Overview

This is a REST API reference for the Keycloak Admin REST API.

Version information

Version: 1

URI scheme

{base url}/admin/realms

Resources

Attack Detection

Clear any user login failures for all users This can release temporary disabled users

DELETE /{realm}/attack-detection/brute-force/users
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get status of a username in brute force detection

GET /{realm}/attack-detection/brute-force/users/{userId}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

userId
required

string

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

Clear any user login failures for the user This can release temporary disabled user

DELETE /{realm}/attack-detection/brute-force/users/{userId}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

userId
required

string

Responses
HTTP Code Description Schema

default

success

No Content

Authentication Management

Get authenticator providers Returns a stream of authenticator providers.

GET /{realm}/authentication/authenticator-providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get client authenticator providers Returns a stream of client authenticator providers.

GET /{realm}/authentication/client-authenticator-providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get authenticator provider’s configuration description

GET /{realm}/authentication/config-description/{providerId}
Parameters
Type Name Description Schema

Path

providerId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

AuthenticatorConfigInfoRepresentation

Produces
  • application/json

Get authenticator configuration

GET /{realm}/authentication/config/{id}
Parameters
Type Name Description Schema

Path

id
required

Configuration id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

AuthenticatorConfigRepresentation

Produces
  • application/json

Update authenticator configuration

PUT /{realm}/authentication/config/{id}
Parameters
Type Name Description Schema

Path

id
required

Configuration id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

JSON describing new state of authenticator configuration

AuthenticatorConfigRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete authenticator configuration

DELETE /{realm}/authentication/config/{id}
Parameters
Type Name Description Schema

Path

id
required

Configuration id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Add new authentication execution

POST /{realm}/authentication/executions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

execution
required

JSON model describing authentication execution

AuthenticationExecutionRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get Single Execution

GET /{realm}/authentication/executions/{executionId}
Parameters
Type Name Description Schema

Path

executionId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Produces
  • application/json

Delete execution

DELETE /{realm}/authentication/executions/{executionId}
Parameters
Type Name Description Schema

Path

executionId
required

Execution id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Update execution with new configuration

POST /{realm}/authentication/executions/{executionId}/config
Parameters
Type Name Description Schema

Path

executionId
required

Execution id

string

Path

realm
required

realm name (not id!)

string

Body

json
required

JSON with new configuration

AuthenticatorConfigRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Lower execution’s priority

POST /{realm}/authentication/executions/{executionId}/lower-priority
Parameters
Type Name Description Schema

Path

executionId
required

Execution id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Raise execution’s priority

POST /{realm}/authentication/executions/{executionId}/raise-priority
Parameters
Type Name Description Schema

Path

executionId
required

Execution id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Create a new authentication flow

POST /{realm}/authentication/flows
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

flow
required

Authentication flow representation

AuthenticationFlowRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get authentication flows Returns a stream of authentication flows.

GET /{realm}/authentication/flows
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object

POST /{realm}/authentication/flows/{flowAlias}/copy
Parameters
Type Name Description Schema

Path

flowAlias
required

Name of the existing authentication flow

string

Path

realm
required

realm name (not id!)

string

Body

data
required

JSON containing 'newName' attribute

Map

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get authentication executions for a flow

GET /{realm}/authentication/flows/{flowAlias}/executions
Parameters
Type Name Description Schema

Path

flowAlias
required

Flow alias

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Produces
  • application/json

Update authentication executions of a Flow

PUT /{realm}/authentication/flows/{flowAlias}/executions
Parameters
Type Name Description Schema

Path

flowAlias
required

Flow alias

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

AuthenticationExecutionInfoRepresentation

AuthenticationExecutionInfoRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Produces
  • application/json

Add new authentication execution to a flow

POST /{realm}/authentication/flows/{flowAlias}/executions/execution
Parameters
Type Name Description Schema

Path

flowAlias
required

Alias of parent flow

string

Path

realm
required

realm name (not id!)

string

Body

data
required

New execution JSON data containing 'provider' attribute

Map

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Add new flow with new execution to existing flow

POST /{realm}/authentication/flows/{flowAlias}/executions/flow
Parameters
Type Name Description Schema

Path

flowAlias
required

Alias of parent authentication flow

string

Path

realm
required

realm name (not id!)

string

Body

data
required

New authentication flow / execution JSON data containing 'alias', 'type', 'provider', and 'description' attributes

Map

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get authentication flow for id

GET /{realm}/authentication/flows/{id}
Parameters
Type Name Description Schema

Path

id
required

Flow id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

AuthenticationFlowRepresentation

Produces
  • application/json

Update an authentication flow

PUT /{realm}/authentication/flows/{id}
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

flow
required

Authentication flow representation

AuthenticationFlowRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Produces
  • application/json

Delete an authentication flow

DELETE /{realm}/authentication/flows/{id}
Parameters
Type Name Description Schema

Path

id
required

Flow id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get form action providers Returns a stream of form action providers.

GET /{realm}/authentication/form-action-providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get form providers Returns a stream of form providers.

GET /{realm}/authentication/form-providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get configuration descriptions for all clients

GET /{realm}/authentication/per-client-config-description
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

Register a new required actions

POST /{realm}/authentication/register-required-action
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

data
required

JSON containing 'providerId', and 'name' attributes.

Map

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get required actions Returns a stream of required actions.

GET /{realm}/authentication/required-actions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get required action for alias

GET /{realm}/authentication/required-actions/{alias}
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RequiredActionProviderRepresentation

Produces
  • application/json

Update required action

PUT /{realm}/authentication/required-actions/{alias}
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

JSON describing new state of required action

RequiredActionProviderRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete required action

DELETE /{realm}/authentication/required-actions/{alias}
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Lower required action’s priority

POST /{realm}/authentication/required-actions/{alias}/lower-priority
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Raise required action’s priority

POST /{realm}/authentication/required-actions/{alias}/raise-priority
Parameters
Type Name Description Schema

Path

alias
required

Alias of required action

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get unregistered required actions Returns a stream of unregistered required actions.

GET /{realm}/authentication/unregistered-required-actions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Client Attribute Certificate

Get key info

GET /{realm}/clients/{id}/certificates/{attr}
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CertificateRepresentation

Produces
  • application/json

Get a keystore file for the client, containing private key and public certificate

POST /{realm}/clients/{id}/certificates/{attr}/download
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

config
required

Keystore configuration as JSON

KeyStoreConfig

Responses
HTTP Code Description Schema

default

success

< string(byte) > array

Consumes
  • application/json

Produces
  • application/octet-stream

Generate a new certificate with new key pair

POST /{realm}/clients/{id}/certificates/{attr}/generate
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CertificateRepresentation

Produces
  • application/json

Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format.

POST /{realm}/clients/{id}/certificates/{attr}/generate-and-download
Description

Only generated public certificate is saved in Keycloak DB - the private key is not.

Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

config
required

Keystore configuration as JSON

KeyStoreConfig

Responses
HTTP Code Description Schema

default

success

< string(byte) > array

Consumes
  • application/json

Produces
  • application/octet-stream

Upload certificate and eventually private key

POST /{realm}/clients/{id}/certificates/{attr}/upload
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CertificateRepresentation

Consumes
  • multipart/form-data

Produces
  • application/json

Upload only certificate, not private key

POST /{realm}/clients/{id}/certificates/{attr}/upload-certificate
Parameters
Type Name Description Schema

Path

attr
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CertificateRepresentation

Consumes
  • multipart/form-data

Produces
  • application/json

Client Initial Access

Create a new initial access token.

