Overview

This is a REST API reference for the Keycloak Admin REST API.

Version information

Version: 1.0

URI scheme

{base url}/admin/realms

Resources

Attack Detection

DELETE /admin/realms/{realm}/attack-detection/brute-force/users

Clear any user login failures for all users This can release temporary disabled users

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/attack-detection/brute-force/users/{userId}

Clear any user login failures for the user This can release temporary disabled user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

userId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/attack-detection/brute-force/users/{userId}

Get status of a username in brute force detection

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

userId
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[<<>>]

Authentication Management

GET /admin/realms/{realm}/authentication/authenticator-providers

Get authenticator providers Returns a stream of authenticator providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/client-authenticator-providers

Get client authenticator providers Returns a stream of client authenticator providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/config-description/{providerId}

Get authenticator provider’s configuration description

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

providerId
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigInfoRepresentation

DELETE /admin/realms/{realm}/authentication/config/{id}

Delete authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/config/{id}

Get authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigRepresentation

PUT /admin/realms/{realm}/authentication/config/{id}

Update authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null

Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/config

Create new authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/executions/{executionId}/config/{id}

Get execution’s configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

id
required

Configuration id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigRepresentation

POST /admin/realms/{realm}/authentication/executions/{executionId}/config

Update execution with new configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/authentication/executions/{executionId}

Delete execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/executions/{executionId}

Get Single Execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

null

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/executions/{executionId}/lower-priority

Lower execution’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

Responses
Code Message Datatype

201

Created

<<>>

POST /admin/realms/{realm}/authentication/executions/{executionId}/raise-priority

Raise execution’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

Responses
Code Message Datatype

201

Created

<<>>

POST /admin/realms/{realm}/authentication/executions

Add new authentication execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

AuthenticationExecutionRepresentation
optional

AuthenticationExecutionRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/copy

Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

name of the existing authentication flow

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/execution

Add new authentication execution to a flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Alias of parent flow

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/flow

Add new flow with new execution to existing flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Alias of parent authentication flow

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/flows/{flowAlias}/executions

Get authentication executions for a flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Flow alias

null

Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/authentication/flows/{flowAlias}/executions

Update authentication executions of a Flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Flow alias

null

Body Parameter
Name Description Default Pattern

AuthenticationExecutionInfoRepresentation
optional

AuthenticationExecutionInfoRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/flows

Get authentication flows Returns a stream of authentication flows.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[AuthenticationFlowRepresentation]

DELETE /admin/realms/{realm}/authentication/flows/{id}

Delete an authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Flow id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/flows/{id}

Get authentication flow for id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Flow id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AuthenticationFlowRepresentation

PUT /admin/realms/{realm}/authentication/flows/{id}

Update an authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

AuthenticationFlowRepresentation
optional

AuthenticationFlowRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows

Create a new authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

AuthenticationFlowRepresentation
optional

AuthenticationFlowRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/form-action-providers

Get form action providers Returns a stream of form action providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/form-providers

Get form providers Returns a stream of form providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/per-client-config-description

Get configuration descriptions for all clients

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[ConfigPropertyRepresentation]

POST /admin/realms/{realm}/authentication/register-required-action

Register a new required actions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

201

Created

<<>>

DELETE /admin/realms/{realm}/authentication/required-actions/{alias}

Delete required action

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/required-actions/{alias}

Get required action for alias

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RequiredActionProviderRepresentation

POST /admin/realms/{realm}/authentication/required-actions/{alias}/lower-priority

Lower required action’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Responses
Code Message Datatype

201

Created

<<>>

PUT /admin/realms/{realm}/authentication/required-actions/{alias}

Update required action

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Body Parameter
Name Description Default Pattern

RequiredActionProviderRepresentation
optional

RequiredActionProviderRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/required-actions/{alias}/raise-priority

Raise required action’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/authentication/required-actions

Get required actions Returns a stream of required actions.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RequiredActionProviderRepresentation]

GET /admin/realms/{realm}/authentication/unregistered-required-actions

Get unregistered required actions Returns a stream of unregistered required actions.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

Client Attribute Certificate

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/download

Get a keystore file for the client, containing private key and public certificate

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

attr
required

null

Body Parameter
Name Description Default Pattern

KeyStoreConfig
optional

KeyStoreConfig

Content Type
  • application/octet-stream

Responses
Code Message Datatype

200

OK

[File]

