Freestyle

Freestyle Identity API

Identity and access management for end users and AI agents. Create identities, mint and revoke access tokens, grant per-repo Git permissions (read/write/admin), grant per-VM permissions with an allowed-users list, and inspect the current bearer-token whoami plus long-running background-request status.

Freestyle Identity API is one of 8 APIs that Freestyle publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

This API exposes 5 machine-runnable capabilities that can be deployed as REST, MCP, or Agent Skill surfaces via Naftiko.

Tagged areas include Identity, Access Management, Permissions, Tokens, and Agents. The published artifact set on APIs.io includes API documentation, an OpenAPI specification, a JSON-LD context, and 5 Naftiko capability specs.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.freestyle.sh/v2/about

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/freestyle-sh/refs/heads/main/openapi/freestyle-identity-api-openapi.yml

Other Resources

🔗
JSONLD
https://raw.githubusercontent.com/api-evangelist/freestyle-sh/refs/heads/main/json-ld/freestyle-sh-context.jsonld
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/freestyle-sh/refs/heads/main/capabilities/identity-identities.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/freestyle-sh/refs/heads/main/capabilities/identity-tokens.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/freestyle-sh/refs/heads/main/capabilities/identity-git-permissions.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/freestyle-sh/refs/heads/main/capabilities/identity-vm-permissions.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/freestyle-sh/refs/heads/main/capabilities/identity-auth.yaml

