Overview

This is a REST API reference for the Keycloak Admin

Version information

Version: 1

URI scheme

Host: localhost:8080 BasePath: /auth Schemes: HTTP

Resources

Attack Detection

Clear any user login failures for all users This can release temporary disabled users

DELETE /admin/realms/{realm}/attack-detection/brute-force/users
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get status of a username in brute force detection

GET /admin/realms/{realm}/attack-detection/brute-force/users/{userId}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

userId
required

string

Responses
HTTP Code Description Schema

default

success

object

Produces
  • application/json

Clear any user login failures for the user This can release temporary disabled user

DELETE /admin/realms/{realm}/attack-detection/brute-force/users/{userId}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

userId
required

string

Responses
HTTP Code Description Schema

default

success

No Content

Authentication Management

Get authenticator providers Returns a list of authenticator providers.

GET /admin/realms/{realm}/authentication/authenticator-providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< object > array

Produces
  • application/json

Get client authenticator providers Returns a list of client authenticator providers.

GET /admin/realms/{realm}/authentication/client-authenticator-providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< object > array

Produces
  • application/json

Get authenticator provider’s configuration description

GET /admin/realms/{realm}/authentication/config-description/{providerId}
Parameters
Type Name Description Schema

Path

providerId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

AuthenticatorConfigInfoRepresentation

Produces
  • application/json

Get authenticator configuration

GET /admin/realms/{realm}/authentication/config/{id}
Parameters
Type Name Description Schema

Path

id
required

Configuration id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

AuthenticatorConfigRepresentation

Produces
  • application/json

Update authenticator configuration

PUT /admin/realms/{realm}/authentication/config/{id}
Parameters
Type Name Description Schema

Path

id
required

Configuration id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

JSON describing new state of authenticator configuration

AuthenticatorConfigRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete authenticator configuration

DELETE /admin/realms/{realm}/authentication/config/{id}
Parameters
Type Name Description Schema

Path

id
required

Configuration id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Add new authentication execution

POST /admin/realms/{realm}/authentication/executions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

execution
required

JSON model describing authentication execution

AuthenticationExecutionRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get Single Execution

GET /admin/realms/{realm}/authentication/executions/{executionId}
Parameters
Type Name Description Schema

Path

executionId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Produces
  • application/json

Delete execution

DELETE /admin/realms/{realm}/authentication/executions/{executionId}
Parameters
Type Name Description Schema

Path

executionId
required

Execution id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Update execution with new configuration

POST /admin/realms/{realm}/authentication/executions/{executionId}/config
Parameters
Type Name Description Schema

Path

executionId
required

Execution id

string

Path

realm
required

realm name (not id!)

string

Body

json
required

JSON with new configuration

AuthenticatorConfigRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Lower execution’s priority

POST /admin/realms/{realm}/authentication/executions/{executionId}/lower-priority
Parameters
Type Name Description Schema

Path

executionId
required

Execution id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Raise execution’s priority

POST /admin/realms/{realm}/authentication/executions/{executionId}/raise-priority
Parameters
Type Name Description Schema

Path

executionId
required

Execution id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Create a new authentication flow

POST /admin/realms/{realm}/authentication/flows
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

flow
required

Authentication flow representation

AuthenticationFlowRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get authentication flows Returns a list of authentication flows.

GET /admin/realms/{realm}/authentication/flows
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< AuthenticationFlowRepresentation > array

Produces
  • application/json

Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/copy
Parameters
Type Name Description Schema

Path

flowAlias
required

Name of the existing authentication flow

string

Path

realm
required

realm name (not id!)

string

Body

data
required

JSON containing 'newName' attribute

string

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get authentication executions for a flow

GET /admin/realms/{realm}/authentication/flows/{flowAlias}/executions
Parameters
Type Name Description Schema

Path

flowAlias
required

Flow alias

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Produces
  • application/json

Update authentication executions of a flow

PUT /admin/realms/{realm}/authentication/flows/{flowAlias}/executions
Parameters
Type Name Description Schema

Path

flowAlias
required

Flow alias

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

AuthenticationExecutionInfoRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Add new authentication execution to a flow

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/execution
Parameters
Type Name Description Schema

Path

flowAlias
required

Alias of parent flow

string

Path

realm
required

realm name (not id!)

string

Body

data
required

New execution JSON data containing 'provider' attribute

string

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Add new flow with new execution to existing flow

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/flow
Parameters
Type Name Description Schema

Path

flowAlias
required

Alias of parent authentication flow

string

Path

realm
required

realm name (not id!)

string

Body

data
required

New authentication flow / execution JSON data containing 'alias', 'type', 'provider', and 'description' attributes

string

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get authentication flow for id

GET /admin/realms/{realm}/authentication/flows/{id}
Parameters
Type Name Description Schema

Path

id
required

Flow id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

AuthenticationFlowRepresentation

Produces
  • application/json

Update an authentication flow

PUT /admin/realms/{realm}/authentication/flows/{id}
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

flow
required

Authentication flow representation

AuthenticationFlowRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete an authentication flow

DELETE /admin/realms/{realm}/authentication/flows/{id}
Parameters
Type Name Description Schema

Path

id
required

Flow id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get form action providers Returns a list of form action providers.

GET /admin/realms/{realm}/authentication/form-action-providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< object > array

Produces
  • application/json

Get form providers Returns a list of form providers.

GET /admin/realms/{realm}/authentication/form-providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< object > array

Produces
  • application/json

Get configuration descriptions for all clients

GET /admin/realms/{realm}/authentication/per-client-config-description
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

object

Produces
  • application/json

Register a new required actions

POST /admin/realms/{realm}/authentication/register-required-action
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

data
required

JSON containing 'providerId', and 'name' attributes.

string

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get required actions Returns a list of required actions.

GET /admin/realms/{realm}/authentication/required-actions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RequiredActionProviderRepresentation > array

Produces
  • application/json

Get required action for alias

GET /admin/realms/{realm}/authentication/required-actions/{alias}
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RequiredActionProviderRepresentation

Produces
  • application/json

Update required action

PUT /admin/realms/{realm}/authentication/required-actions/{alias}
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

JSON describing new state of required action

RequiredActionProviderRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete required action

DELETE /admin/realms/{realm}/authentication/required-actions/{alias}
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Lower required action’s priority

POST /admin/realms/{realm}/authentication/required-actions/{alias}/lower-priority
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Raise required action’s priority

POST /admin/realms/{realm}/authentication/required-actions/{alias}/raise-priority
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get unregistered required actions Returns a list of unregistered required actions.

GET /admin/realms/{realm}/authentication/unregistered-required-actions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< object > array

Produces
  • application/json

Client Attribute Certificate

Get key info

GET /admin/realms/{realm}/clients/{id}/certificates/{attr}
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CertificateRepresentation

Produces
  • application/json

Get a keystore file for the client, containing private key and public certificate

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/download
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

config
required

Keystore configuration as JSON

KeyStoreConfig

Responses
HTTP Code Description Schema

default

success

< string(byte) > array

Consumes
  • application/json

Produces
  • application/octet-stream

Generate a new certificate with new key pair

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/generate
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CertificateRepresentation

Produces
  • application/json

Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format.

