Overview

This is a REST API reference for the Keycloak Admin REST API.

Version information

Version: 1.0

URI scheme

{base url}/admin/realms

For example http://localhost:8080/admin/realms

OpenAPI Definitions

The OpenAPI definitions are a feature that is currently in preview. Please provide your feedback by joining this discussion while we’re continuing to work on this. If you find something is outdated or wrong, create a GitHub issue and provide a pull request.

Resources

Attack Detection

DELETE /admin/realms/{realm}/attack-detection/brute-force/users

Clear any user login failures for all users This can release temporary disabled users

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/attack-detection/brute-force/users/{userId}

Clear any user login failures for the user This can release temporary disabled user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

userId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/attack-detection/brute-force/users/{userId}

Get status of a username in brute force detection

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

userId
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[<<>>]

Authentication Management

GET /admin/realms/{realm}/authentication/authenticator-providers

Get authenticator providers Returns a stream of authenticator providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/client-authenticator-providers

Get client authenticator providers Returns a stream of client authenticator providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/config-description/{providerId}

Get authenticator provider’s configuration description

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

providerId
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigInfoRepresentation

DELETE /admin/realms/{realm}/authentication/config/{id}

Delete authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/config/{id}

Get authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigRepresentation

PUT /admin/realms/{realm}/authentication/config/{id}

Update authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Configuration id

null
Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/config

Create new authenticator configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/executions/{executionId}/config/{id}

Get execution’s configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null

id
required

Configuration id

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

AuthenticatorConfigRepresentation

POST /admin/realms/{realm}/authentication/executions/{executionId}/config

Update execution with new configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null
Body Parameter
Name Description Default Pattern

AuthenticatorConfigRepresentation
optional

AuthenticatorConfigRepresentation
Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/authentication/executions/{executionId}

Delete execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/executions/{executionId}

Get Single Execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

null
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/executions/{executionId}/lower-priority

Lower execution’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/executions/{executionId}/raise-priority

Raise execution’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

executionId
required

Execution id

null
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/executions

Add new authentication execution

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

AuthenticationExecutionRepresentation
optional

AuthenticationExecutionRepresentation
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/copy

Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

name of the existing authentication flow

null
Body Parameter
Name Description Default Pattern

request_body
optional

[string]
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/execution

Add new authentication execution to a flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Alias of parent flow

null
Body Parameter
Name Description Default Pattern

request_body
optional

[string]
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/flow

Add new flow with new execution to existing flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Alias of parent authentication flow

null
Body Parameter
Name Description Default Pattern

request_body
optional

[string]
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/flows/{flowAlias}/executions

Get authentication executions for a flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Flow alias

null
Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/authentication/flows/{flowAlias}/executions

Update authentication executions of a Flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

flowAlias
required

Flow alias

null
Body Parameter
Name Description Default Pattern

AuthenticationExecutionInfoRepresentation
optional

AuthenticationExecutionInfoRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/flows

Get authentication flows Returns a stream of authentication flows.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[AuthenticationFlowRepresentation]

DELETE /admin/realms/{realm}/authentication/flows/{id}

Delete an authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Flow id

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/flows/{id}

Get authentication flow for id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

Flow id

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

AuthenticationFlowRepresentation

PUT /admin/realms/{realm}/authentication/flows/{id}

Update an authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null
Body Parameter
Name Description Default Pattern

AuthenticationFlowRepresentation
optional

AuthenticationFlowRepresentation
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/authentication/flows

Create a new authentication flow

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

AuthenticationFlowRepresentation
optional

AuthenticationFlowRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/authentication/form-action-providers

Get form action providers Returns a stream of form action providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/form-providers

Get form providers Returns a stream of form providers.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

GET /admin/realms/{realm}/authentication/per-client-config-description

Get configuration descriptions for all clients

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[ConfigPropertyRepresentation]

POST /admin/realms/{realm}/authentication/register-required-action

Register a new required actions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

request_body
optional

[string]
Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/authentication/required-actions/{alias}

Delete required action

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/required-actions/{alias}

Get required action for alias

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

RequiredActionProviderRepresentation

POST /admin/realms/{realm}/authentication/required-actions/{alias}/lower-priority

Lower required action’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/authentication/required-actions/{alias}

Update required action

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null
Body Parameter
Name Description Default Pattern

RequiredActionProviderRepresentation
optional

RequiredActionProviderRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/authentication/required-actions/{alias}/raise-priority

Raise required action’s priority

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

Alias of required action

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/authentication/required-actions

Get required actions Returns a stream of required actions.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RequiredActionProviderRepresentation]

GET /admin/realms/{realm}/authentication/unregistered-required-actions

Get unregistered required actions Returns a stream of unregistered required actions.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

Client Attribute Certificate

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/download

Get a keystore file for the client, containing private key and public certificate

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null
Body Parameter
Name Description Default Pattern

KeyStoreConfig
optional

KeyStoreConfig
Content Type

  • application/octet-stream

Responses
Code Message Datatype

200

OK

[File]

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate-and-download

Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format. Only generated public certificate is saved in Keycloak DB - the private key is not.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null
Body Parameter
Name Description Default Pattern

KeyStoreConfig
optional

KeyStoreConfig
Content Type

  • application/octet-stream

Responses
Code Message Datatype

200

OK

[File]

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate

Generate a new certificate with new key pair

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}

Get key info

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/upload-certificate

Upload only certificate, not private key

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/upload

Upload certificate and eventually private key

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

attr
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

CertificateRepresentation

Client Initial Access

GET /admin/realms/{realm}/clients-initial-access

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ClientInitialAccessPresentation]