POST /{realm}/clients-initial-access
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

config
required

ClientInitialAccessCreatePresentation

Responses
HTTP Code Description Schema

default

success

ClientInitialAccessPresentation

Consumes
  • application/json

Produces
  • application/json

GET /{realm}/clients-initial-access

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

DELETE /{realm}/clients-initial-access/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Client Registration Policy

Base path for retrieve providers with the configProperties properly filled

GET /{realm}/client-registration-policy/providers
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Client Role Mappings

Add client-level roles to the user role mapping

POST /{realm}/groups/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get client-level role mappings for the user, and the app

GET /{realm}/groups/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Delete client-level roles from user role mapping

DELETE /{realm}/groups/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get available client-level roles that can be mapped to the user

GET /{realm}/groups/{id}/role-mappings/clients/{client}/available
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective client-level role mappings This recurses any composite roles

GET /{realm}/groups/{id}/role-mappings/clients/{client}/composite
Parameters
Type Name Description Schema Default

Path

client
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

if false, return roles with their attributes

boolean

"true"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Add client-level roles to the user role mapping

POST /{realm}/users/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get client-level role mappings for the user, and the app

GET /{realm}/users/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Delete client-level roles from user role mapping

DELETE /{realm}/users/{id}/role-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get available client-level roles that can be mapped to the user

GET /{realm}/users/{id}/role-mappings/clients/{client}/available
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective client-level role mappings This recurses any composite roles

GET /{realm}/users/{id}/role-mappings/clients/{client}/composite
Parameters
Type Name Description Schema Default

Path

client
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

if false, return roles with their attributes

boolean

"true"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Client Scopes

Create a new client scope Client Scope’s name must be unique!

POST /{realm}/client-scopes
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

ClientScopeRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm

GET /{realm}/client-scopes
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get representation of the client scope

GET /{realm}/client-scopes/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ClientScopeRepresentation

Produces
  • application/json

Update the client scope

PUT /{realm}/client-scopes/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ClientScopeRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the client scope

DELETE /{realm}/client-scopes/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Clients

Create a new client Client’s client_id must be unique!

POST /{realm}/clients
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

ClientRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get clients belonging to the realm.

GET /{realm}/clients
Description

If a client can’t be retrieved from the storage due to a problem with the underlying storage, it is silently removed from the returned list. This ensures that concurrent modifications to the list don’t prevent callers from retrieving this list.

Parameters
Type Name Description Schema Default

Path

realm
required

realm name (not id!)

string

Query

clientId
optional

filter by clientId

string

Query

first
optional

the first result

integer(int32)

Query

max
optional

the max results to return

integer(int32)

Query

q
optional

string

Query

search
optional

whether this is a search query or a getClientById query

boolean

"false"

Query

viewableOnly
optional

filter clients that cannot be viewed in full by admin

boolean

"false"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get representation of the client

GET /{realm}/clients/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ClientRepresentation

Produces
  • application/json

Update the client

PUT /{realm}/clients/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ClientRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the client

DELETE /{realm}/clients/{id}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Generate a new secret for the client

POST /{realm}/clients/{id}/client-secret
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CredentialRepresentation

Consumes
  • application/json

Produces
  • application/json

Get the client secret

GET /{realm}/clients/{id}/client-secret
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CredentialRepresentation

Produces
  • application/json

Get the rotated client secret

GET /{realm}/clients/{id}/client-secret/rotated
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

CredentialRepresentation

Produces
  • application/json

Invalidate the rotated secret for the client

DELETE /{realm}/clients/{id}/client-secret/rotated
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Produces
  • application/json

Get default client scopes.

GET /{realm}/clients/{id}/default-client-scopes
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

PUT /{realm}/clients/{id}/default-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /{realm}/clients/{id}/default-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Create JSON with payload of example access token

GET /{realm}/clients/{id}/evaluate-scopes/generate-example-access-token
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

scope
optional

string

Query

userId
optional

string

Responses
HTTP Code Description Schema

default

success

AccessToken

Produces
  • application/json

Create JSON with payload of example id token

GET /{realm}/clients/{id}/evaluate-scopes/generate-example-id-token
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

scope
optional

string

Query

userId
optional

string

Responses
HTTP Code Description Schema

default

success

IDToken

Produces
  • application/json

Create JSON with payload of example user info

GET /{realm}/clients/{id}/evaluate-scopes/generate-example-userinfo
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

scope
optional

string

Query

userId
optional

string

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

Return list of all protocol mappers, which will be used when generating tokens issued for particular client.

GET /{realm}/clients/{id}/evaluate-scopes/protocol-mappers
Description

This means protocol mappers assigned to this client directly and protocol mappers assigned to all client scopes of this client.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

scope
optional

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.

GET /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted
Description

This contains scope mappings, which this client has directly, as well as scope mappings, which are granted to all client scopes, which are linked with this client.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

roleContainerId
required

either realm name OR client UUID

string

Query

scope
optional

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.

GET /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted
Description

Defacto all the other roles of particular role container, which are not in {@link #getGrantedScopeMappings()}

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

roleContainerId
required

either realm name OR client UUID

string

Query

scope
optional

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

GET /{realm}/clients/{id}/installation/providers/{providerId}

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

providerId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Return object stating whether client Authorization permissions have been initialized or not and a reference

GET /{realm}/clients/{id}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether client Authorization permissions have been initialized or not and a reference

PUT /{realm}/clients/{id}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to Keycloak

POST /{realm}/clients/{id}/nodes
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

formParams
required

Map

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Unregister a cluster node from the client

DELETE /{realm}/clients/{id}/nodes/{node}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

node
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get application offline session count Returns a number of offline user sessions associated with this client { "count": number }

GET /{realm}/clients/{id}/offline-session-count
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

Get offline sessions for client Returns a list of offline user sessions associated with this client

GET /{realm}/clients/{id}/offline-sessions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

first
optional

Paging offset

integer(int32)

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get optional client scopes.

GET /{realm}/clients/{id}/optional-client-scopes
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

PUT /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.

POST /{realm}/clients/{id}/push-revocation
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GlobalRequestResult

Produces
  • application/json

Generate a new registration access token for the client

POST /{realm}/clients/{id}/registration-access-token
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ClientRepresentation

Consumes
  • application/json

Produces
  • application/json

Get a user dedicated to the service account

GET /{realm}/clients/{id}/service-account-user
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

UserRepresentation

Produces
  • application/json

Get application session count Returns a number of user sessions associated with this client { "count": number }

GET /{realm}/clients/{id}/session-count
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.

GET /{realm}/clients/{id}/test-nodes-available
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GlobalRequestResult

Produces
  • application/json

Get user sessions for client Returns a list of user sessions associated with this client

GET /{realm}/clients/{id}/user-sessions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

first
optional

Paging offset

integer(int32)

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Component

POST /{realm}/components

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

ComponentRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

GET /{realm}/components

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

name
optional

string

Query

parent
optional

string

Query

type
optional

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

GET /{realm}/components/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ComponentRepresentation

Produces
  • application/json

PUT /{realm}/components/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ComponentRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

DELETE /{realm}/components/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

List of subcomponent types that are available to configure for a particular parent component.

GET /{realm}/components/{id}/sub-component-types
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Query

type
optional

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Groups

create or add a top level realm groupSet or create child.

POST /{realm}/groups
Description

This will update the group and set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

GroupRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get group hierarchy.

GET /{realm}/groups
Description

Only name and ids are returned.

Parameters
Type Name Description Schema Default

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

boolean

"true"

Query

exact
optional

boolean

"false"

Query

first
optional

integer(int32)

Query

max
optional

integer(int32)

Query

q
optional

string

Query

search
optional

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Returns the groups counts.

GET /{realm}/groups/count
Parameters
Type Name Description Schema Default

Path

realm
required

realm name (not id!)

string

Query

search
optional

string

Query

top
optional

boolean

"false"

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

GET /{realm}/groups/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GroupRepresentation

Produces
  • application/json

Update group, ignores subgroups.

PUT /{realm}/groups/{id}
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

GroupRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

DELETE /{realm}/groups/{id}

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Set or create child.