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/generate-and-download
Description

Only generated public certificate is saved in Keycloak DB - the private key is not.

Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

config
required

Keystore configuration as JSON

KeyStoreConfig

Responses
HTTP Code Description Schema

default

success

< string(byte) > array

Consumes
  • application/json

Produces
  • application/octet-stream

Upload certificate and eventually private key

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/upload
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

FormData

input
required

file

Responses
HTTP Code Description Schema

default

success

CertificateRepresentation

Consumes
  • multipart/form-data

Produces
  • application/json

Upload only certificate, not private key

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/upload-certificate
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

FormData

input
required

file

Responses
HTTP Code Description Schema

default

success

CertificateRepresentation

Consumes
  • multipart/form-data

Produces
  • application/json

Client Initial Access

Create a new initial access token.

POST /admin/realms/{realm}/clients-initial-access
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

config
required

ClientInitialAccessCreatePresentation

Responses
HTTP Code Description Schema

default

success

ClientInitialAccessPresentation

Consumes
  • application/json

Produces
  • application/json

GET /admin/realms/{realm}/clients-initial-access

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ClientInitialAccessPresentation > array

Produces
  • application/json

DELETE /admin/realms/{realm}/clients-initial-access/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Client Registration Policy

Base path for retrieve providers with the configProperties properly filled

GET /admin/realms/{realm}/client-registration-policy/providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ComponentTypeRepresentation > array

Produces
  • application/json

Client Role Mappings

Add client-level roles to the user role mapping

POST /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get client-level role mappings for the user, and the app

GET /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Delete client-level roles from user role mapping

DELETE /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get available client-level roles that can be mapped to the user

GET /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}/available
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get effective client-level role mappings This recurses any composite roles

GET /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}/composite
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Add client-level roles to the user role mapping

POST /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get client-level role mappings for the user, and the app

GET /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Delete client-level roles from user role mapping

DELETE /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get available client-level roles that can be mapped to the user

GET /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}/available
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get effective client-level role mappings This recurses any composite roles

GET /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}/composite
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Client Scopes

Create a new client scope Client Scope’s name must be unique!

POST /admin/realms/{realm}/client-scopes
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

ClientScopeRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm

GET /admin/realms/{realm}/client-scopes
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ClientScopeRepresentation > array

Produces
  • application/json

Get representation of the client scope

GET /admin/realms/{realm}/client-scopes/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ClientScopeRepresentation

Produces
  • application/json

Update the client scope

PUT /admin/realms/{realm}/client-scopes/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ClientScopeRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the client scope

DELETE /admin/realms/{realm}/client-scopes/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Clients

Create a new client Client’s client_id must be unique!

POST /admin/realms/{realm}/clients
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

ClientRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get clients belonging to the realm Returns a list of clients belonging to the realm

GET /admin/realms/{realm}/clients
Parameters
Type Name Description Schema Default

Path

realm
required

realm name (not id!)

string

Query

clientId
optional

filter by clientId

string

Query

viewableOnly
optional

filter clients that cannot be viewed in full by admin

boolean

"false"

Responses
HTTP Code Description Schema

default

success

< ClientRepresentation > array

Produces
  • application/json

Get representation of the client

GET /admin/realms/{realm}/clients/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ClientRepresentation

Produces
  • application/json

Update the client

PUT /admin/realms/{realm}/clients/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ClientRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the client

DELETE /admin/realms/{realm}/clients/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Generate a new secret for the client

POST /admin/realms/{realm}/clients/{id}/client-secret
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CredentialRepresentation

Consumes
  • application/json

Produces
  • application/json

Get the client secret

GET /admin/realms/{realm}/clients/{id}/client-secret
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CredentialRepresentation

Produces
  • application/json

Get default client scopes.

GET /admin/realms/{realm}/clients/{id}/default-client-scopes
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ClientScopeRepresentation > array

Produces
  • application/json

PUT /admin/realms/{realm}/clients/{id}/default-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /admin/realms/{realm}/clients/{id}/default-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Create JSON with payload of example access token

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/generate-example-access-token
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

scope
optional

string

Query

userId
optional

string

Responses
HTTP Code Description Schema

default

success

AccessToken

Produces
  • application/json

Return list of all protocol mappers, which will be used when generating tokens issued for particular client.

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/protocol-mappers
Description

This means protocol mappers assigned to this client directly and protocol mappers assigned to all client scopes of this client.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

scope
optional

string

Responses
HTTP Code Description Schema

default

success

< ClientScopeEvaluateResource-ProtocolMapperEvaluationRepresentation > array

Produces
  • application/json

Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted
Description

This contains scope mappings, which this client has directly, as well as scope mappings, which are granted to all client scopes, which are linked with this client.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

roleContainerId
required

either realm name OR client UUID

string

Query

scope
optional

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted
Description

Defacto all the other roles of particular role container, which are not in {@link #getGrantedScopeMappings()}

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

roleContainerId
required

either realm name OR client UUID

string

Query

scope
optional

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

GET /admin/realms/{realm}/clients/{id}/installation/providers/{providerId}

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

providerId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Return object stating whether client Authorization permissions have been initialized or not and a reference

GET /admin/realms/{realm}/clients/{id}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether client Authorization permissions have been initialized or not and a reference

PUT /admin/realms/{realm}/clients/{id}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to Keycloak

POST /admin/realms/{realm}/clients/{id}/nodes
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

formParams
required

string

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Unregister a cluster node from the client

DELETE /admin/realms/{realm}/clients/{id}/nodes/{node}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

node
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get application offline session count Returns a number of offline user sessions associated with this client { "count": number }

GET /admin/realms/{realm}/clients/{id}/offline-session-count
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

object

Produces
  • application/json

Get offline sessions for client Returns a list of offline user sessions associated with this client

GET /admin/realms/{realm}/clients/{id}/offline-sessions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

first
optional

Paging offset

integer(int32)

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Responses
HTTP Code Description Schema

default

success

< UserSessionRepresentation > array

Produces
  • application/json

Get optional client scopes.

GET /admin/realms/{realm}/clients/{id}/optional-client-scopes
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ClientScopeRepresentation > array

Produces
  • application/json

PUT /admin/realms/{realm}/clients/{id}/optional-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /admin/realms/{realm}/clients/{id}/optional-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.

POST /admin/realms/{realm}/clients/{id}/push-revocation
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GlobalRequestResult

Produces
  • application/json

Generate a new registration access token for the client

POST /admin/realms/{realm}/clients/{id}/registration-access-token
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ClientRepresentation

Consumes
  • application/json

Produces
  • application/json

Get a user dedicated to the service account

GET /admin/realms/{realm}/clients/{id}/service-account-user
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

UserRepresentation

Produces
  • application/json

Get application session count Returns a number of user sessions associated with this client { "count": number }

GET /admin/realms/{realm}/clients/{id}/session-count
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

object

Produces
  • application/json

Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.