DELETE /admin/realms/{realm}/clients-initial-access/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients-initial-access

Create a new initial access token.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

ClientInitialAccessCreatePresentation
optional

ClientInitialAccessCreatePresentation
Content Type

  • application/json

Responses
Code Message Datatype

201

Created

ClientInitialAccessCreatePresentation

Client Registration Policy

GET /admin/realms/{realm}/client-registration-policy/providers

Base path for retrieve providers with the configProperties properly filled

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentTypeRepresentation]

Client Role Mappings

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}/available

Get available client-level roles that can be mapped to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}/composite

Get effective client-level role mappings This recurses any composite roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}

Delete client-level roles from user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}

Get client-level role mappings for the user, and the app

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/groups/{group-id}/role-mappings/clients/{client}

Add client-level roles to the user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}/available

Get available client-level roles that can be mapped to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}/composite

Get effective client-level role mappings This recurses any composite roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}

Delete client-level roles from user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}

Get client-level role mappings for the user, and the app

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/users/{user-id}/role-mappings/clients/{client}

Add client-level roles to the user role mapping

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

Client Scopes

DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}

Delete the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}

Get representation of the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ClientScopeRepresentation

PUT /admin/realms/{realm}/client-scopes/{client-scope-id}

Update the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-scopes

Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

POST /admin/realms/{realm}/client-scopes

Create a new client scope Client Scope’s name must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation
Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/client-templates/{client-scope-id}

Delete the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}

Get representation of the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ClientScopeRepresentation

PUT /admin/realms/{realm}/client-templates/{client-scope-id}

Update the client scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates

Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

POST /admin/realms/{realm}/client-templates

Create a new client scope Client Scope’s name must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

ClientScopeRepresentation
optional

ClientScopeRepresentation
Responses
Code Message Datatype

200

OK

<<>>

Clients

GET /admin/realms/{realm}/clients/{client-uuid}/client-secret

Get the client secret

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

POST /admin/realms/{realm}/clients/{client-uuid}/client-secret

Generate a new secret for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

DELETE /admin/realms/{realm}/clients/{client-uuid}/client-secret/rotated

Invalidate the rotated secret for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/client-secret/rotated

Get the rotated client secret

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

CredentialRepresentation

DELETE /admin/realms/{realm}/clients/{client-uuid}/default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

clientScopeId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

clientScopeId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/default-client-scopes

Get default client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}

Delete the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-access-token

Create JSON with payload of example access token

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

AccessToken

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-id-token

Create JSON with payload of example id token

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

IDToken

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-userinfo

Create JSON with payload of example user info

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

scope
optional

null

userId
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[<<>>]

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/protocol-mappers

Return list of all protocol mappers, which will be used when generating tokens issued for particular client.

Description

This means protocol mappers assigned to this client directly and protocol mappers assigned to all client scopes of this client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

scope
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperEvaluationRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/granted

Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.

Description

This contains scope mappings, which this client has directly, as well as scope mappings, which are granted to all client scopes, which are linked with this client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

roleContainerId
required

either realm name OR client UUID

null
Query Parameters
Name Description Default Pattern

scope
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted

Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.

Description

Defacto all the other roles of particular role container, which are not in {@link #getGrantedScopeMappings()}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

roleContainerId
required

either realm name OR client UUID

null
Query Parameters
Name Description Default Pattern

scope
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}

Get representation of the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/installation/providers/{providerId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

providerId
required

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{client-uuid}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

DELETE /admin/realms/{realm}/clients/{client-uuid}/nodes/{node}

Unregister a cluster node from the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

node
required

null
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/nodes

Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to Keycloak

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

request_body
optional

[string]
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/offline-session-count

Get application offline session count Returns a number of offline user sessions associated with this client { \"count\": number }

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/clients/{client-uuid}/offline-sessions

Get offline sessions for client Returns a list of offline user sessions associated with this client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

first
optional

Paging offset

null

max
optional

Maximum results size (defaults to 100)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

clientScopeId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

clientScopeId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/optional-client-scopes

Get optional client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/push-revocation

Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

PUT /admin/realms/{realm}/clients/{client-uuid}

Update the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

ClientRepresentation
optional

ClientRepresentation
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/registration-access-token

Generate a new registration access token for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/service-account-user

Get a user dedicated to the service account

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

UserRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/session-count

Get application session count Returns a number of user sessions associated with this client { \"count\": number }

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/clients/{client-uuid}/test-nodes-available

Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

GET /admin/realms/{realm}/clients/{client-uuid}/user-sessions

Get user sessions for client Returns a list of user sessions associated with this client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

first
optional

Paging offset

null

max
optional

Maximum results size (defaults to 100)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

GET /admin/realms/{realm}/clients

Get clients belonging to the realm.

Description

If a client can’t be retrieved from the storage due to a problem with the underlying storage, it is silently removed from the returned list. This ensures that concurrent modifications to the list don’t prevent callers from retrieving this list.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

clientId
optional

filter by clientId

null

first
optional

the first result

null

max
optional

the max results to return

null

q
optional

null

search
optional

whether this is a search query or a getClientById query

false

viewableOnly
optional

filter clients that cannot be viewed in full by admin

false
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ClientRepresentation]

POST /admin/realms/{realm}/clients

Create a new client Client’s client_id must be unique!