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/generate-and-download

Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format. Only generated public certificate is saved in Keycloak DB - the private key is not.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

attr
required

null

Body Parameter
Name Description Default Pattern

KeyStoreConfig
optional

KeyStoreConfig

Content Type
  • application/octet-stream

Responses
Code Message Datatype

200

OK

[File]

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/generate

Generate a new certificate with new key pair

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

attr
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

GET /admin/realms/{realm}/clients/{id}/certificates/{attr}

Get key info

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

attr
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/upload-certificate

Upload only certificate, not private key

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

attr
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

POST /admin/realms/{realm}/clients/{id}/certificates/{attr}/upload

Upload certificate and eventually private key

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

attr
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

Client Initial Access

GET /admin/realms/{realm}/clients-initial-access

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientInitialAccessPresentation]

DELETE /admin/realms/{realm}/clients-initial-access/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients-initial-access

Create a new initial access token.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientInitialAccessCreatePresentation
optional

ClientInitialAccessCreatePresentation

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientInitialAccessPresentation

Client Registration Policy

GET /admin/realms/{realm}/client-registration-policy/providers

Base path for retrieve providers with the configProperties properly filled

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentTypeRepresentation]

Client Role Mappings

GET /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}/available

Get available client-level roles that can be mapped to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}/composite

Get effective client-level role mappings This recurses any composite roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}

Delete client-level roles from user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}

Get client-level role mappings for the user, and the app

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/groups/{id}/role-mappings/clients/{client}

Add client-level roles to the user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}/available

Get available client-level roles that can be mapped to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}/composite

Get effective client-level role mappings This recurses any composite roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}

Delete client-level roles from user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}

Get client-level role mappings for the user, and the app

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}

Add client-level roles to the user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

Client Scopes

GET /admin/realms/{realm}/client-scopes

Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{id}

Delete the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-scopes/{id}

Get representation of the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientScopeRepresentation

PUT /admin/realms/{realm}/client-scopes/{id}

Update the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/client-scopes

Create a new client scope Client Scope’s name must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates

Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

DELETE /admin/realms/{realm}/client-templates/{id}

Delete the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates/{id}

Get representation of the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientScopeRepresentation

PUT /admin/realms/{realm}/client-templates/{id}

Update the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/client-templates

Create a new client scope Client Scope’s name must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

Clients

GET /admin/realms/{realm}/clients

Get clients belonging to the realm.

Description

If a client can’t be retrieved from the storage due to a problem with the underlying storage, it is silently removed from the returned list. This ensures that concurrent modifications to the list don’t prevent callers from retrieving this list.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

clientId
optional

filter by clientId

null

first
optional

the first result

null

max
optional

the max results to return

null

q
optional

null

search
optional

whether this is a search query or a getClientById query

false

viewableOnly
optional

filter clients that cannot be viewed in full by admin

false

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientRepresentation]

GET /admin/realms/{realm}/clients/{id}/client-secret

Get the client secret

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

POST /admin/realms/{realm}/clients/{id}/client-secret

Generate a new secret for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

DELETE /admin/realms/{realm}/clients/{id}/client-secret/rotated

Invalidate the rotated secret for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{id}/client-secret/rotated

Get the rotated client secret

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

DELETE /admin/realms/{realm}/clients/{id}/default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/clients/{id}/default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{id}/default-client-scopes

Get default client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

DELETE /admin/realms/{realm}/clients/{id}

Delete the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/generate-example-access-token

Create JSON with payload of example access token

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AccessToken

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/generate-example-id-token

Create JSON with payload of example id token

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

IDToken

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/generate-example-userinfo

Create JSON with payload of example user info

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[<<>>]

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/protocol-mappers

Return list of all protocol mappers, which will be used when generating tokens issued for particular client.

Description

This means protocol mappers assigned to this client directly and protocol mappers assigned to all client scopes of this client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

scope
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperEvaluationRepresentation]

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted

Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.

Description

This contains scope mappings, which this client has directly, as well as scope mappings, which are granted to all client scopes, which are linked with this client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

roleContainerId
required

either realm name OR client UUID

null

Query Parameters
Name Description Default Pattern

scope
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted

Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.