POST /{realm}/groups/{id}/children
Description

This will just set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

GroupRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Produces
  • application/json

Return object stating whether client Authorization permissions have been initialized or not and a reference

GET /{realm}/groups/{id}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether client Authorization permissions have been initialized or not and a reference

PUT /{realm}/groups/{id}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Get users Returns a stream of users, filtered according to query parameters

GET /{realm}/groups/{id}/members
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

Only return basic information (only guaranteed to return id, username, created, first and last name, email, enabled state, email verification state, federation link, and access. Note that it means that namely user attributes, required actions, and not before are not returned.)

boolean

Query

first
optional

Pagination offset

integer(int32)

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Identity Providers

Import identity provider from JSON body

POST /{realm}/identity-provider/import-config
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

data
required

JSON body

Map

Responses
HTTP Code Description Schema

default

success

Map

Consumes
  • application/json

Produces
  • application/json

Create a new identity provider

POST /{realm}/identity-provider/instances
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

representation
required

JSON body

IdentityProviderRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get identity providers

GET /{realm}/identity-provider/instances
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get the identity provider

GET /{realm}/identity-provider/instances/{alias}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

IdentityProviderRepresentation

Produces
  • application/json

Update the identity provider

PUT /{realm}/identity-provider/instances/{alias}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Body

providerRep
required

IdentityProviderRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the identity provider

DELETE /{realm}/identity-provider/instances/{alias}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Export public broker configuration for identity provider

GET /{realm}/identity-provider/instances/{alias}/export
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Query

format
optional

Format to use

string

Responses
HTTP Code Description Schema

default

success

Response

Return object stating whether client Authorization permissions have been initialized or not and a reference

GET /{realm}/identity-provider/instances/{alias}/management/permissions
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether client Authorization permissions have been initialized or not and a reference

PUT /{realm}/identity-provider/instances/{alias}/management/permissions
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Get mapper types for identity provider

GET /{realm}/identity-provider/instances/{alias}/mapper-types
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Map

Add a mapper to identity provider

POST /{realm}/identity-provider/instances/{alias}/mappers
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Body

mapper
required

IdentityProviderMapperRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get mappers for identity provider

GET /{realm}/identity-provider/instances/{alias}/mappers
Parameters
Type Name Description Schema

Path

alias
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get mapper by id for the identity provider

GET /{realm}/identity-provider/instances/{alias}/mappers/{id}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

IdentityProviderMapperRepresentation

Produces
  • application/json

Update a mapper for the identity provider

PUT /{realm}/identity-provider/instances/{alias}/mappers/{id}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

IdentityProviderMapperRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete a mapper for the identity provider

DELETE /{realm}/identity-provider/instances/{alias}/mappers/{id}
Parameters
Type Name Description Schema

Path

alias
required

string

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get identity providers

GET /{realm}/identity-provider/providers/{provider_id}
Parameters
Type Name Description Schema

Path

provider_id
required

Provider id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Produces
  • application/json

Key

GET /{realm}/keys

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

KeysMetadataRepresentation

Produces
  • application/json

Protocol Mappers

Create multiple mappers

POST /{realm}/client-scopes/{id}/protocol-mappers/add-models
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

reps
required

< ProtocolMapperRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Create a mapper

POST /{realm}/client-scopes/{id}/protocol-mappers/models
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ProtocolMapperRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get mappers

GET /{realm}/client-scopes/{id}/protocol-mappers/models
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get mapper by id

GET /{realm}/client-scopes/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ProtocolMapperRepresentation

Produces
  • application/json

Update the mapper

PUT /{realm}/client-scopes/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ProtocolMapperRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete the mapper

DELETE /{realm}/client-scopes/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get mappers by name for a specific protocol

GET /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol}
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

protocol
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Create multiple mappers

POST /{realm}/clients/{id}/protocol-mappers/add-models
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

reps
required

< ProtocolMapperRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Create a mapper

POST /{realm}/clients/{id}/protocol-mappers/models
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ProtocolMapperRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get mappers

GET /{realm}/clients/{id}/protocol-mappers/models
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get mapper by id

GET /{realm}/clients/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ProtocolMapperRepresentation

Produces
  • application/json

Update the mapper

PUT /{realm}/clients/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

ProtocolMapperRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete the mapper

DELETE /{realm}/clients/{id}/protocol-mappers/models/{id}
Parameters
Type Name Description Schema

Path

id
required

Mapper id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get mappers by name for a specific protocol

GET /{realm}/clients/{id}/protocol-mappers/protocol/{protocol}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

protocol
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Realms Admin

Import a realm.

POST /
Description

Imports a realm from a full representation of that realm. Realm name must be unique.

Parameters
Type Name Schema

Body

requestBody
required

InputStream

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get the top-level representation of the realm It will not include nested information like User and Client representations.

GET /{realm}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RealmRepresentation

Produces
  • application/json

Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.

PUT /{realm}
Description

This will only update top-level attributes of the realm.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

RealmRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the realm

DELETE /{realm}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get admin events Returns all admin events, or filters events based on URL query parameters listed here

GET /{realm}/admin-events
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

authClient
optional

string

Query

authIpAddress
optional

string

Query

authRealm
optional

string

Query

authUser
optional

user id

string

Query

dateFrom
optional

string

Query

dateTo
optional

string

Query

first
optional

integer(int32)

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Query

operationTypes
optional

< string > array(csv)

Query

resourcePath
optional

string

Query

resourceTypes
optional

< string > array(csv)

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Delete all admin events

DELETE /{realm}/admin-events
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Base path for importing clients under this realm.

POST /{realm}/client-description-converter
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

description
required

string

Responses
HTTP Code Description Schema

default

success

ClientRepresentation

Consumes
  • application/json

  • application/xml

  • text/plain

Produces
  • application/json

GET /{realm}/client-policies/policies

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ClientPoliciesRepresentation

Produces
  • application/json

PUT /{realm}/client-policies/policies

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

clientPolicies
required

ClientPoliciesRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

GET /{realm}/client-policies/profiles

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

include-global-profiles
optional

boolean

Responses
HTTP Code Description Schema

default

success

ClientProfilesRepresentation

Produces
  • application/json

PUT /{realm}/client-policies/profiles

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

clientProfiles
required

ClientProfilesRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get client session stats Returns a JSON map.

GET /{realm}/client-session-stats
Description

The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

GET /{realm}/credential-registrators

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get realm default client scopes.

GET /{realm}/default-default-client-scopes
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

PUT /{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get group hierarchy.

GET /{realm}/default-groups
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

PUT /{realm}/default-groups/{groupId}

Parameters
Type Name Description Schema

Path

groupId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /{realm}/default-groups/{groupId}

Parameters
Type Name Description Schema

Path

groupId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get realm optional client scopes.

GET /{realm}/default-optional-client-scopes
Description

Only name and ids are returned.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

PUT /{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Type Name Description Schema

Path

clientScopeId
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get events Returns all events, or filters them based on URL query parameters listed here

GET /{realm}/events
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

client
optional

App or oauth client name

string

Query

dateFrom
optional

From date

string

Query

dateTo
optional

To date

string

Query

first
optional

Paging offset

integer(int32)

Query

ipAddress
optional

IP address

string

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Query

type
optional

The types of events to return

< string > array(csv)

Query

user
optional

User id

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Delete all events

DELETE /{realm}/events
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get the events provider configuration Returns JSON object with events provider configuration

GET /{realm}/events/config
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RealmEventsConfigRepresentation

Produces
  • application/json

Update the events provider Change the events provider and/or its configuration

PUT /{realm}/events/config
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

RealmEventsConfigRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

GET /{realm}/group-by-path/{path}

Parameters
Type Name Description Schema

Path

path
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GroupRepresentation

Produces
  • application/json

GET /{realm}/localization

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

POST /{realm}/localization/{locale}

Parameters
Type Name Description Schema

Path

locale
required

string

Path

realm
required

realm name (not id!)

string

Body

localizationTexts
required

Map

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

GET /{realm}/localization/{locale}

Parameters
Type Name Description Schema

Path

locale
required

string

Path

realm
required

realm name (not id!)

string

Query

useRealmDefaultLocaleFallback
optional

boolean

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

DELETE /{realm}/localization/{locale}

Parameters
Type Name Description Schema

Path

locale
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

GET /{realm}/localization/{locale}/{key}

Parameters
Type Name Description Schema

Path

key
required

string

Path

locale
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

string

Produces
  • text/plain

PUT /{realm}/localization/{locale}/{key}

Parameters
Type Name Description Schema

Path

key
required

string

Path

locale
required

string

Path

realm
required

realm name (not id!)

string

Body

text
required

string

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • text/plain

DELETE /{realm}/localization/{locale}/{key}

Parameters
Type Name Description Schema

Path

key
required

string

Path

locale
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Removes all user sessions.

POST /{realm}/logout-all
Description

Any client that has an admin url will also be told to invalidate any sessions they have.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GlobalRequestResult

Produces
  • application/json

Partial export of existing realm into a JSON file.

POST /{realm}/partial-export
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

exportClients
optional

boolean

Query

exportGroupsAndRoles
optional

boolean

Responses
HTTP Code Description Schema

default

success

Response

Produces
  • application/json

Partial import from a JSON file to an existing realm.

