

`auth.invitations.list`

`auth.invitations.resend`

`auth.invitations.update`

`auth.login`

`auth.logout`

`auth.role_assignments.create`

`auth.role_assignments.delete`

`auth.role_assignments.list`

`auth.service_accounts.create`

`auth.service_accounts.list`

`auth.service_accounts.revoke`

`auth.service_accounts.rotate`

`auth.users.list`

`auth.whoami`