OpenAPI Specification

freestyle-identity-api-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Freestyle Identity API
  version: 0.1.0
  description: "Identity and access management for end users and agents \u2014 identities, access tokens, repository permissions,\
    \ VM permissions, and bearer-token whoami/background-request lookup."
  contact:
    name: Ben
    email: [email protected]
  license:
    name: Closed Source
servers:
- url: https://api.freestyle.sh
  description: Production
tags:
- name: Identity
  description: APIs for managing identities and access tokens.
paths:
  /auth/v1/background-requests/{request_id}:
    get:
      tags:
      - Auth
      summary: Get Background Request Result
      description: Replay the stored response for a backgrounded request when it finishes.
      operationId: handle_get_background_request
      parameters:
      - name: request_id
        in: path
        description: Background request ID
        required: true
        schema:
          $ref: '#/components/schemas/RequestId'
      responses:
        '200':
          description: Completed request response replayed
        '202':
          description: Background request still running
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BackgroundRequestPendingResponse'
        '404':
          description: Background request not found or expired
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BackgroundRequestErrorResponse'
  /auth/v1/whoami:
    get:
      tags:
      - Auth
      summary: Get Current User
      description: Returns information about the currently authenticated user or identity.
      operationId: handle_whoami
      responses:
        '200':
          description: Current authenticated user information
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WhoAmIResponse'
  /identity/v1/identities:
    get:
      tags:
      - Identity
      summary: List Identities
      description: List identities created by your account.
      operationId: handle_list_identities
      parameters:
      - name: limit
        in: query
        required: false
        schema:
          type:
          - integer
          - 'null'
          format: int64
          minimum: 0
      - name: offset
        in: query
        required: false
        schema:
          type:
          - integer
          - 'null'
          format: int64
          minimum: 0
      - name: includeManaged
        in: query
        required: false
        schema:
          type:
          - boolean
          - 'null'
      responses:
        '200':
          description: List of identities
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListIdentitiesSuccess'
    post:
      tags:
      - Identity
      summary: Create an Identity
      description: Create an identity. This identity will be used to authenticate with the Git server.
      operationId: handle_create_identity
      responses:
        '200':
          description: Identity created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FreestyleIdentity'
  /identity/v1/identities/{identity}:
    delete:
      tags:
      - Identity
      summary: Delete an Identity
      description: Delete an identity. This will revoke all permissions granted to this identity.
      operationId: handle_delete_identity
      parameters:
      - name: identity
        in: path
        required: true
        schema:
          type: string
          format: uuid
      responses:
        '200':
          description: Identity deleted
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmptyResponse'
  /identity/v1/identities/{identity}/permissions/git:
    get:
      tags:
      - Identity
      summary: List Repository Permissions for an Identity
      description: List repository permissions for an identity. This will return a list of repositories that the identity
        has access to.
      operationId: handle_list_git_permissions
      parameters:
      - name: identity
        in: path
        required: true
        schema:
          type: string
          format: uuid
      - name: limit
        in: query
        description: Maximum number of repositories to return
        required: false
        schema:
          type: integer
          format: int64
          minimum: 0
      - name: offset
        in: query
        description: Offset for the list of repositories
        required: false
        schema:
          type: integer
          format: int64
          minimum: 0
      responses:
        '200':
          description: Permission list
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListGitPermissionSuccess'
  /identity/v1/identities/{identity}/permissions/git/{repo}:
    get:
      tags:
      - Identity
      summary: Get the Git Permission of an Identity on a Repository
      description: Get the permission of an identity on a repository. This will return the access level of the identity on
        the repository.
      operationId: handle_describe_git_permission
      parameters:
      - name: identity
        in: path
        description: The git identity ID
        required: true
        schema:
          type: string
          format: uuid
      - name: repo
        in: path
        description: The git repository ID
        required: true
        schema:
          type: string
          format: uuid
      responses:
        '200':
          description: Permission info
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/DescribeGitPermissionSuccess'
    put:
      tags:
      - Identity
      summary: Update a Git Repository Permission for an Identity
      description: Update a permission for an identity on a repository
      operationId: handle_update_git_permission
      parameters:
      - name: identity
        in: path
        description: The git identity ID
        required: true
        schema:
          type: string
          format: uuid
      - name: repo
        in: path
        description: The git repository ID
        required: true
        schema:
          type: string
          format: uuid
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateGitPermissionRequest'
        required: true
      responses:
        '200':
          description: Permission updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmptyResponse'
    post:
      tags:
      - Identity