POST /{realm}/partialImport
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

requestBody
required

InputStream

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Produces
  • application/json

Push the realm’s revocation policy to any client that has an admin url associated with it.

POST /{realm}/push-revocation
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

GlobalRequestResult

Produces
  • application/json

Remove a specific user session.

DELETE /{realm}/sessions/{session}
Description

Any client that has an admin url will also be told to invalidate this particular session.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

session
required

string

Responses
HTTP Code Description Schema

default

success

No Content

POST /{realm}/testSMTPConnection

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

settings
required

Map

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

GET /{realm}/users-management-permissions

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

PUT /{realm}/users-management-permissions

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Role Mapper

Get role mappings

GET /{realm}/groups/{id}/role-mappings
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

MappingsRepresentation

Produces
  • application/json

Add realm-level role mappings to the user

POST /{realm}/groups/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

Roles to add

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level role mappings

GET /{realm}/groups/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Delete realm-level role mappings

DELETE /{realm}/groups/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles that can be mapped

GET /{realm}/groups/{id}/role-mappings/realm/available
Parameters
Type Name Description Schema

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective realm-level role mappings This will recurse all composite roles to get the result.

GET /{realm}/groups/{id}/role-mappings/realm/composite
Parameters
Type Name Description Schema Default

Path

id
required

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

if false, return roles with their attributes

boolean

"true"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get role mappings

GET /{realm}/users/{id}/role-mappings
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

MappingsRepresentation

Produces
  • application/json

Add realm-level role mappings to the user

POST /{realm}/users/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

Roles to add

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level role mappings

GET /{realm}/users/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Delete realm-level role mappings

DELETE /{realm}/users/{id}/role-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles that can be mapped

GET /{realm}/users/{id}/role-mappings/realm/available
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective realm-level role mappings This will recurse all composite roles to get the result.

GET /{realm}/users/{id}/role-mappings/realm/composite
Parameters
Type Name Description Schema Default

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

if false, return roles with their attributes

boolean

"true"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Roles

Create a new role for the realm or client

POST /{realm}/clients/{id}/roles
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get all roles for the realm or client

GET /{realm}/clients/{id}/roles
Parameters
Type Name Description Schema Default

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

boolean

"true"

Query

first
optional

integer(int32)

Query

max
optional

integer(int32)

Query

search
optional

string

""

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get a role by name

GET /{realm}/clients/{id}/roles/{role-name}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RoleRepresentation

Produces
  • application/json

Update a role by name

PUT /{realm}/clients/{id}/roles/{role-name}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete a role by name

DELETE /{realm}/clients/{id}/roles/{role-name}
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Add a composite to the role

POST /{realm}/clients/{id}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get composites of the role

GET /{realm}/clients/{id}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Remove roles from the role’s composite

DELETE /{realm}/clients/{id}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

roles
required

roles to remove

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get client-level roles for the client that are in the role’s composite

GET /{realm}/clients/{id}/roles/{role-name}/composites/clients/{clientUuid}
Parameters
Type Name Description Schema

Path

clientUuid
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get realm-level roles of the role’s composite

GET /{realm}/clients/{id}/roles/{role-name}/composites/realm
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Returns a stream of groups that have the specified role name

GET /{realm}/clients/{id}/roles/{role-name}/groups
Parameters
Type Name Description Schema Default

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

the role name.

string

Query

briefRepresentation
optional

if false, return a full representation of the {@code GroupRepresentation} objects.

boolean

"true"

Query

first
optional

first result to return. Ignored if negative or {@code null}.

integer(int32)

Query

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

integer(int32)

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Return object stating whether role Authorization permissions have been initialized or not and a reference

GET /{realm}/clients/{id}/roles/{role-name}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether role Authorization permissions have been initialized or not and a reference

PUT /{realm}/clients/{id}/roles/{role-name}/management/permissions
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Returns a stream of users that have the specified role name.

GET /{realm}/clients/{id}/roles/{role-name}/users
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

the role name.

string

Query

first
optional

first result to return. Ignored if negative or {@code null}.

integer(int32)

Query

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

integer(int32)

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Create a new role for the realm or client

POST /{realm}/roles
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get all roles for the realm or client

GET /{realm}/roles
Parameters
Type Name Description Schema Default

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

boolean

"true"

Query

first
optional

integer(int32)

Query

max
optional

integer(int32)

Query

search
optional

string

""

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get a role by name

GET /{realm}/roles/{role-name}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

RoleRepresentation

Produces
  • application/json

Update a role by name

PUT /{realm}/roles/{role-name}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete a role by name

DELETE /{realm}/roles/{role-name}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Add a composite to the role

POST /{realm}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get composites of the role

GET /{realm}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Remove roles from the role’s composite

DELETE /{realm}/roles/{role-name}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Body

roles
required

roles to remove

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get client-level roles for the client that are in the role’s composite

GET /{realm}/roles/{role-name}/composites/clients/{clientUuid}
Parameters
Type Name Description Schema

Path

clientUuid
required

string

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get realm-level roles of the role’s composite

GET /{realm}/roles/{role-name}/composites/realm
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

role’s name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Returns a stream of groups that have the specified role name

GET /{realm}/roles/{role-name}/groups
Parameters
Type Name Description Schema Default

Path

realm
required

realm name (not id!)

string

Path

role-name
required

the role name.

string

Query

briefRepresentation
optional

if false, return a full representation of the {@code GroupRepresentation} objects.

boolean

"true"

Query

first
optional

first result to return. Ignored if negative or {@code null}.

integer(int32)

Query

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

integer(int32)

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Return object stating whether role Authorization permissions have been initialized or not and a reference

GET /{realm}/roles/{role-name}/management/permissions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether role Authorization permissions have been initialized or not and a reference

PUT /{realm}/roles/{role-name}/management/permissions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Returns a stream of users that have the specified role name.

GET /{realm}/roles/{role-name}/users
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-name
required

the role name.

string

Query

first
optional

first result to return. Ignored if negative or {@code null}.

integer(int32)

Query

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

integer(int32)

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Roles (by ID)

Get a specific role’s representation

GET /{realm}/roles-by-id/{role-id}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

id of role

string

Responses
HTTP Code Description Schema

default

success

RoleRepresentation

Produces
  • application/json

Update the role

PUT /{realm}/roles-by-id/{role-id}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

id of role

string

Body

rep
required

RoleRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Delete the role

DELETE /{realm}/roles-by-id/{role-id}
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

id of role

string

Responses
HTTP Code Description Schema

default

success

No Content

Make the role a composite role by associating some child roles

POST /{realm}/roles-by-id/{role-id}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get role’s children Returns a set of role’s children provided the role is a composite.

GET /{realm}/roles-by-id/{role-id}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Query

first
optional

integer(int32)

Query

max
optional

integer(int32)

Query

search
optional

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Remove a set of roles from the role’s composite

DELETE /{realm}/roles-by-id/{role-id}/composites
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

Role id

string

Body

roles
required

A set of roles to be removed

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get client-level roles for the client that are in the role’s composite

GET /{realm}/roles-by-id/{role-id}/composites/clients/{clientUuid}
Parameters
Type Name Description Schema

Path

clientUuid
required

string

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get realm-level roles that are in the role’s composite

GET /{realm}/roles-by-id/{role-id}/composites/realm
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

GET /{realm}/roles-by-id/{role-id}/management/permissions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Produces
  • application/json

Return object stating whether role Authoirzation permissions have been initialized or not and a reference

PUT /{realm}/roles-by-id/{role-id}/management/permissions
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Path

role-id
required

string

Body

ref
required

ManagementPermissionReference

Responses
HTTP Code Description Schema

default

success

ManagementPermissionReference

Consumes
  • application/json

Produces
  • application/json

Scope Mappings

Add client-level roles to the client’s scope

POST /{realm}/client-scopes/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get the roles associated with a client’s scope Returns roles for the client.

GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Remove client-level roles from the client’s scope.

