Overview

This is a REST API reference for the Keycloak Admin REST API.

Version information

Version: 1.0

URI scheme

{base url}/admin/realms

OpenAPI Definitions

The OpenAPI definitions are a feature that is currently in preview. Please provide your feedback by joining this discussion while we’re continuing to work on this. If you find something is outdated or wrong, create a GitHub issue and provide a pull request.

Resources

Attack Detection

DELETE /admin/realms/{realm}/attack-detection/brute-force/users

Clear any user login failures for all users This can release temporary disabled users

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/attack-detection/brute-force/users/{userId}

Clear any user login failures for the user This can release temporary disabled user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

userId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/attack-detection/brute-force/users/{userId}

Get status of a username in brute force detection

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

userId
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[<<>>]

Authentication Management

GET /admin/realms/{realm}/authentication/authenticator-providers

Get authenticator providers Returns a stream of authenticator providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/client-authenticator-providers

Get client authenticator providers Returns a stream of client authenticator providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/config-description/{providerId}

Get authenticator provider’s configuration description

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

providerId
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigInfoRepresentation

DELETE /admin/realms/{realm}/authentication/config/{id}

Delete authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/config/{id}

Get authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigRepresentation

PUT /admin/realms/{realm}/authentication/config/{id}

Update authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null

Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/config

Create new authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/executions/{executionId}/config/{id}

Get execution’s configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

id
required

Configuration id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigRepresentation

POST /admin/realms/{realm}/authentication/executions/{executionId}/config

Update execution with new configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/authentication/executions/{executionId}

Delete execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/executions/{executionId}

Get Single Execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

null

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/executions/{executionId}/lower-priority

Lower execution’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/executions/{executionId}/raise-priority

Raise execution’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/executions

Add new authentication execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

AuthenticationExecutionRepresentation
optional

AuthenticationExecutionRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/copy

Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

name of the existing authentication flow

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/execution

Add new authentication execution to a flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Alias of parent flow

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/flow

Add new flow with new execution to existing flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Alias of parent authentication flow

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/flows/{flowAlias}/executions

Get authentication executions for a flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Flow alias

null

Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/authentication/flows/{flowAlias}/executions

Update authentication executions of a Flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Flow alias

null

Body Parameter
Name Description Default Pattern

AuthenticationExecutionInfoRepresentation
optional

AuthenticationExecutionInfoRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/flows

Get authentication flows Returns a stream of authentication flows.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[AuthenticationFlowRepresentation]

DELETE /admin/realms/{realm}/authentication/flows/{id}

Delete an authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Flow id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/flows/{id}

Get authentication flow for id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Flow id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AuthenticationFlowRepresentation

PUT /admin/realms/{realm}/authentication/flows/{id}

Update an authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

AuthenticationFlowRepresentation
optional

AuthenticationFlowRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows

Create a new authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

AuthenticationFlowRepresentation
optional

AuthenticationFlowRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/form-action-providers

Get form action providers Returns a stream of form action providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/form-providers

Get form providers Returns a stream of form providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/per-client-config-description

Get configuration descriptions for all clients

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[ConfigPropertyRepresentation]

POST /admin/realms/{realm}/authentication/register-required-action

Register a new required actions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/authentication/required-actions/{alias}

Delete required action

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/required-actions/{alias}

Get required action for alias

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RequiredActionProviderRepresentation

POST /admin/realms/{realm}/authentication/required-actions/{alias}/lower-priority

Lower required action’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/authentication/required-actions/{alias}

Update required action

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Body Parameter
Name Description Default Pattern

RequiredActionProviderRepresentation
optional

RequiredActionProviderRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/required-actions/{alias}/raise-priority

Raise required action’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/required-actions

Get required actions Returns a stream of required actions.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RequiredActionProviderRepresentation]

GET /admin/realms/{realm}/authentication/unregistered-required-actions

Get unregistered required actions Returns a stream of unregistered required actions.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

Client Attribute Certificate

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/download

Get a keystore file for the client, containing private key and public certificate