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

ClientRepresentation
optional

ClientRepresentation
Responses
Code Message Datatype

201

Created

<<>>

Component

GET /admin/realms/{realm}/components

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

name
optional

null

parent
optional

null

type
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentRepresentation]

DELETE /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ComponentRepresentation

PUT /admin/realms/{realm}/components/{id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null
Body Parameter
Name Description Default Pattern

ComponentRepresentation
optional

ComponentRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/components/{id}/sub-component-types

List of subcomponent types that are available to configure for a particular parent component.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

id
required

null
Query Parameters
Name Description Default Pattern

type
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ComponentTypeRepresentation]

POST /admin/realms/{realm}/components

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

ComponentRepresentation
optional

ComponentRepresentation
Responses
Code Message Datatype

200

OK

<<>>

default

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ResourceServerRepresentation

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/import

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

ResourceServerRepresentation
optional

ResourceServerRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/evaluate

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

PolicyEvaluationRequest
optional

PolicyEvaluationRequest
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

PolicyEvaluationResponse

500

Internal Server Error

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

fields
optional

null

first
optional

null

max
optional

null

name
optional

null

owner
optional

null

permission
optional

null

policyId
optional

null

resource
optional

null

scope
optional

null

type
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[AbstractPolicyRepresentation]

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

body
optional

[string]
Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/providers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[PolicyProviderRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/permission/search

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

fields
optional

null

name
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

AbstractPolicyRepresentation

204

No Content

<<>>

400

Bad Request

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/evaluate

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

PolicyEvaluationRequest
optional

PolicyEvaluationRequest
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

PolicyEvaluationResponse

500

Internal Server Error

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

fields
optional

null

first
optional

null

max
optional

null

name
optional

null

owner
optional

null

permission
optional

null

policyId
optional

null

resource
optional

null

scope
optional

null

type
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[AbstractPolicyRepresentation]

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

body
optional

[string]
Responses
Code Message Datatype

201

Created

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/providers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[PolicyProviderRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/policy/search

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

fields
optional

null

name
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

AbstractPolicyRepresentation

204

No Content

<<>>

400

Bad Request

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

ResourceServerRepresentation
optional

ResourceServerRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ResourceRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

ResourceRepresentation
optional

ResourceRepresentation
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

201

Created

ResourceRepresentation

400

Bad Request

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/attributes

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null
Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null
Responses
Code Message Datatype

204

No Content

<<>>

404

Not Found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ResourceRepresentation

404

Not found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[PolicyRepresentation]

404

Not found

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null
Body Parameter
Name Description Default Pattern

ResourceRepresentation
optional

ResourceRepresentation
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null
Responses
Code Message Datatype

204

No Content

<<>>

404

Not Found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/{resource-id}/scopes

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

resource-id
required

null
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

name
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ScopeRepresentation]

404

Not found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/resource/search

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

id
_optional

null

deep
optional

null

exactName
optional

null

first
optional

null

matchingUri
optional

null

max
optional

null

owner
optional

null

scope
optional

null

type
optional

null

uri
optional

null

name
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ResourceRepresentation

400

Bad Request

<<>>

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

first
optional

null

max
optional

null

name
optional

null

scopeId
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ScopeRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

ScopeRepresentation
optional

ScopeRepresentation
Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ScopeRepresentation

404

Not found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[PolicyRepresentation]

404

Not found

<<>>

PUT /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null
Body Parameter
Name Description Default Pattern

ScopeRepresentation
optional

ScopeRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/resources

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ResourceRepresentation]

404

Not found

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/search

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

name
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ScopeRepresentation]

204

No Content

<<>>

400

Bad Request

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/settings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ResourceServerRepresentation

Groups

GET /admin/realms/{realm}/groups/count

Returns the groups counts.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

search
optional

null

top
optional

false
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/groups

Get group hierarchy. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

exact
optional

false

first
optional

null

max
optional

null

populateHierarchy
optional

true

q
optional

null

search
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/groups/{group-id}/children

Return a paginated list of subgroups that have a parent group corresponding to the group on the URL

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

false

first
optional

null

max
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

POST /admin/realms/{realm}/groups/{group-id}/children

Set or create child.

Description

This will just set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation
Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/groups/{group-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{group-id}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

GroupRepresentation

GET /admin/realms/{realm}/groups/{group-id}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/groups/{group-id}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

GET /admin/realms/{realm}/groups/{group-id}/members

Get users Returns a stream of users, filtered according to query parameters

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

Only return basic information (only guaranteed to return id, username, created, first and last name, email, enabled state, email verification state, federation link, and access. Note that it means that namely user attributes, required actions, and not before are not returned.)

null

first
optional

Pagination offset

null

max
optional

Maximum results size (defaults to 100)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

PUT /admin/realms/{realm}/groups/{group-id}

Update group, ignores subgroups.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/groups

create or add a top level realm groupSet or create child.

Description

This will update the group and set the parent if it exists. Create it and set the parent if the group doesn’t exist.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

GroupRepresentation
optional

GroupRepresentation
Responses
Code Message Datatype

200

OK

<<>>

Identity Providers

POST /admin/realms/{realm}/identity-provider/import-config

Import identity provider from JSON body

Description

Import identity provider from uploaded JSON file

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

request_body
optional

[AnyType]
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[[string]]

DELETE /admin/realms/{realm}/identity-provider/instances/{alias}

Delete the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}/export

Export public broker configuration for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Query Parameters
Name Description Default Pattern

format
optional

Format to use

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}

Get the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

IdentityProviderRepresentation

GET /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions

Return object stating whether client Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mapper-types

Get mapper types for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Content Type

  • */*

Responses
Code Message Datatype

200

OK

Map[IdentityProviderMapperTypeRepresentation]