DELETE /{realm}/client-scopes/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite
Parameters
Type Name Description Schema Default

Path

client
required

string

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

if false, return roles with their attributes

boolean

"true"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Add a set of realm-level roles to the client’s scope

POST /{realm}/client-scopes/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles associated with the client’s scope

GET /{realm}/client-scopes/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Remove a set of realm-level roles from the client’s scope

DELETE /{realm}/client-scopes/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles that are available to attach to this client’s scope

GET /{realm}/client-scopes/{id}/scope-mappings/realm/available
Parameters
Type Name Description Schema

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

GET /{realm}/client-scopes/{id}/scope-mappings/realm/composite
Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Type Name Description Schema Default

Path

id
required

id of client scope (not name)

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

if false, return roles with their attributes

boolean

"true"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Add client-level roles to the client’s scope

POST /{realm}/clients/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get the roles associated with a client’s scope Returns roles for the client.

GET /{realm}/clients/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Remove client-level roles from the client’s scope.

DELETE /{realm}/clients/{id}/scope-mappings/clients/{client}
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

GET /{realm}/clients/{id}/scope-mappings/clients/{client}/available
Parameters
Type Name Description Schema

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

GET /{realm}/clients/{id}/scope-mappings/clients/{client}/composite
Parameters
Type Name Description Schema Default

Path

client
required

string

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

if false, return roles with their attributes

boolean

"true"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Add a set of realm-level roles to the client’s scope

POST /{realm}/clients/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles associated with the client’s scope

GET /{realm}/clients/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Remove a set of realm-level roles from the client’s scope

DELETE /{realm}/clients/{id}/scope-mappings/realm
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Body

roles
required

< RoleRepresentation > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Get realm-level roles that are available to attach to this client’s scope

GET /{realm}/clients/{id}/scope-mappings/realm/available
Parameters
Type Name Description Schema

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

GET /{realm}/clients/{id}/scope-mappings/realm/composite
Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Type Name Description Schema Default

Path

id
required

id of client (not client-id)

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

if false, return roles with their attributes

boolean

"true"

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Users

Create a new user Username must be unique.

POST /{realm}/users
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

rep
required

UserRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get users Returns a stream of users, filtered according to query parameters.

GET /{realm}/users
Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

Boolean which defines whether brief representations are returned (default: false)

boolean

Query

email
optional

A String contained in email, or the complete email, if param "exact" is true

string

Query

emailVerified
optional

whether the email has been verified

boolean

Query

enabled
optional

Boolean representing if user is enabled or not

boolean

Query

exact
optional

Boolean which defines whether the params "last", "first", "email" and "username" must match exactly

boolean

Query

first
optional

Pagination offset

integer(int32)

Query

firstName
optional

A String contained in firstName, or the complete firstName, if param "exact" is true

string

Query

idpAlias
optional

The alias of an Identity Provider linked to the user

string

Query

idpUserId
optional

The userId at an Identity Provider linked to the user

string

Query

lastName
optional

A String contained in lastName, or the complete lastName, if param "exact" is true

string

Query

max
optional

Maximum results size (defaults to 100)

integer(int32)

Query

q
optional

A query to search for custom attributes, in the format 'key1:value2 key2:value2'

string

Query

search
optional

A String contained in username, first or last name, or email

string

Query

username
optional

A String contained in username, or the complete username, if param "exact" is true

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Returns the number of users that match the given criteria.

GET /{realm}/users/count
Description

It can be called in three different ways. 1. Don’t specify any criteria and pass {@code null}. The number of all users within that realm will be returned. <p> 2. If {@code search} is specified other criteria such as {@code last} will be ignored even though you set them. The {@code search} string will be matched against the first and last name, the username and the email of a user. <p> 3. If {@code search} is unspecified but any of {@code last}, {@code first}, {@code email} or {@code username} those criteria are matched against their respective fields on a user entity. Combined with a logical and.

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Query

email
optional

email filter

string

Query

emailVerified
optional

boolean

Query

enabled
optional

Boolean representing if user is enabled or not

boolean

Query

firstName
optional

first name filter

string

Query

lastName
optional

last name filter

string

Query

search
optional

arbitrary search string for all the fields below

string

Query

username
optional

username filter

string

Responses
HTTP Code Description Schema

default

success

integer(int32)

Produces
  • application/json

GET /{realm}/users/profile

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

string

Produces
  • application/json

PUT /{realm}/users/profile

Parameters
Type Name Description Schema

Path

realm
required

realm name (not id!)

string

Body

text
required

string

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get representation of the user

GET /{realm}/users/{id}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

UserRepresentation

Produces
  • application/json

Update the user

PUT /{realm}/users/{id}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

UserRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Delete the user

DELETE /{realm}/users/{id}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Response

Return credential types, which are provided by the user storage where user is stored.

GET /{realm}/users/{id}/configured-user-storage-credential-types
Description

Returned values can contain for example "password", "otp" etc. This will always return empty list for "local" users, which are not backed by any user storage

Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Get consents granted by the user

GET /{realm}/users/{id}/consents
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Revoke consent and offline tokens for particular client from user

DELETE /{realm}/users/{id}/consents/{client}
Parameters
Type Name Description Schema

Path

client
required

Client id

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

GET /{realm}/users/{id}/credentials

Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Remove a credential for a user

DELETE /{realm}/users/{id}/credentials/{credentialId}
Parameters
Type Name Description Schema

Path

credentialId
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Move a credential to a position behind another credential

POST /{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId}
Parameters
Type Name Description Schema

Path

credentialId
required

The credential to move

string

Path

id
required

User id

string

Path

newPreviousCredentialId
required

The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Move a credential to a first position in the credentials list of the user

POST /{realm}/users/{id}/credentials/{credentialId}/moveToFirst
Parameters
Type Name Description Schema

Path

credentialId
required

The credential to move

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Update a credential label for a user

PUT /{realm}/users/{id}/credentials/{credentialId}/userLabel
Parameters
Type Name Description Schema

Path

credentialId
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

userLabel
required

string

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • text/plain

Disable all credentials for a user of a specific type

PUT /{realm}/users/{id}/disable-credential-types
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

credentialTypes
required

< string > array

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Send an email to the user with a link they can click to execute particular actions.

PUT /{realm}/users/{id}/execute-actions-email
Description

An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.

Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Query

client_id
optional

Client id

string

Query

lifespan
optional

Number of seconds after which the generated token expires

integer(int32)

Query

redirect_uri
optional

Redirect uri

string

Body

actions
required

Required actions the user needs to complete

< string > array

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get social logins associated with the user

GET /{realm}/users/{id}/federated-identity
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Add a social login provider to the user

POST /{realm}/users/{id}/federated-identity/{provider}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

provider
required

Social login provider id

string

Path

realm
required

realm name (not id!)

string

Body

rep
required

FederatedIdentityRepresentation

Responses
HTTP Code Description Schema

default

success

Response

Remove a social login provider from user

DELETE /{realm}/users/{id}/federated-identity/{provider}
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

provider
required

Social login provider id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

GET /{realm}/users/{id}/groups

Parameters
Type Name Description Schema Default

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Query

briefRepresentation
optional

boolean

"true"

Query

first
optional

integer(int32)

Query

max
optional

integer(int32)

Query

search
optional

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

GET /{realm}/users/{id}/groups/count

Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Query

search
optional

string

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

PUT /{realm}/users/{id}/groups/{groupId}

Parameters
Type Name Description Schema

Path

groupId
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

DELETE /{realm}/users/{id}/groups/{groupId}

Parameters
Type Name Description Schema

Path

groupId
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Impersonate the user

POST /{realm}/users/{id}/impersonation
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Map

Produces
  • application/json

Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.

POST /{realm}/users/{id}/logout
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

No Content

Get offline sessions associated with the user and client

GET /{realm}/users/{id}/offline-sessions/{clientUuid}
Parameters
Type Name Description Schema

Path

clientUuid
required

string

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Set up a new password for the user.

PUT /{realm}/users/{id}/reset-password
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Body

cred
required

The representation must contain a rawPassword with the plain-text password

CredentialRepresentation

Responses
HTTP Code Description Schema

default

success

No Content

Consumes
  • application/json

Send an email-verification email to the user An email contains a link the user can click to verify their email address.

PUT /{realm}/users/{id}/send-verify-email
Description

The redirectUri and clientId parameters are optional. The default for the redirect is the account client.

Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Query

client_id
optional

Client id

string

Query

redirect_uri
optional

Redirect uri

string

Responses
HTTP Code Description Schema

default

success

Response

Consumes
  • application/json

Get sessions associated with the user

GET /{realm}/users/{id}/sessions
Parameters
Type Name Description Schema

Path

id
required

User id

string

Path

realm
required

realm name (not id!)

string

Responses
HTTP Code Description Schema

default

success

Stream

Produces
  • application/json

Admin

OPTIONS /admin/{any}

Responses
HTTP Code Description Schema

default

success

Object

Root

Get themes, social providers, auth providers, and event listeners available on this server

GET /
Responses
HTTP Code Description Schema

default

success

ServerInfoRepresentation

Produces
  • application/json

CORS preflight

OPTIONS /{any}
Responses
HTTP Code Description Schema

default

success

Response

Definitions

AccessToken

Name Schema

acr
optional

string

address
optional

AddressClaimSet

allowed-origins
optional

< string > array

at_hash
optional

string

auth_time
optional

integer(int64)

authorization
optional

AccessToken-Authorization

azp
optional

string

birthdate
optional

string

c_hash
optional

string

category
optional

enum (INTERNAL, ACCESS, ID, ADMIN, USERINFO, LOGOUT, AUTHORIZATION_RESPONSE)

claims_locales
optional

string

cnf
optional

AccessToken-CertConf

email
optional

string

email_verified
optional

boolean

exp
optional

integer(int64)

family_name
optional

string

gender
optional

string

given_name
optional

string

iat
optional

integer(int64)

iss
optional

string

jti
optional

string

locale
optional

string

middle_name
optional

string

name
optional

string

nbf
optional

integer(int64)

nickname
optional

string

nonce
optional

string

otherClaims
optional

Map

phone_number
optional

string

phone_number_verified
optional

boolean

picture
optional

string

preferred_username
optional

string

profile
optional

string

realm_access
optional

AccessToken-Access

s_hash
optional

string

scope
optional

string

session_state
optional

string

sid
optional

string

sub
optional

string

trusted-certs
optional

< string > array

typ
optional

string

updated_at
optional

integer(int64)

website
optional

string

zoneinfo
optional

string

AccessToken-Access

Name Schema

roles
optional

< string > array

verify_caller
optional

boolean

AccessToken-Authorization

Name Schema

permissions
optional

< Permission > array

AccessToken-CertConf

Name Schema

x5t#S256
optional

string

AddressClaimSet

Name Schema

country
optional

string

formatted
optional

string

locality
optional

string

postal_code
optional

string

region
optional

string

street_address
optional

string

AuthenticationExecutionExportRepresentation

Name Schema

authenticator
optional

string

authenticatorConfig
optional

string

authenticatorFlow
optional

boolean

flowAlias
optional

string

priority
optional

integer(int32)

requirement
optional

string

userSetupAllowed
optional

boolean

AuthenticationExecutionInfoRepresentation

Name Schema

alias
optional

string

authenticationConfig
optional

string

authenticationFlow
optional

boolean

configurable
optional

boolean

description
optional

string

displayName
optional

string

flowId
optional

string

id
optional

string

index
optional

integer(int32)

level
optional

integer(int32)

providerId
optional

string

requirement
optional

string

requirementChoices
optional

< string > array

AuthenticationExecutionRepresentation

Name Schema

authenticator
optional

string

authenticatorConfig
optional

string

authenticatorFlow
optional

boolean

flowId
optional

string

id
optional

string

parentFlow
optional

string

priority
optional

integer(int32)

requirement
optional

string

AuthenticationFlowRepresentation

Name Schema

alias
optional

string

authenticationExecutions
optional

< AuthenticationExecutionExportRepresentation > array

builtIn
optional

boolean

description
optional

string

id
optional

string

providerId
optional

string

topLevel
optional

boolean

AuthenticatorConfigInfoRepresentation

Name Schema

helpText
optional

string

name
optional

string

properties
optional

< ConfigPropertyRepresentation > array

providerId
optional

string

AuthenticatorConfigRepresentation

Name Schema

alias
optional

string

config
optional

Map

id
optional

string

CertificateRepresentation

Name Schema

certificate
optional

string

kid
optional

string

privateKey
optional

string

publicKey
optional

string

ClientInitialAccessCreatePresentation

Name Schema

count
optional

integer(int32)

expiration
optional

integer(int32)

ClientInitialAccessPresentation

Name Schema

count
optional

integer(int32)

expiration
optional

integer(int32)

id
optional

string

remainingCount
optional

integer(int32)

timestamp
optional

integer(int32)

token
optional

string

ClientMappingsRepresentation

Name Schema

client
optional

string

id
optional

string

mappings
optional

< RoleRepresentation > array

ClientPoliciesRepresentation

Name Schema

policies
optional

< ClientPolicyRepresentation > array

ClientPolicyConditionRepresentation

Name Schema

condition
optional

string

configuration
optional

JsonNode

ClientPolicyExecutorRepresentation

Name Schema

configuration
optional

JsonNode

executor
optional

string

ClientPolicyRepresentation

Name Schema

conditions
optional

< ClientPolicyConditionRepresentation > array

description
optional

string

enabled
optional

boolean

name
optional

string

profiles
optional

< string > array

ClientProfileRepresentation

Name Schema

description
optional

string

executors
optional

< ClientPolicyExecutorRepresentation > array

name
optional

string

ClientProfilesRepresentation

Name Schema

globalProfiles
optional

< ClientProfileRepresentation > array

profiles
optional

< ClientProfileRepresentation > array

ClientRepresentation

Name Schema

access
optional

Map

adminUrl
optional

string

alwaysDisplayInConsole
optional

boolean

attributes
optional

Map

authenticationFlowBindingOverrides
optional

Map

authorizationServicesEnabled
optional

boolean

authorizationSettings
optional

ResourceServerRepresentation

baseUrl
optional

string

bearerOnly
optional

boolean

clientAuthenticatorType
optional

string

clientId
optional

string

consentRequired
optional

boolean

defaultClientScopes
optional

< string > array

description
optional

string

directAccessGrantsEnabled
optional

boolean

enabled
optional

boolean

frontchannelLogout
optional

boolean

fullScopeAllowed
optional

boolean

id
optional

string

implicitFlowEnabled
optional

boolean

name
optional

string

nodeReRegistrationTimeout
optional

integer(int32)

notBefore
optional

integer(int32)

oauth2DeviceAuthorizationGrantEnabled
optional

boolean

optionalClientScopes
optional

< string > array

origin
optional

string

protocol
optional

string

protocolMappers
optional

< ProtocolMapperRepresentation > array

publicClient
optional

boolean

redirectUris
optional

< string > array

registeredNodes
optional

Map

registrationAccessToken
optional

string

rootUrl
optional

string

secret
optional

string

serviceAccountsEnabled
optional

boolean

standardFlowEnabled
optional

boolean

surrogateAuthRequired
optional

boolean

webOrigins
optional

< string > array

ClientScopeEvaluateResource-ProtocolMapperEvaluationRepresentation

Name Schema

containerId
optional

string

containerName
optional

string

containerType
optional

string

mapperId
optional

string

mapperName
optional

string

protocolMapper
optional

string

ClientScopeRepresentation

Name Schema

attributes
optional

Map

description
optional

string

id
optional

string

name
optional

string

protocol
optional

string

protocolMappers
optional

< ProtocolMapperRepresentation > array

ComponentExportRepresentation

Name Schema

config
optional

MultivaluedHashMap

id
optional

string

name
optional

string

providerId
optional

string

subComponents
optional

MultivaluedHashMap

subType
optional

string

ComponentRepresentation

Name Schema

config
optional

MultivaluedHashMap

id
optional

string

name
optional

string

parentId
optional

string

providerId
optional

string

providerType
optional

string

subType
optional

string

ConfigPropertyRepresentation

Name Schema

defaultValue
optional

Object

helpText
optional

string

label
optional

string

name
optional

string

options
optional

< string > array

readOnly
optional

boolean

secret
optional

boolean

type
optional

string

CredentialRepresentation

Name Schema

createdDate
optional

integer(int64)

credentialData
optional

string

id
optional

string

priority
optional

integer(int32)