GET /admin/realms/{realm}/clients/{id}/test-nodes-available
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GlobalRequestResult

Produces
  • application/json

Get user sessions for client Returns a list of user sessions associated with this client

GET /admin/realms/{realm}/clients/{id}/user-sessions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

first
optional

Paging offset

integer(int32)

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Responses
HTTP Code Description Schema

default

success

< UserSessionRepresentation > array

Produces
  • application/json

Component

POST /admin/realms/{realm}/components

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

ComponentRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

GET /admin/realms/{realm}/components

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

name
optional

string

Query

parent
optional

string

Query

type
optional

string

Responses
HTTP Code Description Schema

default

success

< ComponentRepresentation > array

Produces
  • application/json

GET /admin/realms/{realm}/components/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ComponentRepresentation

Produces
  • application/json

PUT /admin/realms/{realm}/components/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ComponentRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

DELETE /admin/realms/{realm}/components/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

List of subcomponent types that are available to configure for a particular parent component.

GET /admin/realms/{realm}/components/{id}/sub-component-types
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Query

type
optional

string

Responses
HTTP Code Description Schema

default

success

< ComponentTypeRepresentation > array

Produces
  • application/json

Groups

create or add a top level realm groupSet or create child.

POST /admin/realms/{realm}/groups
Description

This will update the group and set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

GroupRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get group hierarchy.

GET /admin/realms/{realm}/groups
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

first
optional

integer(int32)

Query

max
optional

integer(int32)

Query

search
optional

string

Responses
HTTP Code Description Schema

default

success

< GroupRepresentation > array

Produces
  • application/json

Returns the groups counts.

GET /admin/realms/{realm}/groups/count
Parameters
Type Name Description Schema Default

Path

realm
required

realm name (not id!)

string

Query

search
optional

string

Query

top
optional

boolean

"false"

Responses
HTTP Code Description Schema

default

success

object

Produces
  • application/json

GET /admin/realms/{realm}/groups/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GroupRepresentation

Produces
  • application/json

Update group, ignores subgroups.

PUT /admin/realms/{realm}/groups/{id}
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

GroupRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

DELETE /admin/realms/{realm}/groups/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Set or create child.

POST /admin/realms/{realm}/groups/{id}/children
Description

This will just set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

GroupRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Produces
  • application/json

Return object stating whether client Authorization permissions have been initialized or not and a reference

GET /admin/realms/{realm}/groups/{id}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether client Authorization permissions have been initialized or not and a reference

PUT /admin/realms/{realm}/groups/{id}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Get users Returns a list of users, filtered according to query parameters

GET /admin/realms/{realm}/groups/{id}/members
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Query

first
optional

Pagination offset

integer(int32)

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Responses
HTTP Code Description Schema

default

success

< UserRepresentation > array

Produces
  • application/json

Identity Providers

Import identity provider from uploaded JSON file

POST /admin/realms/{realm}/identity-provider/import-config
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

FormData

input
required

file

Responses
HTTP Code Description Schema

default

success

object

Consumes
  • multipart/form-data

Produces
  • application/json

Create a new identity provider

POST /admin/realms/{realm}/identity-provider/instances
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

representation
required

JSON body

IdentityProviderRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get identity providers

GET /admin/realms/{realm}/identity-provider/instances
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< IdentityProviderRepresentation > array

Produces
  • application/json

Get the identity provider

GET /admin/realms/{realm}/identity-provider/instances/{alias}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

IdentityProviderRepresentation

Produces
  • application/json

Update the identity provider

PUT /admin/realms/{realm}/identity-provider/instances/{alias}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Body

providerRep
required

IdentityProviderRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the identity provider

DELETE /admin/realms/{realm}/identity-provider/instances/{alias}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Export public broker configuration for identity provider

GET /admin/realms/{realm}/identity-provider/instances/{alias}/export
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Query

format
optional

Format to use

string

Responses
HTTP Code Description Schema

default

success

Response

Return object stating whether client Authorization permissions have been initialized or not and a reference

GET /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether client Authorization permissions have been initialized or not and a reference

PUT /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Get mapper types for identity provider

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mapper-types
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

object

Add a mapper to identity provider

POST /admin/realms/{realm}/identity-provider/instances/{alias}/mappers
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Body

mapper
required

IdentityProviderMapperRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get mappers for identity provider

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< IdentityProviderMapperRepresentation > array

Produces
  • application/json

Get mapper by id for the identity provider

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

IdentityProviderMapperRepresentation

Produces
  • application/json

Update a mapper for the identity provider

PUT /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

IdentityProviderMapperRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete a mapper for the identity provider

DELETE /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get identity providers

GET /admin/realms/{realm}/identity-provider/providers/{provider_id}
Parameters
Type Name Description Schema

Path

provider_id
required

Provider id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Produces
  • application/json

Key

GET /admin/realms/{realm}/keys

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

KeysMetadataRepresentation

Produces
  • application/json

Protocol Mappers

Create multiple mappers

POST /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/add-models
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

reps
required

< ProtocolMapperRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Create a mapper

POST /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ProtocolMapperRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get mappers

GET /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ProtocolMapperRepresentation > array

Produces
  • application/json

Get mapper by id

GET /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ProtocolMapperRepresentation

Produces
  • application/json

Update the mapper

PUT /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ProtocolMapperRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete the mapper

DELETE /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get mappers by name for a specific protocol

GET /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol}
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

protocol
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ProtocolMapperRepresentation > array

Produces
  • application/json

Create multiple mappers

POST /admin/realms/{realm}/clients/{id}/protocol-mappers/add-models
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

reps
required

< ProtocolMapperRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Create a mapper

POST /admin/realms/{realm}/clients/{id}/protocol-mappers/models
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ProtocolMapperRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get mappers

GET /admin/realms/{realm}/clients/{id}/protocol-mappers/models
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ProtocolMapperRepresentation > array

Produces
  • application/json

Get mapper by id

GET /admin/realms/{realm}/clients/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ProtocolMapperRepresentation

Produces
  • application/json

Update the mapper

PUT /admin/realms/{realm}/clients/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ProtocolMapperRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete the mapper

DELETE /admin/realms/{realm}/clients/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get mappers by name for a specific protocol

GET /admin/realms/{realm}/clients/{id}/protocol-mappers/protocol/{protocol}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

protocol
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ProtocolMapperRepresentation > array

Produces
  • application/json

Realms Admin

Import a realm Imports a realm from a full representation of that realm.

POST /admin/realms
Description

Realm name must be unique.

Parameters
Type Name Description Schema

Body

rep
required

JSON representation of the realm

RealmRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get accessible realms Returns a list of accessible realms.

GET /admin/realms
Description

The list is filtered based on what realms the caller is allowed to view.

Responses
HTTP Code Description Schema

default

success

< RealmRepresentation > array

Produces
  • application/json

Get the top-level representation of the realm It will not include nested information like User and Client representations.

GET /admin/realms/{realm}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RealmRepresentation

Produces
  • application/json

Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.

PUT /admin/realms/{realm}
Description

This will only update top-level attributes of the realm.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

RealmRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the realm

DELETE /admin/realms/{realm}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get admin events Returns all admin events, or filters events based on URL query parameters listed here

GET /admin/realms/{realm}/admin-events
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

authClient
optional

string

Query

authIpAddress
optional

string

Query

authRealm
optional

string

Query

authUser
optional

user id

string

Query

dateFrom
optional

string

Query

dateTo
optional

string

Query

first
optional

integer(int32)

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Query

operationTypes
optional

< string > array(csv)

Query

resourcePath
optional

string

Query

resourceTypes
optional

< string > array(csv)

Responses
HTTP Code Description Schema

default

success

< AdminEventRepresentation > array

Produces
  • application/json

Delete all admin events

DELETE /admin/realms/{realm}/admin-events
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Clear cache of external public keys (Public keys of clients or Identity providers)

POST /admin/realms/{realm}/clear-keys-cache
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Clear realm cache

POST /admin/realms/{realm}/clear-realm-cache
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Clear user cache

POST /admin/realms/{realm}/clear-user-cache
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Base path for importing clients under this realm.