Description

Defacto all the other roles of particular role container, which are not in {@link #getGrantedScopeMappings()}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

roleContainerId
required

either realm name OR client UUID

null

Query Parameters
Name Description Default Pattern

scope
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{id}

Get representation of the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/clients/{id}/installation/providers/{providerId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

providerId
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{id}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{id}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

DELETE /admin/realms/{realm}/clients/{id}/nodes/{node}

Unregister a cluster node from the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

node
required

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{id}/nodes

Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to Keycloak

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{id}/offline-session-count

Get application offline session count Returns a number of offline user sessions associated with this client { \"count\": number }

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/clients/{id}/offline-sessions

Get offline sessions for client Returns a list of offline user sessions associated with this client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

first
optional

Paging offset

null

max
optional

Maximum results size (defaults to 100)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

DELETE /admin/realms/{realm}/clients/{id}/optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/clients/{id}/optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{id}/optional-client-scopes

Get optional client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

POST /admin/realms/{realm}/clients/{id}/push-revocation

Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

PUT /admin/realms/{realm}/clients/{id}

Update the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ClientRepresentation
optional

ClientRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/clients/{id}/registration-access-token

Generate a new registration access token for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/clients/{id}/service-account-user

Get a user dedicated to the service account

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

UserRepresentation

GET /admin/realms/{realm}/clients/{id}/session-count

Get application session count Returns a number of user sessions associated with this client { \"count\": number }

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/clients/{id}/test-nodes-available

Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

GET /admin/realms/{realm}/clients/{id}/user-sessions

Get user sessions for client Returns a list of user sessions associated with this client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

first
optional

Paging offset

null

max
optional

Maximum results size (defaults to 100)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

POST /admin/realms/{realm}/clients

Create a new client Client’s client_id must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientRepresentation
optional

ClientRepresentation

Responses
Code Message Datatype

200

OK

<<>>

Component

GET /admin/realms/{realm}/components

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

name
optional

null

parent
optional

null

type
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentRepresentation]

DELETE /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ComponentRepresentation

PUT /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ComponentRepresentation
optional

ComponentRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/components/{id}/sub-component-types

List of subcomponent types that are available to configure for a particular parent component.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

type
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentTypeRepresentation]

POST /admin/realms/{realm}/components

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ComponentRepresentation
optional

ComponentRepresentation

Responses
Code Message Datatype

200

OK

<<>>

Groups

GET /admin/realms/{realm}/groups/count

Returns the groups counts.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

search
optional

null

top
optional

false

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/groups

Get group hierarchy. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

exact
optional

false

first
optional

null

max
optional

null

populateHierarchy
optional

true

q
optional

null

search
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/groups/{id}/children

Return a paginated list of subgroups that have a parent group corresponding to the group on the URL

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

false

first
optional

null

max
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

POST /admin/realms/{realm}/groups/{id}/children

Set or create child.

Description

This will just set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/groups/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GroupRepresentation

GET /admin/realms/{realm}/groups/{id}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/groups/{id}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

GET /admin/realms/{realm}/groups/{id}/members

Get users Returns a stream of users, filtered according to query parameters

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

Only return basic information (only guaranteed to return id, username, created, first and last name, email, enabled state, email verification state, federation link, and access. Note that it means that namely user attributes, required actions, and not before are not returned.)

null

first
optional

Pagination offset

null

max
optional

Maximum results size (defaults to 100)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

PUT /admin/realms/{realm}/groups/{id}

Update group, ignores subgroups.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/groups

create or add a top level realm groupSet or create child.

Description

This will update the group and set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation

Responses
Code Message Datatype

200

OK

<<>>

Identity Providers

POST /admin/realms/{realm}/identity-provider/import-config

Import identity provider from JSON body

Description

Import identity provider from uploaded JSON file

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

request_body
optional

[AnyType]

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[string]]

DELETE /admin/realms/{realm}/identity-provider/instances/{alias}

Delete the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}/export

Export public broker configuration for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Query Parameters
Name Description Default Pattern

format
optional

Format to use

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}

Get the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

IdentityProviderRepresentation

GET /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mapper-types

Get mapper types for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • */*

Responses
Code Message Datatype

200

OK

Map[IdentityProviderMapperTypeRepresentation]

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers

Get mappers for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[IdentityProviderMapperRepresentation]

DELETE /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Delete a mapper for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

Mapper id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Get mapper by id for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