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers

Get mappers for identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[IdentityProviderMapperRepresentation]

DELETE /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Delete a mapper for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

Mapper id

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Get mapper by id for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

IdentityProviderMapperRepresentation

PUT /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id}

Update a mapper for the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null

id
required

Mapper id

null
Body Parameter
Name Description Default Pattern

IdentityProviderMapperRepresentation
optional

IdentityProviderMapperRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/identity-provider/instances/{alias}/mappers

Add a mapper to identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Body Parameter
Name Description Default Pattern

IdentityProviderMapperRepresentation
optional

IdentityProviderMapperRepresentation
Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/identity-provider/instances/{alias}

Update the identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Body Parameter
Name Description Default Pattern

IdentityProviderRepresentation
optional

IdentityProviderRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/instances/{alias}/reload-keys

Reaload keys for the identity provider if the provider supports it, \"true\" is returned if reload was performed, \"false\" if not.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

alias
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

[Boolean]

GET /admin/realms/{realm}/identity-provider/instances

List identity providers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

Boolean which defines whether brief representations are returned (default: false)

null

first
optional

Pagination offset

null

max
optional

Maximum results size (defaults to 100)

null

search
optional

Filter specific providers by name. Search can be prefix (name*), contains (name) or exact (&quot;name&quot;). Default prefixed.

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[IdentityProviderRepresentation]

POST /admin/realms/{realm}/identity-provider/instances

Create a new identity provider

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

IdentityProviderRepresentation
optional

IdentityProviderRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/identity-provider/providers/{provider_id}

Get the identity provider factory for that provider id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

provider_id
required

The provider id to get the factory

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

[Object]

Key

GET /admin/realms/{realm}/keys

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

KeysMetadataRepresentation

Protocol Mappers

POST /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

protocol
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

POST /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

id
required

Mapper id

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

protocol
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/add-models

Create multiple mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models

Get mappers

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}

Delete the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

id
required

Mapper id

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}

Get mapper by id

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

id
required

Mapper id

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ProtocolMapperRepresentation

PUT /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id}

Update the mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

id
required

Mapper id

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models

Create a mapper

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

ProtocolMapperRepresentation
optional

ProtocolMapperRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/protocol/{protocol}

Get mappers by name for a specific protocol

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

protocol
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ProtocolMapperRepresentation]

Realms Admin

GET /admin/realms

Get accessible realms Returns a list of accessible realms. The list is filtered based on what realms the caller is allowed to view.

Parameters
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

false
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RealmRepresentation]

POST /admin/realms

Import a realm. Imports a realm from a full representation of that realm.

Description

Realm name must be unique.

Parameters
Body Parameter
Name Description Default Pattern

body
optional

[file]
Responses
Code Message Datatype

201

Created

<<>>

DELETE /admin/realms/{realm}/admin-events

Delete all admin events

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/admin-events

Get admin events Returns all admin events, or filters events based on URL query parameters listed here

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

authClient
optional

null

authIpAddress
optional

null

authRealm
optional

null

authUser
optional

user id

null

dateFrom
optional

null

dateTo
optional

null

first
optional

null

max
optional

Maximum results size (defaults to 100)

null

operationTypes
optional

[String]

null

resourcePath
optional

null

resourceTypes
optional

[String]

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[AdminEventRepresentation]

POST /admin/realms/{realm}/client-description-converter

Base path for importing clients under this realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

body
optional

[string]
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ClientRepresentation

GET /admin/realms/{realm}/client-policies/policies

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ClientPoliciesRepresentation

PUT /admin/realms/{realm}/client-policies/policies

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

ClientPoliciesRepresentation
optional

ClientPoliciesRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-policies/profiles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

include-global-profiles
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ClientProfilesRepresentation

PUT /admin/realms/{realm}/client-policies/profiles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

ClientProfilesRepresentation
optional

ClientProfilesRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/client-session-stats

Get client session stats Returns a JSON map.

Description

The key is the client id, the value is the number of sessions that currently are active with that client. Only clients that actually have a session associated with them will be in this map.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

GET /admin/realms/{realm}/credential-registrators

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

DELETE /admin/realms/{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-default-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/default-default-client-scopes

Get realm default client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

GET /admin/realms/{realm}/default-groups

Get group hierarchy. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

DELETE /admin/realms/{realm}/default-groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

groupId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

groupId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/default-optional-client-scopes/{clientScopeId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientScopeId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/default-optional-client-scopes

Get realm optional client scopes. Only name and ids are returned.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[ClientScopeRepresentation]

DELETE /admin/realms/{realm}

Delete the realm

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/events/config

Get the events provider configuration Returns JSON object with events provider configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

RealmEventsConfigRepresentation

PUT /admin/realms/{realm}/events/config

Description

Update the events provider Change the events provider and/or its configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

RealmEventsConfigRepresentation
optional

RealmEventsConfigRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

DELETE /admin/realms/{realm}/events

Delete all events

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/events

Get events Returns all events, or filters them based on URL query parameters listed here

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

client
optional

App or oauth client name

null

dateFrom
optional

From date

null

dateTo
optional

To date

null

first
optional

Paging offset

null

ipAddress
optional

IP Address

null

max
optional

Maximum results size (defaults to 100)

null

type
optional

The types of events to return [String]

null

user
optional

User id

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[EventRepresentation]

GET /admin/realms/{realm}

Get the top-level representation of the realm It will not include nested information like User and Client representations.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

RealmRepresentation

GET /admin/realms/{realm}/group-by-path/{path}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

path
required

PathSegment

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

GroupRepresentation

GET /admin/realms/{realm}/localization

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

DELETE /admin/realms/{realm}/localization/{locale}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/localization/{locale}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null
Query Parameters
Name Description Default Pattern

useRealmDefaultLocaleFallback
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[[string]]

DELETE /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null
Content Type

  • text/plain

Responses
Code Message Datatype

200

OK

[String]

PUT /admin/realms/{realm}/localization/{locale}/{key}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

key
required

null

locale
required

null
Body Parameter
Name Description Default Pattern

body
optional

[string]
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/localization/{locale}

Import localization from uploaded JSON file

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

locale
required

null
Body Parameter
Name Description Default Pattern

request_body
optional

[string]
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/logout-all

Removes all user sessions.