POST /admin/realms/{realm}/client-description-converter
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

description
required

string

Responses
HTTP Code Description Schema

default

success

ClientRepresentation

Consumes
  • application/json

  • application/xml

  • text/plain

Produces
  • application/json

Get client session stats Returns a JSON map.

GET /admin/realms/{realm}/client-session-stats
Description

The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< object > array

Produces
  • application/json

Get realm default client scopes.

GET /admin/realms/{realm}/default-default-client-scopes
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ClientScopeRepresentation > array

Produces
  • application/json

PUT /admin/realms/{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /admin/realms/{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get group hierarchy.

GET /admin/realms/{realm}/default-groups
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< GroupRepresentation > array

Produces
  • application/json

PUT /admin/realms/{realm}/default-groups/{groupId}

Parameters
Type Name Description Schema

Path

groupId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /admin/realms/{realm}/default-groups/{groupId}

Parameters
Type Name Description Schema

Path

groupId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get realm optional client scopes.

GET /admin/realms/{realm}/default-optional-client-scopes
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< ClientScopeRepresentation > array

Produces
  • application/json

PUT /admin/realms/{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /admin/realms/{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get events Returns all events, or filters them based on URL query parameters listed here

GET /admin/realms/{realm}/events
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

client
optional

App or oauth client name

string

Query

dateFrom
optional

From date

string

Query

dateTo
optional

To date

string

Query

first
optional

Paging offset

integer(int32)

Query

ipAddress
optional

IP address

string

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Query

type
optional

The types of events to return

< string > array(csv)

Query

user
optional

User id

string

Responses
HTTP Code Description Schema

default

success

< EventRepresentation > array

Produces
  • application/json

Delete all events

DELETE /admin/realms/{realm}/events
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get the events provider configuration Returns JSON object with events provider configuration

GET /admin/realms/{realm}/events/config
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RealmEventsConfigRepresentation

Produces
  • application/json

Update the events provider Change the events provider and/or its configuration

PUT /admin/realms/{realm}/events/config
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

RealmEventsConfigRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

GET /admin/realms/{realm}/group-by-path/{path}

Parameters
Type Name Description Schema

Path

path
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GroupRepresentation

Produces
  • application/json

Removes all user sessions.

POST /admin/realms/{realm}/logout-all
Description

Any client that has an admin url will also be told to invalidate any sessions they have.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GlobalRequestResult

Partial export of existing realm into a JSON file.

POST /admin/realms/{realm}/partial-export
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

exportClients
optional

boolean

Query

exportGroupsAndRoles
optional

boolean

Responses
HTTP Code Description Schema

default

success

RealmRepresentation

Produces
  • application/json

Partial import from a JSON file to an existing realm.

POST /admin/realms/{realm}/partialImport
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

PartialImportRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Push the realm’s revocation policy to any client that has an admin url associated with it.

POST /admin/realms/{realm}/push-revocation
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GlobalRequestResult

Remove a specific user session.

DELETE /admin/realms/{realm}/sessions/{session}
Description

Any client that has an admin url will also be told to invalidate this particular session.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

session
required

string

Responses
HTTP Code Description Schema

default

success

No Content

Test LDAP connection

POST /admin/realms/{realm}/testLDAPConnection
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

FormData

action
optional

string

FormData

bindCredential
optional

string

FormData

bindDn
optional

string

FormData

componentId
optional

string

FormData

connectionTimeout
optional

string

FormData

connectionUrl
optional

string

FormData

useTruststoreSpi
optional

string

Responses
HTTP Code Description Schema

default

success

Response

Test SMTP connection with current logged in user

POST /admin/realms/{realm}/testSMTPConnection/{config}
Parameters
Type Name Description Schema

Path

config
required

SMTP server configuration

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

GET /admin/realms/{realm}/users-management-permissions

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

PUT /admin/realms/{realm}/users-management-permissions

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Role Mapper

Get role mappings

GET /admin/realms/{realm}/groups/{id}/role-mappings
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

MappingsRepresentation

Produces
  • application/json

Add realm-level role mappings to the user

POST /admin/realms/{realm}/groups/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

Roles to add

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level role mappings

GET /admin/realms/{realm}/groups/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Delete realm-level role mappings

DELETE /admin/realms/{realm}/groups/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles that can be mapped

GET /admin/realms/{realm}/groups/{id}/role-mappings/realm/available
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get effective realm-level role mappings This will recurse all composite roles to get the result.

GET /admin/realms/{realm}/groups/{id}/role-mappings/realm/composite
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get role mappings

GET /admin/realms/{realm}/users/{id}/role-mappings
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

MappingsRepresentation

Produces
  • application/json

Add realm-level role mappings to the user

POST /admin/realms/{realm}/users/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

Roles to add

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level role mappings

GET /admin/realms/{realm}/users/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Delete realm-level role mappings

DELETE /admin/realms/{realm}/users/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles that can be mapped

GET /admin/realms/{realm}/users/{id}/role-mappings/realm/available
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get effective realm-level role mappings This will recurse all composite roles to get the result.

GET /admin/realms/{realm}/users/{id}/role-mappings/realm/composite
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Roles

Create a new role for the realm or client

POST /admin/realms/{realm}/clients/{id}/roles
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get all roles for the realm or client

GET /admin/realms/{realm}/clients/{id}/roles
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get a role by name

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RoleRepresentation

Produces
  • application/json

Update a role by name

PUT /admin/realms/{realm}/clients/{id}/roles/{role-name}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete a role by name

DELETE /admin/realms/{realm}/clients/{id}/roles/{role-name}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Add a composite to the role

POST /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get composites of the role

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Remove roles from the role’s composite

DELETE /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

roles
required

roles to remove

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

An app-level roles for the specified app for the role’s composite

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get realm-level roles of the role’s composite

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites/realm
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

PUT /admin/realms/{realm}/clients/{id}/roles/{role-name}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Return List of Users that have the specified role name

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/users
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Query

first
optional

integer(int32)

Query

max
optional

integer(int32)

Responses
HTTP Code Description Schema

default

success

< UserRepresentation > array

Produces
  • application/json

Create a new role for the realm or client

POST /admin/realms/{realm}/roles
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get all roles for the realm or client

GET /admin/realms/{realm}/roles
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get a role by name

GET /admin/realms/{realm}/roles/{role-name}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RoleRepresentation

Produces
  • application/json

Update a role by name

PUT /admin/realms/{realm}/roles/{role-name}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete a role by name

DELETE /admin/realms/{realm}/roles/{role-name}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Add a composite to the role

POST /admin/realms/{realm}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get composites of the role

GET /admin/realms/{realm}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Remove roles from the role’s composite