IdentityProviderMapperRepresentation

PUT /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Update a mapper for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

Mapper id

null

Body Parameter
Name Description Default Pattern

IdentityProviderMapperRepresentation
optional

IdentityProviderMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/identity-provider/instances/{alias}/mappers

Add a mapper to identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Body Parameter
Name Description Default Pattern

IdentityProviderMapperRepresentation
optional

IdentityProviderMapperRepresentation

Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/identity-provider/instances/{alias}

Update the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Body Parameter
Name Description Default Pattern

IdentityProviderRepresentation
optional

IdentityProviderRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances

List identity providers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

Boolean which defines whether brief representations are returned (default: false)

null

first
optional

Pagination offset

null

max
optional

Maximum results size (defaults to 100)

null

search
optional

Filter specific providers by name. Search can be prefix (name*), contains (name) or exact (&quot;name&quot;). Default prefixed.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[IdentityProviderRepresentation]

POST /admin/realms/{realm}/identity-provider/instances

Create a new identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

IdentityProviderRepresentation
optional

IdentityProviderRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/providers/{provider_id}

Get the identity provider factory for that provider id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

provider_id
required

The provider id to get the factory

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

[Object]

Key

GET /admin/realms/{realm}/keys

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

KeysMetadataRepresentation

Protocol Mappers

POST /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

protocol
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

POST /admin/realms/{realm}/client-templates/{id}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/client-templates/{id}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/client-templates/{id}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{id}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/client-templates/{id}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/client-templates/{id}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates/{id}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

protocol
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

POST /admin/realms/{realm}/clients/{id}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{id}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/clients/{id}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{id}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/clients/{id}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Mapper id

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{id}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{id}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

protocol
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

Realms Admin

GET /admin/realms

Get accessible realms Returns a list of accessible realms. The list is filtered based on what realms the caller is allowed to view.

Parameters
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

false

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RealmRepresentation]

POST /admin/realms

Import a realm. Imports a realm from a full representation of that realm.

Description

Realm name must be unique.

Parameters
Body Parameter
Name Description Default Pattern

body
optional

[file]

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/admin-events

Delete all admin events

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/admin-events

Get admin events Returns all admin events, or filters events based on URL query parameters listed here

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

authClient
optional

null

authIpAddress
optional

null

authRealm
optional

null

authUser
optional

user id

null

dateFrom
optional

null

dateTo
optional

null

first
optional

null

max
optional

Maximum results size (defaults to 100)

null

operationTypes
optional

[String]

null

resourcePath
optional

null

resourceTypes
optional

[String]

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[AdminEventRepresentation]

POST /admin/realms/{realm}/client-description-converter

Base path for importing clients under this realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

body
optional

[string]

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/client-policies/policies

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientPoliciesRepresentation

PUT /admin/realms/{realm}/client-policies/policies

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientPoliciesRepresentation
optional

ClientPoliciesRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-policies/profiles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

include-global-profiles
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientProfilesRepresentation

PUT /admin/realms/{realm}/client-policies/profiles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientProfilesRepresentation
optional

ClientProfilesRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-session-stats

Get client session stats Returns a JSON map.

Description

The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

GET /admin/realms/{realm}/credential-registrators

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

DELETE /admin/realms/{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/default-default-client-scopes

Get realm default client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

GET /admin/realms/{realm}/default-groups

Get group hierarchy. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

DELETE /admin/realms/{realm}/default-groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

groupId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

groupId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/default-optional-client-scopes

Get realm optional client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

DELETE /admin/realms/{realm}

Delete the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/events/config

Get the events provider configuration Returns JSON object with events provider configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RealmEventsConfigRepresentation

PUT /admin/realms/{realm}/events/config

Description

Update the events provider Change the events provider and/or its configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

RealmEventsConfigRepresentation
optional

RealmEventsConfigRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/events

Delete all events

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/events

Get events Returns all events, or filters them based on URL query parameters listed here

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

client
optional

App or oauth client name

null

dateFrom
optional

From date

null

dateTo
optional

To date

null

first
optional

Paging offset

null

ipAddress
optional

IP Address

null

max
optional

Maximum results size (defaults to 100)

null

type
optional

The types of events to return [String]

null

user
optional

User id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[EventRepresentation]