secretData
optional

string

temporary
optional

boolean

type
optional

string

userLabel
optional

string

value
optional

string

CryptoInfoRepresentation

Name Schema

cryptoProvider
optional

string

supportedKeystoreTypes
optional

< string > array

FederatedIdentityRepresentation

Name Schema

identityProvider
optional

string

userId
optional

string

userName
optional

string

GlobalRequestResult

Name Schema

failedRequests
optional

< string > array

successRequests
optional

< string > array

GroupRepresentation

Name Schema

access
optional

Map

attributes
optional

Map

clientRoles
optional

Map

id
optional

string

name
optional

string

path
optional

string

realmRoles
optional

< string > array

subGroups
optional

< GroupRepresentation > array

IDToken

Name Schema

acr
optional

string

address
optional

AddressClaimSet

at_hash
optional

string

auth_time
optional

integer(int64)

azp
optional

string

birthdate
optional

string

c_hash
optional

string

category
optional

enum (INTERNAL, ACCESS, ID, ADMIN, USERINFO, LOGOUT, AUTHORIZATION_RESPONSE)

claims_locales
optional

string

email
optional

string

email_verified
optional

boolean

exp
optional

integer(int64)

family_name
optional

string

gender
optional

string

given_name
optional

string

iat
optional

integer(int64)

iss
optional

string

jti
optional

string

locale
optional

string

middle_name
optional

string

name
optional

string

nbf
optional

integer(int64)

nickname
optional

string

nonce
optional

string

otherClaims
optional

Map

phone_number
optional

string

phone_number_verified
optional

boolean

picture
optional

string

preferred_username
optional

string

profile
optional

string

s_hash
optional

string

session_state
optional

string

sid
optional

string

sub
optional

string

typ
optional

string

updated_at
optional

integer(int64)

website
optional

string

zoneinfo
optional

string

IdentityProviderMapperRepresentation

Name Schema

config
optional

Map

id
optional

string

identityProviderAlias
optional

string

identityProviderMapper
optional

string

name
optional

string

IdentityProviderRepresentation

Name Schema

addReadTokenRoleOnCreate
optional

boolean

alias
optional

string

config
optional

Map

displayName
optional

string

enabled
optional

boolean

firstBrokerLoginFlowAlias
optional

string

internalId
optional

string

linkOnly
optional

boolean

postBrokerLoginFlowAlias
optional

string

providerId
optional

string

storeToken
optional

boolean

trustEmail
optional

boolean

JsonNode

Name Schema

array
optional

boolean

bigDecimal
optional

boolean

bigInteger
optional

boolean

binary
optional

boolean

boolean
optional

boolean

containerNode
optional

boolean

double
optional

boolean

empty
optional

boolean

float
optional

boolean

floatingPointNumber
optional

boolean

int
optional

boolean

integralNumber
optional

boolean

long
optional

boolean

missingNode
optional

boolean

nodeType
optional

enum (ARRAY, BINARY, BOOLEAN, MISSING, NULL, NUMBER, OBJECT, POJO, STRING)

null
optional

boolean

number
optional

boolean

object
optional

boolean

pojo
optional

boolean

short
optional

boolean

textual
optional

boolean

valueNode
optional

boolean

KeyStoreConfig

Name Schema

format
optional

string

keyAlias
optional

string

keyPassword
optional

string

realmAlias
optional

string

realmCertificate
optional

boolean

storePassword
optional

string

KeysMetadataRepresentation

Name Schema

active
optional

Map

keys
optional

< KeysMetadataRepresentation-KeyMetadataRepresentation > array

KeysMetadataRepresentation-KeyMetadataRepresentation

Name Schema

algorithm
optional

string

certificate
optional

string

kid
optional

string

providerId
optional

string

providerPriority
optional

integer(int64)

publicKey
optional

string

status
optional

string

type
optional

string

use
optional

enum (SIG, ENC)

ManagementPermissionReference

Name Schema

enabled
optional

boolean

resource
optional

string

scopePermissions
optional

Map

MappingsRepresentation

Name Schema

clientMappings
optional

Map

realmMappings
optional

< RoleRepresentation > array

MemoryInfoRepresentation

Name Schema

free
optional

integer(int64)

freeFormated
optional

string

freePercentage
optional

integer(int64)

total
optional

integer(int64)

totalFormated
optional

string

used
optional

integer(int64)

usedFormated
optional

string

MultivaluedHashMap

Name Schema

empty
optional

boolean

loadFactor
optional

number(float)

threshold
optional

integer(int32)

PasswordPolicyTypeRepresentation

Name Schema

configType
optional

string

defaultValue
optional

string

displayName
optional

string

id
optional

string

multipleSupported
optional

boolean

Permission

Name Schema

claims
optional

Map

rsid
optional

string

rsname
optional

string

scopes
optional

< string > array

PolicyRepresentation

Name Schema

config
optional

Map

decisionStrategy
optional

enum (AFFIRMATIVE, UNANIMOUS, CONSENSUS)

description
optional

string

id
optional

string

logic
optional

enum (POSITIVE, NEGATIVE)

name
optional

string

owner
optional

string

policies
optional

< string > array

resources
optional

< string > array

resourcesData
optional

< ResourceRepresentation > array

scopes
optional

< string > array

scopesData
optional

< ScopeRepresentation > array

type
optional

string

ProfileInfoRepresentation

Name Schema

disabledFeatures
optional

< string > array

experimentalFeatures
optional

< string > array

name
optional

string

previewFeatures
optional

< string > array

ProtocolMapperRepresentation

Name Schema

config
optional

Map

id
optional

string

name
optional

string

protocol
optional

string

protocolMapper
optional

string

ProviderRepresentation

Name Schema

operationalInfo
optional

Map

order
optional

integer(int32)

RealmEventsConfigRepresentation

Name Schema

adminEventsDetailsEnabled
optional

boolean

adminEventsEnabled
optional

boolean

enabledEventTypes
optional

< string > array

eventsEnabled
optional

boolean

eventsExpiration
optional

integer(int64)

eventsListeners
optional

< string > array

RealmRepresentation

Name Schema

accessCodeLifespan
optional

integer(int32)

accessCodeLifespanLogin
optional

integer(int32)

accessCodeLifespanUserAction
optional

integer(int32)

accessTokenLifespan
optional

integer(int32)

accessTokenLifespanForImplicitFlow
optional

integer(int32)

accountTheme
optional

string

actionTokenGeneratedByAdminLifespan
optional

integer(int32)

actionTokenGeneratedByUserLifespan
optional

integer(int32)

adminEventsDetailsEnabled
optional

boolean

adminEventsEnabled
optional

boolean

adminTheme
optional

string

attributes
optional

Map

authenticationFlows
optional

< AuthenticationFlowRepresentation > array

authenticatorConfig
optional

< AuthenticatorConfigRepresentation > array

browserFlow
optional

string

browserSecurityHeaders
optional

Map

bruteForceProtected
optional

boolean

clientAuthenticationFlow
optional

string

clientOfflineSessionIdleTimeout
optional

integer(int32)

clientOfflineSessionMaxLifespan
optional

integer(int32)

clientPolicies
optional

JsonNode

clientProfiles
optional

JsonNode

clientScopeMappings
optional

Map

clientScopes
optional

< ClientScopeRepresentation > array

clientSessionIdleTimeout
optional

integer(int32)

clientSessionMaxLifespan
optional

integer(int32)

clients
optional

< ClientRepresentation > array

components
optional

MultivaluedHashMap

defaultDefaultClientScopes
optional

< string > array

defaultGroups
optional

< string > array

defaultLocale
optional

string

defaultOptionalClientScopes
optional

< string > array

defaultRole
optional

RoleRepresentation

defaultSignatureAlgorithm
optional

string

directGrantFlow
optional

string

displayName
optional

string

displayNameHtml
optional

string

dockerAuthenticationFlow
optional

string

duplicateEmailsAllowed
optional

boolean

editUsernameAllowed
optional

boolean

emailTheme
optional

string

enabled
optional

boolean

enabledEventTypes
optional

< string > array

eventsEnabled
optional

boolean

eventsExpiration
optional

integer(int64)

eventsListeners
optional

< string > array

failureFactor
optional

integer(int32)

federatedUsers
optional

< UserRepresentation > array

groups
optional

< GroupRepresentation > array

id
optional

string

identityProviderMappers
optional

< IdentityProviderMapperRepresentation > array

identityProviders
optional

< IdentityProviderRepresentation > array

internationalizationEnabled
optional

boolean

keycloakVersion
optional

string

loginTheme
optional

string

loginWithEmailAllowed
optional

boolean

maxDeltaTimeSeconds
optional

integer(int32)