DELETE /admin/realms/{realm}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

roles
required

roles to remove

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

An app-level roles for the specified app for the role’s composite

GET /admin/realms/{realm}/roles/{role-name}/composites/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get realm-level roles of the role’s composite

GET /admin/realms/{realm}/roles/{role-name}/composites/realm
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

GET /admin/realms/{realm}/roles/{role-name}/management/permissions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

PUT /admin/realms/{realm}/roles/{role-name}/management/permissions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Return List of Users that have the specified role name

GET /admin/realms/{realm}/roles/{role-name}/users
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Query

first
optional

integer(int32)

Query

max
optional

integer(int32)

Responses
HTTP Code Description Schema

default

success

< UserRepresentation > array

Produces
  • application/json

Roles (by ID)

Get a specific role’s representation

GET /admin/realms/{realm}/roles-by-id/{role-id}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

id of role

string

Responses
HTTP Code Description Schema

default

success

RoleRepresentation

Produces
  • application/json

Update the role

PUT /admin/realms/{realm}/roles-by-id/{role-id}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

id of role

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete the role

DELETE /admin/realms/{realm}/roles-by-id/{role-id}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

id of role

string

Responses
HTTP Code Description Schema

default

success

No Content

Make the role a composite role by associating some child roles

POST /admin/realms/{realm}/roles-by-id/{role-id}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get role’s children Returns a set of role’s children provided the role is a composite.

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Remove a set of roles from the role’s composite

DELETE /admin/realms/{realm}/roles-by-id/{role-id}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

Role id

string

Body

roles
required

A set of roles to be removed

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get client-level roles for the client that are in the role’s composite

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get realm-level roles that are in the role’s composite

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/realm
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

GET /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

PUT /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Scope Mappings

Get all scope mappings for the client

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

MappingsRepresentation

Produces
  • application/json

Add client-level roles to the client’s scope

POST /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get the roles associated with a client’s scope Returns roles for the client.

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Remove client-level roles from the client’s scope.

DELETE /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Add a set of realm-level roles to the client’s scope

POST /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles associated with the client’s scope

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Remove a set of realm-level roles from the client’s scope

DELETE /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles that are available to attach to this client’s scope

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm/available
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm/composite
Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get all scope mappings for the client

GET /admin/realms/{realm}/clients/{id}/scope-mappings
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

MappingsRepresentation

Produces
  • application/json

Add client-level roles to the client’s scope

POST /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get the roles associated with a client’s scope Returns roles for the client.

GET /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Remove client-level roles from the client’s scope.

DELETE /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

GET /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}/available
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

GET /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}/composite
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Add a set of realm-level roles to the client’s scope

POST /admin/realms/{realm}/clients/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles associated with the client’s scope

GET /admin/realms/{realm}/clients/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Remove a set of realm-level roles from the client’s scope

DELETE /admin/realms/{realm}/clients/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles that are available to attach to this client’s scope

GET /admin/realms/{realm}/clients/{id}/scope-mappings/realm/available
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

GET /admin/realms/{realm}/clients/{id}/scope-mappings/realm/composite
Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< RoleRepresentation > array

Produces
  • application/json

Server Info

Get themes, social providers, auth providers, and event listeners available on this server

GET /admin/serverinfo
Responses
HTTP Code Description Schema

default

success

ServerInfoRepresentation

Produces
  • application/json

User Storage Provider

Need this for admin console to display simple name of provider when displaying user detail KEYCLOAK-4328

GET /admin/realms/{realm}/user-storage/{id}/name
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

object

Produces
  • application/json

Remove imported users

POST /admin/realms/{realm}/user-storage/{id}/remove-imported-users
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Trigger sync of users Action can be "triggerFullSync" or "triggerChangedUsersSync"

POST /admin/realms/{realm}/user-storage/{id}/sync
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Query

action
optional

string

Responses
HTTP Code Description Schema

default

success

SynchronizationResult

Produces
  • application/json

Unlink imported users from a storage provider

POST /admin/realms/{realm}/user-storage/{id}/unlink-users
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Trigger sync of mapper data related to ldap mapper (roles, groups, …​) direction is "fedToKeycloak" or "keycloakToFed"

POST /admin/realms/{realm}/user-storage/{parentId}/mappers/{id}/sync
Parameters
Type Name Description Schema

Path

id
required

string

Path

parentId
required

string

Path

realm
required

realm name (not id!)

string

Query

direction
optional

string

Responses
HTTP Code Description Schema

default

success

SynchronizationResult

Produces
  • application/json

Need this for admin console to display simple name of provider when displaying client detail KEYCLOAK-4328

GET /{id}/name
Parameters
Type Name Schema

Path

id
required

string

Responses
HTTP Code Description Schema

default

success

object

Produces
  • application/json

Users

Create a new user Username must be unique.

POST /admin/realms/{realm}/users
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

UserRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get users Returns a list of users, filtered according to query parameters

GET /admin/realms/{realm}/users
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

email
optional

string

Query

first
optional

integer(int32)

Query

firstName
optional

string

Query

lastName
optional

string

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Query

search
optional

A String contained in username, first or last name, or email

string

Query

username
optional

string

Responses
HTTP Code Description Schema

default

success

< UserRepresentation > array

Produces
  • application/json

GET /admin/realms/{realm}/users/count

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

integer(int32)

Produces
  • application/json

Get representation of the user

GET /admin/realms/{realm}/users/{id}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

UserRepresentation

Produces
  • application/json

Update the user

PUT /admin/realms/{realm}/users/{id}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

UserRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the user

DELETE /admin/realms/{realm}/users/{id}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Get consents granted by the user

GET /admin/realms/{realm}/users/{id}/consents
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< object > array

Produces
  • application/json

Revoke consent and offline tokens for particular client from user

DELETE /admin/realms/{realm}/users/{id}/consents/{client}
Parameters
Type Name Description Schema

Path

client
required

Client id

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Disable all credentials for a user of a specific type

PUT /admin/realms/{realm}/users/{id}/disable-credential-types
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

credentialTypes
required

< string > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Send a update account email to the user An email contains a link the user can click to perform a set of required actions.

PUT /admin/realms/{realm}/users/{id}/execute-actions-email
Description

The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.

Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Query

client_id
optional

Client id

string

Query

lifespan
optional

Number of seconds after which the generated token expires

integer(int32)

Query

redirect_uri
optional

Redirect uri

string

Body

actions
required

required actions the user needs to complete

< string > array

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get social logins associated with the user

GET /admin/realms/{realm}/users/{id}/federated-identity
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< FederatedIdentityRepresentation > array

Produces
  • application/json

Add a social login provider to the user

POST /admin/realms/{realm}/users/{id}/federated-identity/{provider}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

provider
required

Social login provider id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

FederatedIdentityRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Remove a social login provider from user

DELETE /admin/realms/{realm}/users/{id}/federated-identity/{provider}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

provider
required

Social login provider id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

GET /admin/realms/{realm}/users/{id}/groups

Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< GroupRepresentation > array

Produces
  • application/json

PUT /admin/realms/{realm}/users/{id}/groups/{groupId}

Parameters
Type Name Description Schema

Path

groupId
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /admin/realms/{realm}/users/{id}/groups/{groupId}

Parameters
Type Name Description Schema

Path

groupId
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Impersonate the user

POST /admin/realms/{realm}/users/{id}/impersonation
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

object

Produces
  • application/json

Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.