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null

Body Parameter
Name Description Default Pattern

KeyStoreConfig
optional

KeyStoreConfig

Content Type
  • application/octet-stream

Responses
Code Message Datatype

200

OK

[File]

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate-and-download

Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format. Only generated public certificate is saved in Keycloak DB - the private key is not.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null

Body Parameter
Name Description Default Pattern

KeyStoreConfig
optional

KeyStoreConfig

Content Type
  • application/octet-stream

Responses
Code Message Datatype

200

OK

[File]

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate

Generate a new certificate with new key pair

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}

Get key info

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/upload-certificate

Upload only certificate, not private key

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/upload

Upload certificate and eventually private key

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

Client Initial Access

GET /admin/realms/{realm}/clients-initial-access

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientInitialAccessPresentation]

DELETE /admin/realms/{realm}/clients-initial-access/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients-initial-access

Create a new initial access token.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientInitialAccessCreatePresentation
optional

ClientInitialAccessCreatePresentation

Content Type
  • application/json

Responses
Code Message Datatype

201

Created

ClientInitialAccessCreatePresentation

Client Registration Policy

GET /admin/realms/{realm}/client-registration-policy/providers

Base path for retrieve providers with the configProperties properly filled

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentTypeRepresentation]

Client Role Mappings

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}/available

Get available client-level roles that can be mapped to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}/composite

Get effective client-level role mappings This recurses any composite roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}

Delete client-level roles from user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}

Get client-level role mappings for the user, and the app

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}

Add client-level roles to the user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}/available

Get available client-level roles that can be mapped to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}/composite

Get effective client-level role mappings This recurses any composite roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}

Delete client-level roles from user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}

Get client-level role mappings for the user, and the app

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}

Add client-level roles to the user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

Client Scopes

DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}

Delete the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}

Get representation of the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientScopeRepresentation

PUT /admin/realms/{realm}/client-scopes/{client-scope-id}

Update the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-scopes

Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

POST /admin/realms/{realm}/client-scopes

Create a new client scope Client Scope’s name must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/client-templates/{client-scope-id}

Delete the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}

Get representation of the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientScopeRepresentation

PUT /admin/realms/{realm}/client-templates/{client-scope-id}

Update the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates

Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

POST /admin/realms/{realm}/client-templates

Create a new client scope Client Scope’s name must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

Clients

GET /admin/realms/{realm}/clients/{client-uuid}/client-secret

Get the client secret

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

POST /admin/realms/{realm}/clients/{client-uuid}/client-secret

Generate a new secret for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

DELETE /admin/realms/{realm}/clients/{client-uuid}/client-secret/rotated

Invalidate the rotated secret for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/client-secret/rotated

Get the rotated client secret

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

DELETE /admin/realms/{realm}/clients/{client-uuid}/default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/default-client-scopes

Get default client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}

Delete the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-access-token

Create JSON with payload of example access token

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AccessToken

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-id-token

Create JSON with payload of example id token

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

IDToken

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-userinfo

Create JSON with payload of example user info

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[<<>>]

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/protocol-mappers

Return list of all protocol mappers, which will be used when generating tokens issued for particular client.

Description

This means protocol mappers assigned to this client directly and protocol mappers assigned to all client scopes of this client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

scope
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperEvaluationRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/granted

Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.

Description

This contains scope mappings, which this client has directly, as well as scope mappings, which are granted to all client scopes, which are linked with this client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

roleContainerId
required

either realm name OR client UUID

null

Query Parameters
Name Description Default Pattern

scope
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted

Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.