      summary: Grant a Git Repository Permission to an Identity
      description: Grant a permission to an identity on a repository
      operationId: handle_grant_git_permission
      parameters:
      - name: identity
        in: path
        description: The git identity ID
        required: true
        schema:
          type: string
          format: uuid
      - name: repo
        in: path
        description: The git repository ID
        required: true
        schema:
          type: string
          format: uuid
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GrantGitPermissionRequest'
        required: true
      responses:
        '200':
          description: Permission granted successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmptyResponse'
    delete:
      tags:
      - Identity
      summary: Revoke Git Repository Permission From an Identity
      description: Revoke a permission to an identity on a repository
      operationId: handle_revoke_git_permission
      parameters:
      - name: identity
        in: path
        description: The git identity ID
        required: true
        schema:
          type: string
          format: uuid
      - name: repo
        in: path
        description: The git repository ID
        required: true
        schema:
          type: string
          format: uuid
      responses:
        '200':
          description: Permission revoked successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmptyResponse'
  /identity/v1/identities/{identity}/permissions/vm:
    get:
      tags:
      - Identity
      summary: List VM Permissions for an Identity
      description: List all VM permissions granted to a specific Git identity
      operationId: handle_list_vm_permissions
      parameters:
      - name: identity
        in: path
        required: true
        schema:
          type: string
          format: uuid
      - name: limit
        in: query
        required: false
        schema:
          type:
          - integer
          - 'null'
          format: int64
          minimum: 0
      - name: offset
        in: query
        required: false
        schema:
          type:
          - integer
          - 'null'
          format: int64
          minimum: 0
      responses:
        '200':
          description: List of VM permissions
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListVmPermissionsSuccess'
  /identity/v1/identities/{identity}/permissions/vm/{vm_id}:
    get:
      tags:
      - Identity
      summary: Get VM Permission Details
      description: Get the details of a VM permission for a specific identity and VM
      operationId: handle_describe_vm_permission
      parameters:
      - name: identity
        in: path
        description: The git identity ID
        required: true
        schema:
          type: string
          format: uuid
      - name: vm_id
        in: path
        description: The VM ID
        required: true
        schema:
          type: string
      responses:
        '200':
          description: VM permission details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/VmPermission'
    put:
      tags:
      - Identity
      summary: Update Allowed Users for VM Permission
      description: Update the list of allowed users for a VM permission. Set to null to allow all users, or provide a list
        to restrict access.
      operationId: handle_update_allowed_users
      parameters:
      - name: identity
        in: path
        description: The git identity ID
        required: true
        schema:
          type: string
          format: uuid
      - name: vm_id
        in: path
        description: The VM ID
        required: true
        schema:
          type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UpdateAllowedUsersRequestBody'
        required: true
      responses:
        '200':
          description: Allowed users updated successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/VmPermission'
    post:
      tags:
      - Identity
      summary: Grant VM Permission to an Identity for a VM
      description: Grant VM access permission to an identity for a specific VM. Optionally restrict access to specific Linux
        users.
      operationId: handle_grant_vm_permission
      parameters:
      - name: identity
        in: path
        description: The git identity ID
        required: true
        schema:
          type: string
          format: uuid
      - name: vm_id
        in: path
        description: The VM ID
        required: true
        schema:
          type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GrantVmPermissionRequest'
        required: true
      responses:
        '200':
          description: VM permission granted successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/VmPermission'
    delete:
      tags:
      - Identity
      summary: Revoke VM Permission From an Identity for a VM
      description: Revoke VM permission from an identity for a specific VM
      operationId: handle_revoke_vm_permission
      parameters:
      - name: identity
        in: path
        description: The git identity ID
        required: true
        schema:
          type: string
          format: uuid
      - name: vm_id
        in: path
        description: The VM ID
        required: true
        schema:
          type: string
      responses:
        '200':
          description: VM permission revoked successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmptyResponse'
  /identity/v1/identities/{identity}/tokens:
    get:
      tags:
      - Identity
      summary: List Access Tokens for an Identity
      description: List access tokens for an identity
      operationId: handle_list_git_tokens
      parameters:
      - name: identity
        in: path
        required: true
        schema:
          type: string
          format: uuid
      responses:
        '200':
          description: Token list
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListGitTokensSuccess'
    post:
      tags:
      - Identity
      summary: Create an Access Token for an Identity
      description: Create an access token for an identity
      operationId: handle_create_git_token
      parameters:
      - name: identity
        in: path
        required: true
        schema:
          type: string
          format: uuid
      responses:
        '200':
          description: Token created successfully
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreatedToken'
  /identity/v1/identities/{identity}/tokens/{token}:
    delete:
      tags:
      - Identity
      summary: Revoke an Access Token for an Identity
      description: Revoke an access token for an identity
      operationId: handle_revoke_git_token
      parameters:
      - name: identity
        in: path
        required: true
        schema:
          type: string
          format: uuid
      - name: token
        in: path
        required: true
        schema:
          type: string
          format: uuid
      responses:
        '200':
          description: Token revoked
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmptyResponse'
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
  schemas:
    ListIdentitiesSuccess:
      type: object
      required:
      - identities
      - offset
      - total
      properties:
        identities:
          type: array
          items:
            $ref: '#/components/schemas/FreestyleIdentity'
        offset:
          type: integer
          format: int64
          minimum: 0
        total:
          type: integer
          format: int64
          minimum: 0
    BackgroundRequestErrorResponse:
      type: object
      required:
      - message
      properties:
        message:
          type: string
    ListGitTokensSuccess:
      type: object
      required:
      - tokens
      properties:
        tokens:
          type: array
          items:
            $ref: '#/components/schemas/AccessTokenInfo'
    DescribeGitPermissionSuccess:
      type: object
      required:
      - identity
      - repo
      properties:
        identity:
          type: string
          format: uuid
        repo:
          type: string
          format: uuid
        accessLevel:
          oneOf:
          - type: 'null'
          - $ref: '#/components/schemas/AccessLevel'
    BackgroundRequestPendingResponse:
      type: object
      required:
      - requestId
      - status
      properties:
        requestId:
          $ref: '#/components/schemas/RequestId'
        status:
          type: string
    AccessTokenInfo:
      type: object
      required:
      - id
      properties:
        id:
          type: string
          format: uuid
    FreestyleIdentity:
      type: object
      required:
      - id
      - managed
      properties:
        id:
          type: string
          format: uuid
        managed:
          type: boolean
    ListVmPermissionsSuccess:
      type: object
      required:
      - permissions
      - offset
      - total
      properties:
        permissions:
          type: array
          items:
            $ref: '#/components/schemas/VmPermission'
        offset:
          type: integer
          format: int64
          minimum: 0
        total:
          type: integer
          format: int64
          minimum: 0
    AccessibleRepository:
      type: object
      description: Identical to [`RepositoryInfo`], but with the permissions field added.
      required:
      - id
      - accountId
      - permissions
      - visibility
      properties:
        id:
          type: string
          format: uuid
        name:
          type:
          - string
          - 'null'
        accountId:
          type: string
          format: uuid
        permissions:
          $ref: '#/components/schemas/AccessLevel'
        visibility:
          $ref: '#/components/schemas/Visibility'
    ListGitPermissionSuccess:
      type: object
      required:
      - repositories
      properties:
        repositories:
          type: array
          items:
            $ref: '#/components/schemas/AccessibleRepository'
    AccessLevel:
      type: string
      enum:
      - read
      - write
    RequestId:
      type: string
      description: "Branded request identifier \u2014 `ri-<20 lowercase alphanumeric chars>` for newly\nminted IDs. The wrapped\
        \ string is otherwise opaque, so legacy UUID-formatted\nIDs (from in-flight requests during rollout) round-trip unchanged."
    UpdateGitPermissionRequest:
      type: object
      required:
      - permission
      properties:
        permission:
          $ref: '#/components/schemas/AccessLevel'
    GrantGitPermissionRequest:
      type: object
      required:
      - permission
      properties:
        permission:
          $ref: '#/components/schemas/AccessLevel'
    VmPermission:
      type: object
      description: Full VM permission record
      required:
      - id
      - vmId
      - identityId
      - grantedAt
      - grantedBy
      properties:
        id:
          type: string
          format: uuid
        vmId:
          type: string
        identityId:
          type: string
          format: uuid
        allowedUsers:
          type:
          - array
          - 'null'
          items:
            type: string
        grantedAt:
          type: string
          format: date-time
        grantedBy:
          type: string
          format: uuid
    GrantVmPermissionRequest:
      type: object
      properties:
        allowedUsers:
          type:
          - array
          - 'null'
          items:
            type: string
          description: 'List of allowed Linux users. If null, identity can SSH as any user.

            If specified, identity can only SSH as users in this list.'
    Visibility:
      type: string
      enum:
      - public
      - private
    EmptyResponse:
      type: object
    WhoAmIResponse:
      type: object
      required:
      - accountId
      properties:
        accountId:
          type: string
          format: uuid
        identityId:
          type:
          - string
          - 'null'
          format: uuid
    UpdateAllowedUsersRequestBody:
      type: object
      properties:
        allowedUsers:
          type:
          - array
          - 'null'
          items:
            type: string
          description: 'List of allowed Linux users. If null, identity can SSH as any user.

            If specified, identity can only SSH as users in this list.'
    CreatedToken:
      type: object
      required:
      - id
      - token
      properties:
        id:
          type: string
          format: uuid
        token:
          type: string
security:
- bearerAuth: []