POST /admin/realms/{realm}/users/{id}/logout
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get offline sessions associated with the user and client

GET /admin/realms/{realm}/users/{id}/offline-sessions/{clientId}
Parameters
Type Name Description Schema

Path

clientId
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< UserSessionRepresentation > array

Produces
  • application/json

Remove TOTP from the user

PUT /admin/realms/{realm}/users/{id}/remove-totp
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Set up a temporary password for the user User will have to reset the temporary password next time they log in.

PUT /admin/realms/{realm}/users/{id}/reset-password
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

pass
required

A Temporary password

CredentialRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Send an email-verification email to the user An email contains a link the user can click to verify their email address.

PUT /admin/realms/{realm}/users/{id}/send-verify-email
Description

The redirectUri and clientId parameters are optional. The default for the redirect is the account client.

Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Query

client_id
optional

Client id

string

Query

redirect_uri
optional

Redirect uri

string

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get sessions associated with the user

GET /admin/realms/{realm}/users/{id}/sessions
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

< UserSessionRepresentation > array

Produces
  • application/json

Root

CORS preflight

OPTIONS /{any}
Responses
HTTP Code Description Schema

default

success

Response

Definitions

AccessToken

Name Schema

acr
optional

string

address
optional

AddressClaimSet

allowed-origins
optional

< string > array

at_hash
optional

string

auth_time
optional

integer(int32)

authorization
optional

AccessToken-Authorization

azp
optional

string

birthdate
optional

string

c_hash
optional

string

claims_locales
optional

string

cnf
optional

AccessToken-CertConf

email
optional

string

email_verified
optional

boolean

exp
optional

integer(int32)

family_name
optional

string

gender
optional

string

given_name
optional

string

iat
optional

integer(int32)

iss
optional

string

jti
optional

string

locale
optional

string

middle_name
optional

string

name
optional

string

nickname
optional

string

nonce
optional

string

otherClaims
optional

object

phone_number
optional

string

phone_number_verified
optional

boolean

picture
optional

string

preferred_username
optional

string

profile
optional

string

realm_access
optional

AccessToken-Access

s_hash
optional

string

scope
optional

string

session_state
optional

string

sub
optional

string

trusted-certs
optional

< string > array

typ
optional

string

updated_at
optional

integer(int64)

website
optional

string

zoneinfo
optional

string

AccessToken-Access

Name Schema

roles
optional

< string > array

verify_caller
optional

boolean

AccessToken-Authorization

Name Schema

permissions
optional

< Permission > array

AccessToken-CertConf

Name Schema

x5t#S256
optional

string

AddressClaimSet

Name Schema

country
optional

string

formatted
optional

string

locality
optional

string

postal_code
optional

string

region
optional

string

street_address
optional

string

AdminEventRepresentation

Name Schema

authDetails
optional

AuthDetailsRepresentation

error
optional

string

operationType
optional

string

realmId
optional

string

representation
optional

string

resourcePath
optional

string

resourceType
optional

string

time
optional

integer(int64)

AuthDetailsRepresentation

Name Schema

clientId
optional

string

ipAddress
optional

string

realmId
optional

string

userId
optional

string

AuthenticationExecutionExportRepresentation

Name Schema

authenticator
optional

string

authenticatorConfig
optional

string

authenticatorFlow
optional

boolean

autheticatorFlow
optional

boolean

flowAlias
optional

string

priority
optional

integer(int32)

requirement
optional

string

userSetupAllowed
optional

boolean

AuthenticationExecutionInfoRepresentation

Name Schema

alias
optional

string

authenticationConfig
optional

string

authenticationFlow
optional

boolean

configurable
optional

boolean

displayName
optional

string

flowId
optional

string

id
optional

string

index
optional

integer(int32)

level
optional

integer(int32)

providerId
optional

string

requirement
optional

string

requirementChoices
optional

< string > array

AuthenticationExecutionRepresentation

Name Schema

authenticator
optional

string

authenticatorConfig
optional

string

authenticatorFlow
optional

boolean

autheticatorFlow
optional

boolean

flowId
optional

string

id
optional

string

parentFlow
optional

string

priority
optional

integer(int32)

requirement
optional

string

AuthenticationFlowRepresentation

Name Schema

alias
optional

string

authenticationExecutions
optional

< AuthenticationExecutionExportRepresentation > array

builtIn
optional

boolean

description
optional

string

id
optional

string

providerId
optional

string

topLevel
optional

boolean

AuthenticatorConfigInfoRepresentation

Name Schema

helpText
optional

string

name
optional

string

properties
optional

< ConfigPropertyRepresentation > array

providerId
optional

string

AuthenticatorConfigRepresentation

Name Schema

alias
optional

string

config
optional

object

id
optional

string

CertificateRepresentation

Name Schema

certificate
optional

string

kid
optional

string

privateKey
optional

string

publicKey
optional

string

ClientInitialAccessCreatePresentation

Name Schema

count
optional

integer(int32)

expiration
optional

integer(int32)

ClientInitialAccessPresentation

Name Schema

count
optional

integer(int32)

expiration
optional

integer(int32)

id
optional

string

remainingCount
optional

integer(int32)

timestamp
optional

integer(int32)

token
optional

string

ClientMappingsRepresentation

Name Schema

client
optional

string

id
optional

string

mappings
optional

< RoleRepresentation > array

ClientRepresentation

Name Schema

access
optional

object

adminUrl
optional

string

attributes
optional

object

authenticationFlowBindingOverrides
optional

object

authorizationServicesEnabled
optional

boolean

authorizationSettings
optional

ResourceServerRepresentation

baseUrl
optional

string

bearerOnly
optional

boolean

clientAuthenticatorType
optional

string

clientId
optional

string

consentRequired
optional

boolean

defaultClientScopes
optional

< string > array

defaultRoles
optional

< string > array

description
optional

string

directAccessGrantsEnabled
optional

boolean

enabled
optional

boolean

frontchannelLogout
optional

boolean

fullScopeAllowed
optional

boolean

id
optional

string

implicitFlowEnabled
optional

boolean

name
optional

string

nodeReRegistrationTimeout
optional

integer(int32)

notBefore
optional

integer(int32)