GET /admin/realms/{realm}

Get the top-level representation of the realm It will not include nested information like User and Client representations.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RealmRepresentation

GET /admin/realms/{realm}/group-by-path/{path}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

path
required

PathSegment

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GroupRepresentation

GET /admin/realms/{realm}/localization

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

DELETE /admin/realms/{realm}/localization/{locale}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/localization/{locale}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null

Query Parameters
Name Description Default Pattern

useRealmDefaultLocaleFallback
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[string]]

DELETE /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null

Content Type
  • text/plain

Responses
Code Message Datatype

200

OK

[String]

PUT /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null

Body Parameter
Name Description Default Pattern

body
optional

[string]

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/localization/{locale}

Import localization from uploaded JSON file

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

201

Created

<<>>

POST /admin/realms/{realm}/logout-all

Removes all user sessions.

Description

Any client that has an admin url will also be told to invalidate any sessions they have.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

POST /admin/realms/{realm}/partial-export

Partial export of existing realm into a JSON file.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

exportClients
optional

null

exportGroupsAndRoles
optional

null

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/partialImport

Partial import from a JSON file to an existing realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

body
optional

[file]

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/push-revocation

Push the realm’s revocation policy to any client that has an admin url associated with it.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

PUT /admin/realms/{realm}

Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.

Description

This will only update top-level attributes of the realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

RealmRepresentation
optional

RealmRepresentation

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/sessions/{session}

Remove a specific user session.

Description

Any client that has an admin url will also be told to invalidate this particular session.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

session
required

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/testSMTPConnection

Test SMTP connection with current logged in user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users-management-permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/users-management-permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

Role Mapper

GET /admin/realms/{realm}/groups/{id}/role-mappings

Get role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/groups/{id}/role-mappings/realm/available

Get realm-level roles that can be mapped

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/groups/{id}/role-mappings/realm/composite

Get effective realm-level role mappings This will recurse all composite roles to get the result.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/groups/{id}/role-mappings/realm

Delete realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{id}/role-mappings/realm

Get realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/groups/{id}/role-mappings/realm

Add realm-level role mappings to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/users/{id}/role-mappings

Get role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/users/{id}/role-mappings/realm/available

Get realm-level roles that can be mapped

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/users/{id}/role-mappings/realm/composite

Get effective realm-level role mappings This will recurse all composite roles to get the result.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/users/{id}/role-mappings/realm

Delete realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{id}/role-mappings/realm

Get realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/users/{id}/role-mappings/realm

Add realm-level role mappings to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

Roles

GET /admin/realms/{realm}/clients/{id}/roles

Get all roles for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

first
optional

null

max
optional

null

search
optional

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{id}/roles

Create a new role for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites/clients/{clientUuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

clientUuid
required

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites

Remove roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites

Get composites of the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites

Add a composite to the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites/realm

Get realm-level roles of the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{id}/roles/{role-name}

Delete a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

role's name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}

Get a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/groups

Returns a stream of groups that have the specified role name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

the role name.

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return a full representation of the {@code GroupRepresentation} objects.

true

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{id}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{id}/roles/{role-name}

Update a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{id}/roles/{role-name}/users

Returns a stream of users that have the specified role name.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

role-name
required

the role name.

null

Query Parameters
Name Description Default Pattern

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

GET /admin/realms/{realm}/roles

Get all roles for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

first
optional

null

max
optional

null

search
optional

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles

Create a new role for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites/clients/{clientUuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientUuid
required

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles/{role-name}/composites

Remove roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites

Get composites of the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles/{role-name}/composites

Add a composite to the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites/realm

Get realm-level roles of the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles/{role-name}

Delete a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles/{role-name}

Get a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/roles/{role-name}/groups

Returns a stream of groups that have the specified role name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

the role name.