Description

Any client that has an admin url will also be told to invalidate any sessions they have.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

POST /admin/realms/{realm}/partial-export

Partial export of existing realm into a JSON file.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

exportClients
optional

null

exportGroupsAndRoles
optional

null
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/partialImport

Partial import from a JSON file to an existing realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

body
optional

[file]
Responses
Code Message Datatype

200

OK

<<>>

POST /admin/realms/{realm}/push-revocation

Push the realm’s revocation policy to any client that has an admin url associated with it.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

GlobalRequestResult

PUT /admin/realms/{realm}

Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.

Description

This will only update top-level attributes of the realm.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

RealmRepresentation
optional

RealmRepresentation
Responses
Code Message Datatype

200

OK

<<>>

DELETE /admin/realms/{realm}/sessions/{session}

Remove a specific user session.

Description

Any client that has an admin url will also be told to invalidate this particular session.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

session
required

null
Query Parameters
Name Description Default Pattern

isOffline
optional

false
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/testSMTPConnection

Test SMTP connection with current logged in user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

request_body
optional

[string]
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users-management-permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/users-management-permissions

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

Role Mapper

GET /admin/realms/{realm}/groups/{group-id}/role-mappings

Get role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm/available

Get realm-level roles that can be mapped

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm/composite

Get effective realm-level role mappings This will recurse all composite roles to get the result.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/groups/{group-id}/role-mappings/realm

Delete realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/groups/{group-id}/role-mappings/realm

Get realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/groups/{group-id}/role-mappings/realm

Add realm-level role mappings to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

group-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/role-mappings

Get role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm/available

Get realm-level roles that can be mapped

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm/composite

Get effective realm-level role mappings This will recurse all composite roles to get the result.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/users/{user-id}/role-mappings/realm

Delete realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm

Get realm-level role mappings

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/users/{user-id}/role-mappings/realm

Add realm-level role mappings to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

Roles

GET /admin/realms/{realm}/clients/{client-uuid}/roles

Get all roles for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

first
optional

null

max
optional

null

search
optional
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/roles

Create a new role for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites/clients/{client-uuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

null

role-name
required

role's name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites

Remove roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites

Get composites of the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites

Add a composite to the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/composites/realm

Get realm-level roles of the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}

Delete a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}

Get a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/groups

Returns a stream of groups that have the specified role name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

the role name.

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return a full representation of the {@code GroupRepresentation} objects.

true

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

null
Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}

Update a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

role's name (not id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/roles/{role-name}/users

Returns a stream of users that have the specified role name.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

role-name
required

the role name.

null
Query Parameters
Name Description Default Pattern

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

GET /admin/realms/{realm}/roles

Get all roles for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

first
optional

null

max
optional

null

search
optional
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles

Create a new role for the realm or client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites/clients/{client-uuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

null

role-name
required

role's name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles/{role-name}/composites

Remove roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites

Get composites of the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles/{role-name}/composites

Add a composite to the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles/{role-name}/composites/realm

Get realm-level roles of the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles/{role-name}

Delete a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles/{role-name}

Get a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/roles/{role-name}/groups

Returns a stream of groups that have the specified role name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

the role name.

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return a full representation of the {@code GroupRepresentation} objects.

true

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

GET /admin/realms/{realm}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles/{role-name}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

null
Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles/{role-name}

Update a role by name

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

role's name (not id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/roles/{role-name}/users

Returns a stream of users that have the specified role name.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-name
required

the role name.

null
Query Parameters
Name Description Default Pattern

first
optional

first result to return. Ignored if negative or {@code null}.

null

max
optional

maximum number of results to return. Ignored if negative or {@code null}.

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

Roles (by ID)

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/clients/{clientUuid}

Get client-level roles for the client that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

clientUuid
required

null

role-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles-by-id/{role-id}/composites

Remove a set of roles from the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

Role id

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites

Get role’s children Returns a set of role’s children provided the role is a composite.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null
Query Parameters
Name Description Default Pattern

first
optional

null

max
optional

null

search
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/roles-by-id/{role-id}/composites

Make the role a composite role by associating some child roles

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}/composites/realm

Get realm-level roles that are in the role’s composite

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/roles-by-id/{role-id}

Delete the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/roles-by-id/{role-id}

Get a specific role’s representation

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

RoleRepresentation

GET /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions

Return object stating whether role Authorization permissions have been initialized or not and a reference

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

null
Body Parameter
Name Description Default Pattern

ManagementPermissionReference
optional

ManagementPermissionReference
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

ManagementPermissionReference

PUT /admin/realms/{realm}/roles-by-id/{role-id}

Update the role

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

role-id
required

id of role

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

Scope Mappings

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-scope-id
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/available

The available client-level roles Returns the roles for the client that can be associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/composite

Get effective client roles Returns the roles for the client that are associated with the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}

Remove client-level roles from the client’s scope.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}

Get the roles associated with a client’s scope Returns roles for the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}

Add client-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null

client
required

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings

Get all scope mappings for the client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

MappingsRepresentation

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm/available

Get realm-level roles that are available to attach to this client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm/composite

Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists.