optionalClientScopes
optional

< string > array

origin
optional

string

protocol
optional

string

protocolMappers
optional

< ProtocolMapperRepresentation > array

publicClient
optional

boolean

redirectUris
optional

< string > array

registeredNodes
optional

object

registrationAccessToken
optional

string

rootUrl
optional

string

secret
optional

string

serviceAccountsEnabled
optional

boolean

standardFlowEnabled
optional

boolean

surrogateAuthRequired
optional

boolean

webOrigins
optional

< string > array

ClientScopeEvaluateResource-ProtocolMapperEvaluationRepresentation

Name Schema

containerId
optional

string

containerName
optional

string

containerType
optional

string

mapperId
optional

string

mapperName
optional

string

protocolMapper
optional

string

ClientScopeRepresentation

Name Schema

attributes
optional

object

description
optional

string

id
optional

string

name
optional

string

protocol
optional

string

protocolMappers
optional

< ProtocolMapperRepresentation > array

ComponentExportRepresentation

Name Schema

config
optional

MultivaluedHashMap

id
optional

string

name
optional

string

providerId
optional

string

subComponents
optional

MultivaluedHashMap

subType
optional

string

ComponentRepresentation

Name Schema

config
optional

MultivaluedHashMap

id
optional

string

name
optional

string

parentId
optional

string

providerId
optional

string

providerType
optional

string

subType
optional

string

ComponentTypeRepresentation

Name Schema

helpText
optional

string

id
optional

string

metadata
optional

object

properties
optional

< ConfigPropertyRepresentation > array

ConfigPropertyRepresentation

Name Schema

defaultValue
optional

Object

helpText
optional

string

label
optional

string

name
optional

string

options
optional

< string > array

secret
optional

boolean

type
optional

string

CredentialRepresentation

Name Schema

algorithm
optional

string

config
optional

MultivaluedHashMap

counter
optional

integer(int32)

createdDate
optional

integer(int64)

device
optional

string

digits
optional

integer(int32)

hashIterations
optional

integer(int32)

hashedSaltedValue
optional

string

period
optional

integer(int32)

salt
optional

string

temporary
optional

boolean

type
optional

string

value
optional

string

EventRepresentation

Name Schema

clientId
optional

string

details
optional

object

error
optional

string

ipAddress
optional

string

realmId
optional

string

sessionId
optional

string

time
optional

integer(int64)

type
optional

string

userId
optional

string

FederatedIdentityRepresentation

Name Schema

identityProvider
optional

string

userId
optional

string

userName
optional

string

GlobalRequestResult

Name Schema

failedRequests
optional

< string > array

successRequests
optional

< string > array

GroupRepresentation

Name Schema

access
optional

object

attributes
optional

object

clientRoles
optional

object

id
optional

string

name
optional

string

path
optional

string

realmRoles
optional

< string > array

subGroups
optional

< GroupRepresentation > array

IdentityProviderMapperRepresentation

Name Schema

config
optional

object

id
optional

string

identityProviderAlias
optional

string

identityProviderMapper
optional

string

name
optional

string

IdentityProviderRepresentation

Name Schema

addReadTokenRoleOnCreate
optional

boolean

alias
optional

string

config
optional

object

displayName
optional

string

enabled
optional

boolean

firstBrokerLoginFlowAlias
optional

string

internalId
optional

string

linkOnly
optional

boolean

postBrokerLoginFlowAlias
optional

string

providerId
optional

string

storeToken
optional

boolean

trustEmail
optional

boolean

KeyStoreConfig

Name Schema

format
optional

string

keyAlias
optional

string

keyPassword
optional

string

realmAlias
optional

string

realmCertificate
optional

boolean

storePassword
optional

string

KeysMetadataRepresentation

Name Schema

active
optional

object

keys
optional

< KeysMetadataRepresentation-KeyMetadataRepresentation > array

KeysMetadataRepresentation-KeyMetadataRepresentation

Name Schema

algorithms
optional

< string > array

certificate
optional

string

kid
optional

string

providerId
optional

string

providerPriority
optional

integer(int64)

publicKey
optional

string

status
optional

string

type
optional

string

ManagementPermissionReference

Name Schema

enabled
optional

boolean

resource
optional

string

scopePermissions
optional

object

MappingsRepresentation

Name Schema

clientMappings
optional

object

realmMappings
optional

< RoleRepresentation > array

MemoryInfoRepresentation

Name Schema

free
optional

integer(int64)

freeFormated
optional

string

freePercentage
optional

integer(int64)

total
optional

integer(int64)

totalFormated
optional

string

used
optional

integer(int64)

usedFormated
optional

string

MultivaluedHashMap

Name Schema

empty
optional

boolean

loadFactor
optional

number(float)

threshold
optional

integer(int32)

PartialImportRepresentation

Name Schema

clients
optional

< ClientRepresentation > array

groups
optional

< GroupRepresentation > array

identityProviders
optional

< IdentityProviderRepresentation > array

ifResourceExists
optional

string

policy
optional

enum (SKIP, OVERWRITE, FAIL)

roles
optional

RolesRepresentation

users
optional

< UserRepresentation > array

PasswordPolicyTypeRepresentation

Name Schema

configType
optional

string

defaultValue
optional

string

displayName
optional

string

id
optional

string

multipleSupported
optional

boolean

Permission

Name Schema

claims
optional

object

rsid
optional

string

rsname
optional

string

scopes
optional

< string > array

PolicyRepresentation

Name Schema

config
optional

object

decisionStrategy
optional

enum (AFFIRMATIVE, UNANIMOUS, CONSENSUS)

description
optional

string

id
optional

string

logic
optional

enum (POSITIVE, NEGATIVE)

name
optional

string

owner
optional

string

policies
optional

< string > array

resources
optional

< string > array

scopes
optional

< string > array

type
optional

string

ProfileInfoRepresentation

Name Schema

disabledFeatures
optional

< string > array

name
optional

string

ProtocolMapperRepresentation

Name Schema

config
optional

object

id
optional

string

name
optional

string

protocol
optional

string

protocolMapper
optional

string

ProviderRepresentation

Name Schema

operationalInfo
optional

object

order
optional

integer(int32)

RealmEventsConfigRepresentation

Name Schema

adminEventsDetailsEnabled
optional

boolean

adminEventsEnabled
optional

boolean

enabledEventTypes
optional

< string > array

eventsEnabled
optional

boolean

eventsExpiration
optional

integer(int64)

eventsListeners
optional

< string > array

RealmRepresentation

Name Schema

accessCodeLifespan
optional

integer(int32)

accessCodeLifespanLogin
optional

integer(int32)

accessCodeLifespanUserAction
optional

integer(int32)

accessTokenLifespan
optional

integer(int32)

accessTokenLifespanForImplicitFlow
optional

integer(int32)

accountTheme
optional

string

actionTokenGeneratedByAdminLifespan
optional

integer(int32)

actionTokenGeneratedByUserLifespan
optional

integer(int32)

adminEventsDetailsEnabled
optional

boolean

adminEventsEnabled
optional

boolean

adminTheme
optional

string

attributes
optional

object

authenticationFlows
optional

< AuthenticationFlowRepresentation > array

authenticatorConfig
optional

< AuthenticatorConfigRepresentation > array

browserFlow
optional

string

browserSecurityHeaders
optional

object

bruteForceProtected
optional

boolean

clientAuthenticationFlow
optional

string

clientScopeMappings
optional

object

clientScopes
optional

< ClientScopeRepresentation > array

clients
optional

< ClientRepresentation > array

components
optional

MultivaluedHashMap

defaultDefaultClientScopes
optional

< string > array

defaultGroups
optional

< string > array

defaultLocale
optional

string

defaultOptionalClientScopes
optional

< string > array

defaultRoles
optional

< string > array

directGrantFlow
optional

string

displayName
optional

string

displayNameHtml
optional

string

dockerAuthenticationFlow
optional

string

duplicateEmailsAllowed
optional

boolean

editUsernameAllowed
optional

boolean

emailTheme
optional

string

enabled
optional

boolean

enabledEventTypes
optional

< string > array

eventsEnabled
optional

boolean

eventsExpiration
optional

integer(int64)

