Authenticated API
ACP (AI Cost & Performance) endpoints require a valid JWT Bearer token. Accessible via the API gateway.
Tool Permissions
Tools are specific actions agents can execute. Manage tool registrations, enable/disable tools for agents, and control access through permissions.
Tool Management
Register Tool
POST /acp/tools
Content-Type: application/json
Request Body:
{
"name": "create_order",
"display_name": "Create Order",
"description": "Create a new customer order",
"category": "commerce",
"endpoint": "/api/v1/orders",
"method": "POST",
"requires_capability": "order_management",
"risk_level": "low",
"rate_limit": {
"requests_per_minute": 100,
"requests_per_day": 10000
},
"input_schema": {
"type": "object",
"properties": {
"items": {"type": "array"},
"customer_id": {"type": "string"}
},
"required": ["items"]
}
}
List Tools
GET /acp/tools?category=commerce&enabled=true
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
category | string | Filter by category |
enabled | boolean | Filter by enabled status |
capability | string | Filter by required capability |
Get Tool Details
GET /acp/tools/{tool_id}
Enable Tool for Agent
POST /acp/tools/{tool_id}/enable
Content-Type: application/json
Request Body:
{
"agent_id": "agent_abc123",
"reason": "Required for order processing workflow"
}
Disable Tool for Agent
POST /acp/tools/{tool_id}/disable
Content-Type: application/json
Request Body:
{
"agent_id": "agent_abc123",
"reason": "Security review pending"
}
Permission Management
Control agent access to capabilities and resources.
Grant Permission
POST /acp/permissions
Content-Type: application/json
Request Body:
{
"agent_id": "agent_abc123",
"capability_id": "cap_order_mgmt",
"permission_level": "execute",
"scope": {
"tenant_ids": ["tenant_xyz"],
"location_ids": ["loc_123", "loc_456"]
},
"conditions": {
"max_order_value": 500.00,
"require_manager_approval_above": 200.00
},
"expires_at": "2026-12-31T23:59:59Z"
}
Permission Levels:
| Level | Description |
|---|---|
read | Can query/view data |
write | Can create/update data |
execute | Can perform actions |
admin | Full control including deletion |
List Permissions
GET /acp/permissions?agent_id=agent_abc123&is_active=true
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
agent_id | string | Filter by agent |
capability_id | string | Filter by capability |
is_active | boolean | Filter active permissions |
Revoke Permission
DELETE /acp/permissions/{permission_id}
Evaluate Permission
Check if an agent has permission for a specific action.
POST /acp/permissions/evaluate
Content-Type: application/json
Request Body:
{
"agent_id": "agent_abc123",
"capability": "order_management",
"action": "create_order",
"context": {
"tenant_id": "tenant_xyz",
"location_id": "loc_123",
"order_value": 150.00
}
}
Response (200 OK):
{
"allowed": true,
"permission_id": "perm_def456",
"permission_level": "execute",
"conditions_met": true,
"requires_approval": false,
"evaluated_at": "2026-01-19T14:30:00Z"
}
Related Pages
- Agent Management - Register and manage agents
- Capability Management - Define agent capabilities
- HITL Approvals - Approval workflows for sensitive actions
- Overview - ACP Integration overview