Description

The method is really to show a comprehensive total view of realm-level roles associated with the client.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

if false, return roles with their attributes

true
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

DELETE /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm

Remove a set of realm-level roles from the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm

Get realm-level roles associated with the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[RoleRepresentation]

POST /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/realm

Add a set of realm-level roles to the client’s scope

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

client-uuid
required

id of client (not client-id!)

null
Body Parameter
Name Description Default Pattern

RoleRepresentation
optional

RoleRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

Users

GET /admin/realms/{realm}/users/count

Returns the number of users that match the given criteria.

Description

It can be called in three different ways. 1. Don’t specify any criteria and pass {@code null}. The number of all users within that realm will be returned. <p> 2. If {@code search} is specified other criteria such as {@code last} will be ignored even though you set them. The {@code search} string will be matched against the first and last name, the username and the email of a user. <p> 3. If {@code search} is unspecified but any of {@code last}, {@code first}, {@code email} or {@code username} those criteria are matched against their respective fields on a user entity. Combined with a logical and.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

email
optional

email filter

null

emailVerified
optional

null

enabled
optional

Boolean representing if user is enabled or not

null

firstName
optional

first name filter

null

lastName
optional

last name filter

null

q
optional

null

search
optional

arbitrary search string for all the fields below. Default search behavior is prefix-based (e.g., foo or foo*). Use foo for infix search and &quot;foo&quot; for exact search.

null

username
optional

username filter

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

[Integer]

GET /admin/realms/{realm}/users

Get users Returns a stream of users, filtered according to query parameters.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

Boolean which defines whether brief representations are returned (default: false)

null

email
optional

A String contained in email, or the complete email, if param &quot;exact&quot; is true

null

emailVerified
optional

whether the email has been verified

null

enabled
optional

Boolean representing if user is enabled or not

null

exact
optional

Boolean which defines whether the params &quot;last&quot;, &quot;first&quot;, &quot;email&quot; and &quot;username&quot; must match exactly

null

first
optional

Pagination offset

null

firstName
optional

A String contained in firstName, or the complete firstName, if param &quot;exact&quot; is true

null

idpAlias
optional

The alias of an Identity Provider linked to the user

null

idpUserId
optional

The userId at an Identity Provider linked to the user

null

lastName
optional

A String contained in lastName, or the complete lastName, if param &quot;exact&quot; is true

null

max
optional

Maximum results size (defaults to 100)

null

q
optional

A query to search for custom attributes, in the format 'key1:value2 key2:value2'

null

search
optional

A String contained in username, first or last name, or email. Default search behavior is prefix-based (e.g., foo or foo*). Use foo for infix search and &quot;foo&quot; for exact search.

null

username
optional

A String contained in username, or the complete username, if param &quot;exact&quot; is true

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[UserRepresentation]

POST /admin/realms/{realm}/users

Create a new user Username must be unique.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

UserRepresentation
optional

UserRepresentation
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users/profile

Description

Get the configuration for the user profile

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

UPConfig

GET /admin/realms/{realm}/users/profile/metadata

Description

Get the UserProfileMetadata from the configuration

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

UserProfileMetadata

PUT /admin/realms/{realm}/users/profile

Description

Set the configuration for the user profile

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null
Body Parameter
Name Description Default Pattern

UPConfig
optional

UPConfig
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

UPConfig

GET /admin/realms/{realm}/users/{user-id}/configured-user-storage-credential-types

Return credential types, which are provided by the user storage where user is stored.

Description

Returned values can contain for example \"password\", \"otp\" etc. This will always return empty list for \"local\" users, which are not backed by any user storage

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[string]]

DELETE /admin/realms/{realm}/users/{user-id}/consents/{client}

Revoke consent and offline tokens for particular client from user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

client
required

Client id

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/consents

Get consents granted by the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[[AnyType]]

DELETE /admin/realms/{realm}/users/{user-id}/credentials/{credentialId}

Remove a credential for a user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

credentialId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/users/{user-id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId}

Move a credential to a position behind another credential

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

credentialId
required

The credential to move

null

newPreviousCredentialId
required

The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list.

null
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/users/{user-id}/credentials/{credentialId}/moveToFirst

Move a credential to a first position in the credentials list of the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

credentialId
required

The credential to move

null
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/users/{user-id}/credentials/{credentialId}/userLabel

Update a credential label for a user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

credentialId
required

null
Body Parameter
Name Description Default Pattern

body
optional

[string]
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/credentials

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[CredentialRepresentation]

DELETE /admin/realms/{realm}/users/{user-id}

Delete the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/users/{user-id}/disable-credential-types

Disable all credentials for a user of a specific type

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Body Parameter
Name Description Default Pattern

string
optional

[string]
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/users/{user-id}/execute-actions-email

Send an email to the user with a link they can click to execute particular actions.