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return a full representation of the {@code GroupRepresentation} objects.

true

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles/{role-name}

Update a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/roles/{role-name}/users

Returns a stream of users that have the specified role name.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

the role name.

null

Query Parameters
Name Description Default Pattern

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

Roles (by ID)

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/clients/{clientUuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientUuid
required

null

role-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles-by-id/{role-id}/composites

Remove a set of roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

Role id

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites

Get role’s children Returns a set of role’s children provided the role is a composite.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Query Parameters
Name Description Default Pattern

first
optional

null

max
optional

null

search
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles-by-id/{role-id}/composites

Make the role a composite role by associating some child roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/realm

Get realm-level roles that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles-by-id/{role-id}

Delete the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}

Get a specific role’s representation

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles-by-id/{role-id}

Update the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

Scope Mappings

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/client-templates/{id}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-templates/{id}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-templates/{id}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{id}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-templates/{id}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/client-templates/{id}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/client-templates/{id}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-templates/{id}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-templates/{id}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{id}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-templates/{id}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{id}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/clients/{id}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{id}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{id}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{id}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{id}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

201

Created

<<>>

Users

GET /admin/realms/{realm}/users/count

Returns the number of users that match the given criteria.

Description

It can be called in three different ways. 1. Don’t specify any criteria and pass {@code null}. The number of all users within that realm will be returned. <p> 2. If {@code search} is specified other criteria such as {@code last} will be ignored even though you set them. The {@code search} string will be matched against the first and last name, the username and the email of a user. <p> 3. If {@code search} is unspecified but any of {@code last}, {@code first}, {@code email} or {@code username} those criteria are matched against their respective fields on a user entity. Combined with a logical and.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

email
optional

email filter

null

emailVerified
optional

null

enabled
optional

Boolean representing if user is enabled or not

null

firstName
optional

first name filter

null

lastName
optional

last name filter

null

q
optional

null

search
optional

arbitrary search string for all the fields below. Default search behavior is prefix-based (e.g., foo or foo*). Use foo for infix search and &quot;foo&quot; for exact search.

null

username
optional

username filter

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

[Integer]

GET /admin/realms/{realm}/users

Get users Returns a stream of users, filtered according to query parameters.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

Boolean which defines whether brief representations are returned (default: false)

null

email
optional

A String contained in email, or the complete email, if param &quot;exact&quot; is true

null

emailVerified
optional

whether the email has been verified

null

enabled
optional

Boolean representing if user is enabled or not

null

exact
optional

Boolean which defines whether the params &quot;last&quot;, &quot;first&quot;, &quot;email&quot; and &quot;username&quot; must match exactly

null

first
optional

Pagination offset

null

firstName
optional

A String contained in firstName, or the complete firstName, if param &quot;exact&quot; is true

null

idpAlias
optional

The alias of an Identity Provider linked to the user

null

idpUserId
optional

The userId at an Identity Provider linked to the user

null

lastName
optional

A String contained in lastName, or the complete lastName, if param &quot;exact&quot; is true

null

max
optional

Maximum results size (defaults to 100)

null

q
optional

A query to search for custom attributes, in the format 'key1:value2 key2:value2'

null

search
optional

A String contained in username, first or last name, or email. Default search behavior is prefix-based (e.g., foo or foo*). Use foo for infix search and &quot;foo&quot; for exact search.

null

username
optional

A String contained in username, or the complete username, if param &quot;exact&quot; is true

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

GET /admin/realms/{realm}/users/{id}/configured-user-storage-credential-types

Return credential types, which are provided by the user storage where user is stored.

Description

Returned values can contain for example \"password\", \"otp\" etc. This will always return empty list for \"local\" users, which are not backed by any user storage

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

DELETE /admin/realms/{realm}/users/{id}/consents/{client}

Revoke consent and offline tokens for particular client from user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

client
required

Client id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{id}/consents

Get consents granted by the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

DELETE /admin/realms/{realm}/users/{id}/credentials/{credentialId}

Remove a credential for a user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

credentialId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId}

Move a credential to a position behind another credential

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

credentialId
required

The credential to move

null

newPreviousCredentialId
required

The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.

null

Responses
Code Message Datatype

201

Created

<<>>

POST /admin/realms/{realm}/users/{id}/credentials/{credentialId}/moveToFirst

Move a credential to a first position in the credentials list of the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

credentialId
required

The credential to move

null

Responses
Code Message Datatype

201

Created

<<>>

PUT /admin/realms/{realm}/users/{id}/credentials/{credentialId}/userLabel

Update a credential label for a user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

credentialId
required

null

Body Parameter
Name Description Default Pattern

body
optional

[string]

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{id}/credentials

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[CredentialRepresentation]

DELETE /admin/realms/{realm}/users/{id}

Delete the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/users/{id}/disable-credential-types

Disable all credentials for a user of a specific type

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

string
optional

[string]

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/users/{id}/execute-actions-email

Send an email to the user with a link they can click to execute particular actions.