Description

Defacto all the other roles of particular role container, which are not in {@link #getGrantedScopeMappings()}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

roleContainerId
required

either realm name OR client UUID

null

Query Parameters
Name Description Default Pattern

scope
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}

Get representation of the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/installation/providers/{providerId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

providerId
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{client-uuid}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

DELETE /admin/realms/{realm}/clients/{client-uuid}/nodes/{node}

Unregister a cluster node from the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

node
required

null

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/nodes

Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to Keycloak

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/offline-session-count

Get application offline session count Returns a number of offline user sessions associated with this client { \"count\": number }

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/clients/{client-uuid}/offline-sessions

Get offline sessions for client Returns a list of offline user sessions associated with this client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

first
optional

Paging offset

null

max
optional

Maximum results size (defaults to 100)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/optional-client-scopes

Get optional client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/push-revocation

Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

PUT /admin/realms/{realm}/clients/{client-uuid}

Update the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

ClientRepresentation
optional

ClientRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/registration-access-token

Generate a new registration access token for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/service-account-user

Get a user dedicated to the service account

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

UserRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/session-count

Get application session count Returns a number of user sessions associated with this client { \"count\": number }

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/clients/{client-uuid}/test-nodes-available

Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

GET /admin/realms/{realm}/clients/{client-uuid}/user-sessions

Get user sessions for client Returns a list of user sessions associated with this client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

first
optional

Paging offset

null

max
optional

Maximum results size (defaults to 100)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

GET /admin/realms/{realm}/clients

Get clients belonging to the realm.

Description

If a client can’t be retrieved from the storage due to a problem with the underlying storage, it is silently removed from the returned list. This ensures that concurrent modifications to the list don’t prevent callers from retrieving this list.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

clientId
optional

filter by clientId

null

first
optional

the first result

null

max
optional

the max results to return

null

q
optional

null

search
optional

whether this is a search query or a getClientById query

false

viewableOnly
optional

filter clients that cannot be viewed in full by admin

false

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientRepresentation]

POST /admin/realms/{realm}/clients

Create a new client Client’s client_id must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientRepresentation
optional

ClientRepresentation

Responses
Code Message Datatype

201

Created

<<>>

Component

GET /admin/realms/{realm}/components

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

name
optional

null

parent
optional

null

type
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentRepresentation]

DELETE /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ComponentRepresentation

PUT /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Body Parameter
Name Description Default Pattern

ComponentRepresentation
optional

ComponentRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/components/{id}/sub-component-types

List of subcomponent types that are available to configure for a particular parent component.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null

Query Parameters
Name Description Default Pattern

type
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentTypeRepresentation]

POST /admin/realms/{realm}/components

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ComponentRepresentation
optional

ComponentRepresentation

Responses
Code Message Datatype

200

OK

<<>>

default

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ResourceServerRepresentation

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/import

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

ResourceServerRepresentation
optional

ResourceServerRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/evaluate

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

PolicyEvaluationRequest
optional

PolicyEvaluationRequest

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

PolicyEvaluationResponse

500

Internal Server Error

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

fields
optional

null

first
optional

null

max
optional

null

name
optional

null

owner
optional

null

permission
optional

null

policyId
optional

null

resource
optional

null

scope
optional

null

type
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[AbstractPolicyRepresentation]

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

body
optional

[string]

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/providers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[PolicyProviderRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/search

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

fields
optional

null

name
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AbstractPolicyRepresentation

204

No Content

<<>>

400

Bad Request

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/evaluate

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

PolicyEvaluationRequest
optional

PolicyEvaluationRequest

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

PolicyEvaluationResponse

500

Internal Server Error

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

fields
optional

null

first
optional

null

max
optional

null

name
optional

null

owner
optional

null

permission
optional

null

policyId
optional

null

resource
optional

null

scope
optional

null

type
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[AbstractPolicyRepresentation]

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

body
optional

[string]

Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/providers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[PolicyProviderRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/search

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

fields
optional

null

name
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

AbstractPolicyRepresentation

204

No Content

<<>>

400

Bad Request

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

ResourceServerRepresentation
optional

ResourceServerRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ResourceRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

ResourceRepresentation
optional

ResourceRepresentation

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

201

Created

ResourceRepresentation

400

Bad Request

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/attributes

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

Responses
Code Message Datatype

204

No Content

<<>>

404

Not Found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ResourceRepresentation

404

Not found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[PolicyRepresentation]

404

Not found

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null

Body Parameter
Name Description Default Pattern

ResourceRepresentation
optional

ResourceRepresentation

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

Responses
Code Message Datatype

204

No Content

<<>>

404

Not Found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/scopes

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ScopeRepresentation]