Description

An email contains a link the user can click to perform a set of required actions. The redirectUri and clientId parameters are optional. If no redirect is given, then there will be no link back to click after actions have completed. Redirect uri must be a valid uri for the particular clientId.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Body Parameter
Name Description Default Pattern

string
optional

[string]
Query Parameters
Name Description Default Pattern

client_id
optional

Client id

null

lifespan
optional

Number of seconds after which the generated token expires

null

redirect_uri
optional

Redirect uri

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users/{user-id}/federated-identity

Get social logins associated with the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[FederatedIdentityRepresentation]

DELETE /admin/realms/{realm}/users/{user-id}/federated-identity/{provider}

Remove a social login provider from user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

provider
required

Social login provider id

null
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/users/{user-id}/federated-identity/{provider}

Add a social login provider to the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

provider
required

Social login provider id

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users/{user-id}

Get representation of the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Query Parameters
Name Description Default Pattern

userProfileMetadata
optional

Indicates if the user profile metadata should be added to the response

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

UserRepresentation

GET /admin/realms/{realm}/users/{user-id}/groups/count

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Query Parameters
Name Description Default Pattern

search
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[[long]]

GET /admin/realms/{realm}/users/{user-id}/groups

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Query Parameters
Name Description Default Pattern

briefRepresentation
optional

true

first
optional

null

max
optional

null

search
optional

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[GroupRepresentation]

DELETE /admin/realms/{realm}/users/{user-id}/groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

groupId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/users/{user-id}/groups/{groupId}

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

groupId
required

null
Responses
Code Message Datatype

204

No Content

<<>>

POST /admin/realms/{realm}/users/{user-id}/impersonation

Impersonate the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

Map[<<>>]

POST /admin/realms/{realm}/users/{user-id}/logout

Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Responses
Code Message Datatype

204

No Content

<<>>

GET /admin/realms/{realm}/users/{user-id}/offline-sessions/{clientUuid}

Get offline sessions associated with the user and client

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null

clientUuid
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

PUT /admin/realms/{realm}/users/{user-id}

Update the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Body Parameter
Name Description Default Pattern

UserRepresentation
optional

UserRepresentation
Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/users/{user-id}/reset-password-email

Send an email to the user with a link they can click to reset their password.

Description

The redirectUri and clientId parameters are optional. The default for the redirect is the account client. This endpoint has been deprecated. Please use the execute-actions-email passing a list with UPDATE_PASSWORD within it.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Query Parameters
Name Description Default Pattern

client_id
optional

client id

null

redirect_uri
optional

redirect uri

null
Responses
Code Message Datatype

200

OK

<<>>

PUT /admin/realms/{realm}/users/{user-id}/reset-password

Set up a new password for the user.

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Body Parameter
Name Description Default Pattern

CredentialRepresentation
optional

CredentialRepresentation
Responses
Code Message Datatype

204

No Content

<<>>

PUT /admin/realms/{realm}/users/{user-id}/send-verify-email

Send an email-verification email to the user An email contains a link the user can click to verify their email address.

Description

The redirectUri, clientId and lifespan parameters are optional. The default for the redirect is the account client. The default for the lifespan is 12 hours

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Query Parameters
Name Description Default Pattern

client_id
optional

Client id

null

lifespan
optional

Number of seconds after which the generated token expires

null

redirect_uri
optional

Redirect uri

null
Responses
Code Message Datatype

200

OK

<<>>

GET /admin/realms/{realm}/users/{user-id}/sessions

Get sessions associated with the user

Parameters
Path Parameters
Name Description Default Pattern

realm
required

realm name (not id!)

null

user-id
required

null
Content Type

  • application/json

Responses
Code Message Datatype

200

OK

List[UserSessionRepresentation]

Definitions

AbstractPolicyRepresentation

Name Type Format

id
optional

String

name
optional

String

description
optional

String

type
optional

String

policies
optional

Set of [string]

resources
optional

Set of [string]

scopes
optional

Set of [string]

logic
optional

Logic

decisionStrategy
optional

DecisionStrategy

owner
optional

String

resourcesData
optional

Set of ResourceRepresentation

scopesData
optional

Set of ScopeRepresentation

Access

Name Type Format

roles
optional

Set of [string]

verify_caller
optional

Boolean

AccessToken

Name Type Format

jti
optional

String

exp
optional

Long

int64

nbf
optional

Long

int64

iat
optional

Long

int64

iss
optional

String

sub
optional

String

typ
optional

String

azp
optional

String

otherClaims
optional

Map of [AnyType]

nonce
optional

String

auth_time
optional

Long

int64

session_state
optional

String

at_hash
optional

String

c_hash
optional

String

name
optional

String

given_name
optional

String

family_name
optional

String

middle_name
optional

String

nickname
optional

String

preferred_username
optional

String

profile
optional

String

picture
optional

String

website
optional

String

email
optional

String

email_verified
optional

Boolean

gender
optional

String

birthdate
optional

String

zoneinfo
optional

String

locale
optional

String

phone_number
optional

String

phone_number_verified
optional

Boolean

address
optional

AddressClaimSet

updated_at
optional

Long

int64

claims_locales
optional

String

acr
optional

String

s_hash
optional

String

authTime
optional

Integer

int32

sid
optional

String

trusted-certs
optional

Set of [string]

allowed-origins
optional

Set of [string]

realm_access
optional

Access

resource_access
optional

Map of Access

authorization
optional

Authorization

cnf
optional

Confirmation

scope
optional

String

AddressClaimSet

Name Type Format

formatted
optional

String

street_address
optional

String

locality
optional

String

region
optional

String

postal_code
optional

String

country
optional

String

AdminEventRepresentation

Name Type Format

time
optional

Long

int64

realmId
optional

String

authDetails
optional

AuthDetailsRepresentation

operationType
optional

String

resourceType
optional

String

resourcePath
optional

String

representation
optional

String

error
optional

String

ApplicationRepresentation

Name Type Format

id
optional

String

clientId
optional

String

description
optional

String

rootUrl
optional

String

adminUrl
optional

String

baseUrl
optional

String

surrogateAuthRequired
optional

Boolean

enabled
optional

Boolean

alwaysDisplayInConsole
optional

Boolean

clientAuthenticatorType
optional

String

secret
optional

String

registrationAccessToken
optional

String

defaultRoles
optional

List of [string]