Description

An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

string
optional

[string]

Query Parameters
Name Description Default Pattern

client_id
optional

Client id

null

lifespan
optional

Number of seconds after which the generated token expires

null

redirect_uri
optional

Redirect uri

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users/{id}/federated-identity

Get social logins associated with the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[FederatedIdentityRepresentation]

DELETE /admin/realms/{realm}/users/{id}/federated-identity/{provider}

Remove a social login provider from user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

provider
required

Social login provider id

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/users/{id}/federated-identity/{provider}

Add a social login provider to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

provider
required

Social login provider id

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users/{id}

Get representation of the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

userProfileMetadata
optional

Indicates if the user profile metadata should be added to the response

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

UserRepresentation

GET /admin/realms/{realm}/users/{id}/groups/count

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

search
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/users/{id}/groups

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

first
optional

null

max
optional

null

search
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

DELETE /admin/realms/{realm}/users/{id}/groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

groupId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/users/{id}/groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

groupId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/users/{id}/impersonation

Impersonate the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[<<>>]

POST /admin/realms/{realm}/users/{id}/logout

Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/users/{id}/offline-sessions/{clientUuid}

Get offline sessions associated with the user and client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

clientUuid
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

PUT /admin/realms/{realm}/users/{id}

Update the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

UserRepresentation
optional

UserRepresentation

Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/users/{id}/reset-password-email

Send an email to the user with a link they can click to reset their password.

Description

The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

client_id
optional

client id

null

redirect_uri
optional

redirect uri

null

Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/users/{id}/reset-password

Set up a new password for the user.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

CredentialRepresentation
optional

CredentialRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/users/{id}/send-verify-email

Send an email-verification email to the user An email contains a link the user can click to verify their email address.

Description

The redirectUri and clientId parameters are optional. The default for the redirect is the account client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

client_id
optional

Client id

null

redirect_uri
optional

Redirect uri

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users/{id}/sessions

Get sessions associated with the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

POST /admin/realms/{realm}/users

Create a new user Username must be unique.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

UserRepresentation
optional

UserRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users/profile

Description

Get the configuration for the user profile

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

UPConfig

GET /admin/realms/{realm}/users/profile/metadata

Description

Get the UserProfileMetadata from the configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

UserProfileMetadata

PUT /admin/realms/{realm}/users/profile

Description

Set the configuration for the user profile

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

UPConfig
optional

UPConfig

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

UPConfig

Definitions

Access

Name Type Format

roles
optional

Set of [string]

verify_caller
optional

Boolean

AccessToken

Name Type Format

jti
optional

String

exp
optional

Long

int64

nbf
optional

Long

int64

iat
optional

Long

int64

iss
optional

String

sub
optional

String

typ
optional

String

azp
optional

String

otherClaims
optional

Map of [AnyType]

nonce
optional

String

auth_time
optional

Long

int64

session_state
optional

String

at_hash
optional

String

c_hash
optional

String

name
optional

String

given_name
optional

String

family_name
optional

String

middle_name
optional

String

nickname
optional

String

preferred_username
optional

String

profile
optional

String

picture
optional

String

website
optional

String

email
optional

String

email_verified
optional

Boolean

gender
optional

String

birthdate
optional

String

zoneinfo
optional

String

locale
optional

String

phone_number
optional

String

phone_number_verified
optional

Boolean

address
optional

AddressClaimSet

updated_at
optional

Long

int64

claims_locales
optional

String

acr
optional

String

s_hash
optional

String

authTime
optional

Integer

int32

sid
optional

String

trusted-certs
optional

Set of [string]

allowed-origins
optional

Set of [string]

realm_access
optional

Access

resource_access
optional

Map of Access

authorization
optional

Authorization

cnf
optional

Confirmation

scope
optional

String

AddressClaimSet

Name Type Format

formatted
optional

String

street_address
optional

String

locality
optional

String

region
optional

String

postal_code
optional

String

country
optional

String

AdminEventRepresentation

Name Type Format

time
optional

Long

int64

realmId
optional

String

authDetails
optional

AuthDetailsRepresentation

operationType
optional

String

resourceType
optional

String

resourcePath
optional

String

representation
optional

String

error
optional

String

ApplicationRepresentation

Name Type Format

id
optional

String

clientId
optional

String

description
optional

String

rootUrl
optional

String

adminUrl
optional

String

baseUrl
optional

String

surrogateAuthRequired
optional

Boolean

enabled
optional

Boolean

alwaysDisplayInConsole
optional

Boolean

clientAuthenticatorType
optional

String

secret
optional

String

registrationAccessToken
optional

String

defaultRoles
optional

List of [string]