404

Not found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/search

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

name
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ResourceRepresentation

400

Bad Request

<<>>

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

first
optional

null

max
optional

null

name
optional

null

scopeId
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ScopeRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

ScopeRepresentation
optional

ScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ScopeRepresentation

404

Not found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[PolicyRepresentation]

404

Not found

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null

Body Parameter
Name Description Default Pattern

ScopeRepresentation
optional

ScopeRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/resources

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ResourceRepresentation]

404

Not found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/search

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

name
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ScopeRepresentation]

204

No Content

<<>>

400

Bad Request

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/settings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ResourceServerRepresentation

Groups

GET /admin/realms/{realm}/groups/count

Returns the groups counts.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

search
optional

null

top
optional

false

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/groups

Get group hierarchy. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

exact
optional

false

first
optional

null

max
optional

null

populateHierarchy
optional

true

q
optional

null

search
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/groups/{group-id}/children

Return a paginated list of subgroups that have a parent group corresponding to the group on the URL

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

false

first
optional

null

max
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

POST /admin/realms/{realm}/groups/{group-id}/children

Set or create child.

Description

This will just set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/groups/{group-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{group-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GroupRepresentation

GET /admin/realms/{realm}/groups/{group-id}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/groups/{group-id}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

GET /admin/realms/{realm}/groups/{group-id}/members

Get users Returns a stream of users, filtered according to query parameters

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

Only return basic information (only guaranteed to return id, username, created, first and last name, email, enabled state, email verification state, federation link, and access. Note that it means that namely user attributes, required actions, and not before are not returned.)

null

first
optional

Pagination offset

null

max
optional

Maximum results size (defaults to 100)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

PUT /admin/realms/{realm}/groups/{group-id}

Update group, ignores subgroups.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/groups

create or add a top level realm groupSet or create child.

Description

This will update the group and set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation

Responses
Code Message Datatype

200

OK

<<>>

Identity Providers

POST /admin/realms/{realm}/identity-provider/import-config

Import identity provider from JSON body

Description

Import identity provider from uploaded JSON file

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

request_body
optional

[AnyType]

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[string]]

DELETE /admin/realms/{realm}/identity-provider/instances/{alias}

Delete the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}/export

Export public broker configuration for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Query Parameters
Name Description Default Pattern

format
optional

Format to use

null

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}

Get the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

IdentityProviderRepresentation

GET /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mapper-types

Get mapper types for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • */*

Responses
Code Message Datatype

200

OK

Map[IdentityProviderMapperTypeRepresentation]

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers

Get mappers for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[IdentityProviderMapperRepresentation]

DELETE /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Delete a mapper for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

Mapper id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Get mapper by id for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

IdentityProviderMapperRepresentation

PUT /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Update a mapper for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

Mapper id

null

Body Parameter
Name Description Default Pattern

IdentityProviderMapperRepresentation
optional

IdentityProviderMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/identity-provider/instances/{alias}/mappers

Add a mapper to identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Body Parameter
Name Description Default Pattern

IdentityProviderMapperRepresentation
optional

IdentityProviderMapperRepresentation

Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/identity-provider/instances/{alias}

Update the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Body Parameter
Name Description Default Pattern

IdentityProviderRepresentation
optional

IdentityProviderRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}/reload-keys

Reaload keys for the identity provider if the provider supports it, \"true\" is returned if reload was performed, \"false\" if not.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

[Boolean]

GET /admin/realms/{realm}/identity-provider/instances

List identity providers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

Boolean which defines whether brief representations are returned (default: false)

null

first
optional

Pagination offset

null

max
optional

Maximum results size (defaults to 100)

null

search
optional

Filter specific providers by name. Search can be prefix (name*), contains (name) or exact (&quot;name&quot;). Default prefixed.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[IdentityProviderRepresentation]

POST /admin/realms/{realm}/identity-provider/instances

Create a new identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

IdentityProviderRepresentation
optional

IdentityProviderRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/providers/{provider_id}

Get the identity provider factory for that provider id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

provider_id
required

The provider id to get the factory

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

[Object]

Key

GET /admin/realms/{realm}/keys

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

KeysMetadataRepresentation

Protocol Mappers

POST /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

protocol
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

POST /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

protocol
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

id
required

Mapper id

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

id
required

Mapper id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

id
required

Mapper id

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

protocol
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

Realms Admin

GET /admin/realms

Get accessible realms Returns a list of accessible realms. The list is filtered based on what realms the caller is allowed to view.