eventsListeners
optional

< string > array

failureFactor
optional

integer(int32)

federatedUsers
optional

< UserRepresentation > array

groups
optional

< GroupRepresentation > array

id
optional

string

identityProviderMappers
optional

< IdentityProviderMapperRepresentation > array

identityProviders
optional

< IdentityProviderRepresentation > array

internationalizationEnabled
optional

boolean

keycloakVersion
optional

string

loginTheme
optional

string

loginWithEmailAllowed
optional

boolean

maxDeltaTimeSeconds
optional

integer(int32)

maxFailureWaitSeconds
optional

integer(int32)

minimumQuickLoginWaitSeconds
optional

integer(int32)

notBefore
optional

integer(int32)

offlineSessionIdleTimeout
optional

integer(int32)

offlineSessionMaxLifespan
optional

integer(int32)

offlineSessionMaxLifespanEnabled
optional

boolean

otpPolicyAlgorithm
optional

string

otpPolicyDigits
optional

integer(int32)

otpPolicyInitialCounter
optional

integer(int32)

otpPolicyLookAheadWindow
optional

integer(int32)

otpPolicyPeriod
optional

integer(int32)

otpPolicyType
optional

string

otpSupportedApplications
optional

< string > array

passwordPolicy
optional

string

permanentLockout
optional

boolean

protocolMappers
optional

< ProtocolMapperRepresentation > array

quickLoginCheckMilliSeconds
optional

integer(int64)

realm
optional

string

refreshTokenMaxReuse
optional

integer(int32)

registrationAllowed
optional

boolean

registrationEmailAsUsername
optional

boolean

registrationFlow
optional

string

rememberMe
optional

boolean

requiredActions
optional

< RequiredActionProviderRepresentation > array

resetCredentialsFlow
optional

string

resetPasswordAllowed
optional

boolean

revokeRefreshToken
optional

boolean

roles
optional

RolesRepresentation

scopeMappings
optional

< ScopeMappingRepresentation > array

smtpServer
optional

object

sslRequired
optional

string

ssoSessionIdleTimeout
optional

integer(int32)

ssoSessionMaxLifespan
optional

integer(int32)

supportedLocales
optional

< string > array

userFederationMappers
optional

< UserFederationMapperRepresentation > array

userFederationProviders
optional

< UserFederationProviderRepresentation > array

userManagedAccessAllowed
optional

boolean

users
optional

< UserRepresentation > array

verifyEmail
optional

boolean

waitIncrementSeconds
optional

integer(int32)

RequiredActionProviderRepresentation

Name Schema

alias
optional

string

config
optional

object

defaultAction
optional

boolean

enabled
optional

boolean

name
optional

string

priority
optional

integer(int32)

providerId
optional

string

ResourceRepresentation

Name Schema

id
_optional

string

attributes
optional

object

displayName
optional

string

icon_uri
optional

string

name
optional

string

ownerManagedAccess
optional

boolean

scopes
optional

< ScopeRepresentation > array

type
optional

string

uris
optional

< string > array

ResourceServerRepresentation

Name Schema

allowRemoteResourceManagement
optional

boolean

clientId
optional

string

id
optional

string

name
optional

string

policies
optional

< PolicyRepresentation > array

policyEnforcementMode
optional

enum (ENFORCING, PERMISSIVE, DISABLED)

resources
optional

< ResourceRepresentation > array

scopes
optional

< ScopeRepresentation > array

RoleRepresentation

Name Schema

clientRole
optional

boolean

composite
optional

boolean

composites
optional

RoleRepresentation-Composites

containerId
optional

string

description
optional

string

id
optional

string

name
optional

string

RoleRepresentation-Composites

Name Schema

client
optional

object

realm
optional

< string > array

RolesRepresentation

Name Schema

client
optional

object

realm
optional

< RoleRepresentation > array

ScopeMappingRepresentation

Name Schema

client
optional

string

clientScope
optional

string

roles
optional

< string > array

self
optional

string

ScopeRepresentation

Name Schema

displayName
optional

string

iconUri
optional

string

id
optional

string

name
optional

string

policies
optional

< PolicyRepresentation > array

resources
optional

< ResourceRepresentation > array

ServerInfoRepresentation

Name Schema

builtinProtocolMappers
optional

object

clientImporters
optional

< object > array

clientInstallations
optional

object

componentTypes
optional

object

enums
optional

object

identityProviders
optional

< object > array

memoryInfo
optional

MemoryInfoRepresentation

passwordPolicies
optional

< PasswordPolicyTypeRepresentation > array

profileInfo
optional

ProfileInfoRepresentation

protocolMapperTypes
optional

object

providers
optional

object

socialProviders
optional

< object > array

systemInfo
optional

SystemInfoRepresentation

themes
optional

object

SpiInfoRepresentation

Name Schema

internal
optional

boolean

providers
optional

object

SynchronizationResult

Name Schema

added
optional

integer(int32)

failed
optional

integer(int32)

ignored
optional

boolean

removed
optional

integer(int32)

status
optional

string

updated
optional

integer(int32)

SystemInfoRepresentation

Name Schema

fileEncoding
optional

string

javaHome
optional

string

javaRuntime
optional

string

javaVendor
optional

string

javaVersion
optional

string

javaVm
optional

string

javaVmVersion
optional

string

osArchitecture
optional

string

osName
optional

string

osVersion
optional

string

serverTime
optional

string

uptime
optional

string

uptimeMillis
optional

integer(int64)

userDir
optional

string

userLocale
optional

string

userName
optional

string

userTimezone
optional

string

version
optional

string

UserConsentRepresentation

Name Schema

clientId
optional

string

createdDate
optional

integer(int64)

grantedClientScopes
optional

< string > array

lastUpdatedDate
optional

integer(int64)

UserFederationMapperRepresentation

Name Schema

config
optional

object

federationMapperType
optional

string

federationProviderDisplayName
optional

string

id
optional

string

name
optional

string

UserFederationProviderRepresentation

Name Schema

changedSyncPeriod
optional

integer(int32)

config
optional

object

displayName
optional

string

fullSyncPeriod
optional

integer(int32)

id
optional

string

lastSync
optional

integer(int32)

priority
optional

integer(int32)

providerName
optional

string

UserRepresentation

Name Schema

access
optional

object

attributes
optional

object

clientConsents
optional

< UserConsentRepresentation > array

clientRoles
optional

object

createdTimestamp
optional

integer(int64)

credentials
optional

< CredentialRepresentation > array

disableableCredentialTypes
optional

< string > array

email
optional

string

emailVerified
optional

boolean

enabled
optional

boolean

federatedIdentities
optional

< FederatedIdentityRepresentation > array

federationLink
optional

string

firstName
optional

string

groups
optional

< string > array

id
optional

string

lastName
optional

string

notBefore
optional

integer(int32)

origin
optional

string

realmRoles
optional

< string > array

requiredActions
optional

< string > array

self
optional

string

serviceAccountClientId
optional

string

username
optional

string

UserSessionRepresentation

Name Schema

clients
optional

object

id
optional

string

ipAddress
optional

string

lastAccess
optional

integer(int64)

start
optional

integer(int64)

userId
optional

string

username
optional

string