redirectUris
optional

List of [string]

webOrigins
optional

List of [string]

notBefore
optional

Integer

int32

bearerOnly
optional

Boolean

consentRequired
optional

Boolean

standardFlowEnabled
optional

Boolean

implicitFlowEnabled
optional

Boolean

directAccessGrantsEnabled
optional

Boolean

serviceAccountsEnabled
optional

Boolean

oauth2DeviceAuthorizationGrantEnabled
optional

Boolean

authorizationServicesEnabled
optional

Boolean

directGrantsOnly
optional

Boolean

publicClient
optional

Boolean

frontchannelLogout
optional

Boolean

protocol
optional

String

attributes
optional

Map of [string]

authenticationFlowBindingOverrides
optional

Map of [string]

fullScopeAllowed
optional

Boolean

nodeReRegistrationTimeout
optional

Integer

int32

registeredNodes
optional

Map of [integer]

int32

protocolMappers
optional

List of ProtocolMapperRepresentation

clientTemplate
optional

String

useTemplateConfig
optional

Boolean

useTemplateScope
optional

Boolean

useTemplateMappers
optional

Boolean

defaultClientScopes
optional

List of [string]

optionalClientScopes
optional

List of [string]

authorizationSettings
optional

ResourceServerRepresentation

access
optional

Map of [boolean]

origin
optional

String

name
optional

String

claims
optional

ApplicationRepresentation_claims

ApplicationRepresentationClaims

Name Type Format

name
optional

Boolean

username
optional

Boolean

profile
optional

Boolean

picture
optional

Boolean

website
optional

Boolean

email
optional

Boolean

gender
optional

Boolean

locale
optional

Boolean

address
optional

Boolean

phone
optional

Boolean

AuthDetailsRepresentation

Name Type Format

realmId
optional

String

clientId
optional

String

userId
optional

String

ipAddress
optional

String

AuthenticationExecutionExportRepresentation

Name Type Format

authenticatorConfig
optional

String

authenticator
optional

String

authenticatorFlow
optional

Boolean

requirement
optional

String

priority
optional

Integer

int32

autheticatorFlow
optional

Boolean

flowAlias
optional

String

userSetupAllowed
optional

Boolean

AuthenticationExecutionInfoRepresentation

Name Type Format

id
optional

String

requirement
optional

String

displayName
optional

String

alias
optional

String

description
optional

String

requirementChoices
optional

List of [string]

configurable
optional

Boolean

authenticationFlow
optional

Boolean

providerId
optional

String

authenticationConfig
optional

String

flowId
optional

String

level
optional

Integer

int32

index
optional

Integer

int32

AuthenticationExecutionRepresentation

Name Type Format

authenticatorConfig
optional

String

authenticator
optional

String

authenticatorFlow
optional

Boolean

requirement
optional

String

priority
optional

Integer

int32

autheticatorFlow
optional

Boolean

id
optional

String

flowId
optional

String

parentFlow
optional

String

AuthenticationFlowRepresentation

Name Type Format

id
optional

String

alias
optional

String

description
optional

String

providerId
optional

String

topLevel
optional

Boolean

builtIn
optional

Boolean

authenticationExecutions
optional

List of AuthenticationExecutionExportRepresentation

AuthenticatorConfigInfoRepresentation

Name Type Format

name
optional

String

providerId
optional

String

helpText
optional

String

properties
optional

List of ConfigPropertyRepresentation

AuthenticatorConfigRepresentation

Name Type Format

id
optional

String

alias
optional

String

config
optional

Map of [string]

Authorization

Name Type Format

permissions
optional

List of Permission

CertificateRepresentation

Name Type Format

privateKey
optional

String

publicKey
optional

String

certificate
optional

String

kid
optional

String

ClaimRepresentation

Name Type Format

name
optional

Boolean

username
optional

Boolean

profile
optional

Boolean

picture
optional

Boolean

website
optional

Boolean

email
optional

Boolean

gender
optional