Parameters
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

false

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RealmRepresentation]

POST /admin/realms

Import a realm. Imports a realm from a full representation of that realm.

Description

Realm name must be unique.

Parameters
Body Parameter
Name Description Default Pattern

body
optional

[file]

Responses
Code Message Datatype

201

Created

<<>>

DELETE /admin/realms/{realm}/admin-events

Delete all admin events

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/admin-events

Get admin events Returns all admin events, or filters events based on URL query parameters listed here

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

authClient
optional

null

authIpAddress
optional

null

authRealm
optional

null

authUser
optional

user id

null

dateFrom
optional

null

dateTo
optional

null

first
optional

null

max
optional

Maximum results size (defaults to 100)

null

operationTypes
optional

[String]

null

resourcePath
optional

null

resourceTypes
optional

[String]

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[AdminEventRepresentation]

POST /admin/realms/{realm}/client-description-converter

Base path for importing clients under this realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

body
optional

[string]

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/client-policies/policies

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientPoliciesRepresentation

PUT /admin/realms/{realm}/client-policies/policies

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientPoliciesRepresentation
optional

ClientPoliciesRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-policies/profiles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

include-global-profiles
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ClientProfilesRepresentation

PUT /admin/realms/{realm}/client-policies/profiles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ClientProfilesRepresentation
optional

ClientProfilesRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-session-stats

Get client session stats Returns a JSON map.

Description

The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

GET /admin/realms/{realm}/credential-registrators

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

DELETE /admin/realms/{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/default-default-client-scopes

Get realm default client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

GET /admin/realms/{realm}/default-groups

Get group hierarchy. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

DELETE /admin/realms/{realm}/default-groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

groupId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

groupId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/default-optional-client-scopes

Get realm optional client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

DELETE /admin/realms/{realm}

Delete the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/events/config

Get the events provider configuration Returns JSON object with events provider configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RealmEventsConfigRepresentation

PUT /admin/realms/{realm}/events/config

Description

Update the events provider Change the events provider and/or its configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

RealmEventsConfigRepresentation
optional

RealmEventsConfigRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/events

Delete all events

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/events

Get events Returns all events, or filters them based on URL query parameters listed here

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

client
optional

App or oauth client name

null

dateFrom
optional

From date

null

dateTo
optional

To date

null

first
optional

Paging offset

null

ipAddress
optional

IP Address

null

max
optional

Maximum results size (defaults to 100)

null

type
optional

The types of events to return [String]

null

user
optional

User id

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[EventRepresentation]

GET /admin/realms/{realm}

Get the top-level representation of the realm It will not include nested information like User and Client representations.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RealmRepresentation

GET /admin/realms/{realm}/group-by-path/{path}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

path
required

PathSegment

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GroupRepresentation

GET /admin/realms/{realm}/localization

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

DELETE /admin/realms/{realm}/localization/{locale}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/localization/{locale}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null

Query Parameters
Name Description Default Pattern

useRealmDefaultLocaleFallback
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

Map[[string]]

DELETE /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null

Content Type
  • text/plain

Responses
Code Message Datatype

200

OK

[String]

PUT /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null

Body Parameter
Name Description Default Pattern

body
optional

[string]

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/localization/{locale}

Import localization from uploaded JSON file

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/logout-all

Removes all user sessions.