maxFailureWaitSeconds
optional

integer(int32)

minimumQuickLoginWaitSeconds
optional

integer(int32)

notBefore
optional

integer(int32)

oAuth2DeviceCodeLifespan
optional

integer(int32)

oAuth2DevicePollingInterval
optional

integer(int32)

oauth2DeviceCodeLifespan
optional

integer(int32)

oauth2DevicePollingInterval
optional

integer(int32)

offlineSessionIdleTimeout
optional

integer(int32)

offlineSessionMaxLifespan
optional

integer(int32)

offlineSessionMaxLifespanEnabled
optional

boolean

otpPolicyAlgorithm
optional

string

otpPolicyCodeReusable
optional

boolean

otpPolicyDigits
optional

integer(int32)

otpPolicyInitialCounter
optional

integer(int32)

otpPolicyLookAheadWindow
optional

integer(int32)

otpPolicyPeriod
optional

integer(int32)

otpPolicyType
optional

string

otpSupportedApplications
optional

< string > array

passwordPolicy
optional

string

permanentLockout
optional

boolean

protocolMappers
optional

< ProtocolMapperRepresentation > array

quickLoginCheckMilliSeconds
optional

integer(int64)

realm
optional

string

refreshTokenMaxReuse
optional

integer(int32)

registrationAllowed
optional

boolean

registrationEmailAsUsername
optional

boolean

registrationFlow
optional

string

rememberMe
optional

boolean

requiredActions
optional

< RequiredActionProviderRepresentation > array

resetCredentialsFlow
optional

string

resetPasswordAllowed
optional

boolean

revokeRefreshToken
optional

boolean

roles
optional

RolesRepresentation

scopeMappings
optional

< ScopeMappingRepresentation > array

smtpServer
optional

Map

sslRequired
optional

string

ssoSessionIdleTimeout
optional

integer(int32)

ssoSessionIdleTimeoutRememberMe
optional

integer(int32)

ssoSessionMaxLifespan
optional

integer(int32)

ssoSessionMaxLifespanRememberMe
optional

integer(int32)

supportedLocales
optional

< string > array

userFederationMappers
optional

< UserFederationMapperRepresentation > array

userFederationProviders
optional

< UserFederationProviderRepresentation > array

userManagedAccessAllowed
optional

boolean

users
optional

< UserRepresentation > array

verifyEmail
optional

boolean

waitIncrementSeconds
optional

integer(int32)

webAuthnPolicyAcceptableAaguids
optional

< string > array

webAuthnPolicyAttestationConveyancePreference
optional

string

webAuthnPolicyAuthenticatorAttachment
optional

string

webAuthnPolicyAvoidSameAuthenticatorRegister
optional

boolean

webAuthnPolicyCreateTimeout
optional

integer(int32)

webAuthnPolicyPasswordlessAcceptableAaguids
optional

< string > array

webAuthnPolicyPasswordlessAttestationConveyancePreference
optional

string

webAuthnPolicyPasswordlessAuthenticatorAttachment
optional

string

webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister
optional

boolean

webAuthnPolicyPasswordlessCreateTimeout
optional

integer(int32)

webAuthnPolicyPasswordlessRequireResidentKey
optional

string

webAuthnPolicyPasswordlessRpEntityName
optional

string

webAuthnPolicyPasswordlessRpId
optional

string

webAuthnPolicyPasswordlessSignatureAlgorithms
optional

< string > array

webAuthnPolicyPasswordlessUserVerificationRequirement
optional

string

webAuthnPolicyRequireResidentKey
optional

string

webAuthnPolicyRpEntityName
optional

string

webAuthnPolicyRpId
optional

string

webAuthnPolicySignatureAlgorithms
optional

< string > array

webAuthnPolicyUserVerificationRequirement
optional

string

RequiredActionProviderRepresentation

Name Schema

alias
optional

string

config
optional

Map

defaultAction
optional

boolean

enabled
optional

boolean

name
optional

string

priority
optional

integer(int32)

providerId
optional

string

ResourceRepresentation

Name Schema

id
_optional

string

attributes
optional

Map

displayName
optional

string

icon_uri
optional

string

name
optional

string

ownerManagedAccess
optional

boolean

scopes
optional

< ScopeRepresentation > array

type
optional

string

uris
optional

< string > array

ResourceServerRepresentation

Name Schema

allowRemoteResourceManagement
optional

boolean

clientId
optional

string

decisionStrategy
optional

enum (AFFIRMATIVE, UNANIMOUS, CONSENSUS)

id
optional

string

name
optional

string

policies
optional

< PolicyRepresentation > array

policyEnforcementMode
optional

enum (ENFORCING, PERMISSIVE, DISABLED)

resources
optional

< ResourceRepresentation > array

scopes
optional

< ScopeRepresentation > array

RoleRepresentation

Name Schema

attributes
optional

Map

clientRole
optional

boolean

composite
optional

boolean

composites
optional

RoleRepresentation-Composites

containerId
optional

string

description
optional

string

id
optional

string

name
optional

string

RoleRepresentation-Composites

Name Schema

client
optional

Map

realm
optional

< string > array

RolesRepresentation

Name Schema

client
optional

Map

realm
optional

< RoleRepresentation > array

ScopeMappingRepresentation

Name Schema

client
optional

string

clientScope
optional

string

roles
optional

< string > array

self
optional

string

ScopeRepresentation

Name Schema

displayName
optional

string

iconUri
optional

string

id
optional

string

name
optional

string

policies
optional

< PolicyRepresentation > array

resources
optional

< ResourceRepresentation > array

ServerInfoRepresentation

Name Schema

builtinProtocolMappers
optional

Map

clientImporters
optional

< Map > array

clientInstallations
optional

Map

componentTypes
optional

Map

cryptoInfo
optional

CryptoInfoRepresentation

enums
optional

Map

identityProviders
optional

< Map > array

memoryInfo
optional

MemoryInfoRepresentation

passwordPolicies
optional

< PasswordPolicyTypeRepresentation > array

profileInfo
optional

ProfileInfoRepresentation

protocolMapperTypes
optional

Map

providers
optional

Map

socialProviders
optional

< Map > array

systemInfo
optional

SystemInfoRepresentation

themes
optional

Map

SpiInfoRepresentation

Name Schema

internal
optional

boolean

providers
optional

Map

SystemInfoRepresentation

Name Schema

fileEncoding
optional

string

javaHome
optional

string

javaRuntime
optional

string

javaVendor
optional

string

javaVersion
optional

string

javaVm
optional

string

javaVmVersion
optional

string

osArchitecture
optional

string

osName
optional

string

osVersion
optional

string

serverTime
optional

string

uptime
optional

string

uptimeMillis
optional

integer(int64)

userDir
optional

string

userLocale
optional

string

userName
optional

string

userTimezone
optional

string

version
optional

string

UserConsentRepresentation

Name Schema

clientId
optional

string

createdDate
optional

integer(int64)

grantedClientScopes
optional

< string > array

lastUpdatedDate
optional

integer(int64)

UserFederationMapperRepresentation

Name Schema

config
optional

Map

federationMapperType
optional

string

federationProviderDisplayName
optional

string

id
optional

string

name
optional

string

UserFederationProviderRepresentation

Name Schema

changedSyncPeriod
optional

integer(int32)

config
optional

Map

displayName
optional

string

fullSyncPeriod
optional

integer(int32)

id
optional

string

lastSync
optional

integer(int32)

priority
optional

integer(int32)

providerName
optional

string

UserRepresentation

Name Schema

access
optional

Map

attributes
optional

Map

clientConsents
optional

< UserConsentRepresentation > array

clientRoles
optional

Map

createdTimestamp
optional

integer(int64)

credentials
optional

< CredentialRepresentation > array

disableableCredentialTypes
optional

< string > array

email
optional

string

emailVerified
optional

boolean

enabled
optional

boolean

federatedIdentities
optional

< FederatedIdentityRepresentation > array

federationLink
optional

string

firstName
optional

string

groups
optional

< string > array

id
optional

string

lastName
optional

string

notBefore
optional

integer(int32)

origin
optional

string

realmRoles
optional

< string > array

requiredActions
optional

< string > array

self
optional

string

serviceAccountClientId
optional

string

username
optional

string