Description

Any client that has an admin url will also be told to invalidate any sessions they have.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

POST /admin/realms/{realm}/partial-export

Partial export of existing realm into a JSON file.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

exportClients
optional

null

exportGroupsAndRoles
optional

null

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/partialImport

Partial import from a JSON file to an existing realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

body
optional

[file]

Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/push-revocation

Push the realm’s revocation policy to any client that has an admin url associated with it.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

PUT /admin/realms/{realm}

Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.

Description

This will only update top-level attributes of the realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

RealmRepresentation
optional

RealmRepresentation

Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/sessions/{session}

Remove a specific user session.

Description

Any client that has an admin url will also be told to invalidate this particular session.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

session
required

null

Query Parameters
Name Description Default Pattern

isOffline
optional

false

Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/testSMTPConnection

Test SMTP connection with current logged in user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

request_body
optional

[string]

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users-management-permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/users-management-permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

Role Mapper

GET /admin/realms/{realm}/groups/{group-id}/role-mappings

Get role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm/available

Get realm-level roles that can be mapped

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm/composite

Get effective realm-level role mappings This will recurse all composite roles to get the result.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/groups/{group-id}/role-mappings/realm

Delete realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm

Get realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/groups/{group-id}/role-mappings/realm

Add realm-level role mappings to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/role-mappings

Get role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm/available

Get realm-level roles that can be mapped

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm/composite

Get effective realm-level role mappings This will recurse all composite roles to get the result.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/users/{user-id}/role-mappings/realm

Delete realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm

Get realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/users/{user-id}/role-mappings/realm

Add realm-level role mappings to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

Roles

GET /admin/realms/{realm}/clients/{client-uuid}/roles

Get all roles for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

first
optional

null

max
optional

null

search
optional

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/roles

Create a new role for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites/clients/{client-uuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites

Remove roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites

Get composites of the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites

Add a composite to the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites/realm

Get realm-level roles of the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}

Delete a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}

Get a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/groups

Returns a stream of groups that have the specified role name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

the role name.

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return a full representation of the {@code GroupRepresentation} objects.

true

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}

Update a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/users

Returns a stream of users that have the specified role name.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

the role name.

null

Query Parameters
Name Description Default Pattern

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

GET /admin/realms/{realm}/roles

Get all roles for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

first
optional

null

max
optional

null

search
optional

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles

Create a new role for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites/clients/{client-uuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles/{role-name}/composites

Remove roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites

Get composites of the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles/{role-name}/composites

Add a composite to the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites/realm

Get realm-level roles of the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles/{role-name}

Delete a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles/{role-name}

Get a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/roles/{role-name}/groups

Returns a stream of groups that have the specified role name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

the role name.

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return a full representation of the {@code GroupRepresentation} objects.

true

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles/{role-name}

Update a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/roles/{role-name}/users

Returns a stream of users that have the specified role name.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

the role name.

null

Query Parameters
Name Description Default Pattern

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

Roles (by ID)

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/clients/{clientUuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientUuid
required

null

role-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles-by-id/{role-id}/composites

Remove a set of roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

Role id

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites

Get role’s children Returns a set of role’s children provided the role is a composite.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Query Parameters
Name Description Default Pattern

first
optional

null

max
optional

null

search
optional

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles-by-id/{role-id}/composites

Make the role a composite role by associating some child roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/realm

Get realm-level roles that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles-by-id/{role-id}

Delete the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}

Get a specific role’s representation

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null

Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles-by-id/{role-id}

Update the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

Scope Mappings

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Content Type
  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation

Responses
Code Message Datatype

204

No Content

<<>>

Users

GET /admin/realms/{realm}/users/count

Returns the number of users that match the given criteria.

Description

It can be called in three different ways. 1. Don’t specify any criteria and pass {@code null}. The number of all users within that realm will be returned. <p> 2. If {@code search} is specified other criteria such as {@code last} will be ignored even though you set them. The {@code search} string will be matched against the first and last name, the username and the email of a user. <p> 3. If {@code search} is unspecified but any of {@code last}, {@code first}, {@code email} or {@code username} those criteria are matched against their respective fields on a user entity. Combined with a logical and.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

Query Parameters
Name Description Default Pattern

email