redirectUris
optional

List of [string]

webOrigins
optional

List of [string]

notBefore
optional

Integer

int32

bearerOnly
optional

Boolean

consentRequired
optional

Boolean

standardFlowEnabled
optional

Boolean

implicitFlowEnabled
optional

Boolean

directAccessGrantsEnabled
optional

Boolean

serviceAccountsEnabled
optional

Boolean

authorizationServicesEnabled
optional

Boolean

directGrantsOnly
optional

Boolean

publicClient
optional

Boolean

frontchannelLogout
optional

Boolean

protocol
optional

String

attributes
optional

Map of [string]

authenticationFlowBindingOverrides
optional

Map of [string]

fullScopeAllowed
optional

Boolean

nodeReRegistrationTimeout
optional

Integer

int32

registeredNodes
optional

Map of [integer]

int32

protocolMappers
optional

List of ProtocolMapperRepresentation

clientTemplate
optional

String

useTemplateConfig
optional

Boolean

useTemplateScope
optional

Boolean

useTemplateMappers
optional

Boolean

defaultClientScopes
optional

List of [string]

optionalClientScopes
optional

List of [string]

authorizationSettings
optional

ResourceServerRepresentation

access
optional

Map of [boolean]

origin
optional

String

name
optional

String

claims
optional

ApplicationRepresentation_claims

ApplicationRepresentationClaims

Name Type Format

name
optional

Boolean

username
optional

Boolean

profile
optional

Boolean

picture
optional

Boolean

website
optional

Boolean

email
optional

Boolean

gender
optional

Boolean

locale
optional

Boolean

address
optional

Boolean

phone
optional

Boolean

AuthDetailsRepresentation

Name Type Format

realmId
optional

String

clientId
optional

String

userId
optional

String

ipAddress
optional

String

AuthenticationExecutionExportRepresentation

Name Type Format

authenticatorConfig
optional

String

authenticator
optional

String

authenticatorFlow
optional

Boolean

requirement
optional

String

priority
optional

Integer

int32

autheticatorFlow
optional

Boolean

flowAlias
optional

String

userSetupAllowed
optional

Boolean

AuthenticationExecutionInfoRepresentation

Name Type Format

id
optional

String

requirement
optional

String

displayName
optional

String

alias
optional

String

description
optional

String

requirementChoices
optional

List of [string]

configurable
optional

Boolean

authenticationFlow
optional

Boolean

providerId
optional

String

authenticationConfig
optional

String

flowId
optional

String

level
optional

Integer

int32

index
optional

Integer

int32

AuthenticationExecutionRepresentation

Name Type Format

authenticatorConfig
optional

String

authenticator
optional

String

authenticatorFlow
optional

Boolean

requirement
optional

String

priority
optional

Integer

int32

autheticatorFlow
optional

Boolean

id
optional

String

flowId
optional

String

parentFlow
optional

String

AuthenticationFlowRepresentation

Name Type Format

id
optional

String

alias
optional

String

description
optional

String

providerId
optional

String

topLevel
optional

Boolean

builtIn
optional

Boolean

authenticationExecutions
optional

List of AuthenticationExecutionExportRepresentation

AuthenticatorConfigInfoRepresentation

Name Type Format

name
optional

String

providerId
optional

String

helpText
optional

String

properties
optional

List of ConfigPropertyRepresentation

AuthenticatorConfigRepresentation

Name Type Format

id
optional

String

alias
optional

String

config
optional

Map of [string]

Authorization

Name Type Format

permissions
optional

List of Permission

CertificateRepresentation

Name Type Format

privateKey
optional

String

publicKey
optional

String

certificate
optional

String

kid
optional

String

ClaimRepresentation

Name Type Format

name
optional

Boolean

username
optional

Boolean

profile
optional

Boolean

picture
optional

Boolean

website
optional

Boolean

email
optional

Boolean

gender
optional

Boolean

locale
optional

Boolean

address
optional

Boolean

phone
optional

Boolean

ClientInitialAccessCreatePresentation

Name Type Format

expiration
optional

Integer

int32

count
optional

Integer

int32

ClientInitialAccessPresentation

Name Type Format

id
optional

String

token
optional

String

timestamp
optional

Integer

int32

expiration
optional

Integer

int32

count
optional

Integer

int32

remainingCount
optional

Integer

int32

ClientMappingsRepresentation

Name Type Format

id
optional

String

client
optional

String

mappings
optional

List of RoleRepresentation

ClientPoliciesRepresentation

Name Type Format

policies
optional

List of ClientPolicyRepresentation

ClientPolicyConditionRepresentation

Name Type Format

condition
optional

String

configuration
optional

List

ClientPolicyExecutorRepresentation

Name Type Format

executor
optional

String

configuration
optional

List

ClientPolicyRepresentation

Name Type Format

name
optional

String

description
optional

String

enabled
optional

Boolean

conditions
optional

List of ClientPolicyConditionRepresentation

profiles
optional

List of [string]

ClientProfileRepresentation

Name Type Format

name
optional

String

description
optional

String

executors
optional

List of ClientPolicyExecutorRepresentation

ClientProfilesRepresentation

Name Type Format

profiles
optional

List of ClientProfileRepresentation

globalProfiles
optional

List of ClientProfileRepresentation

ClientRepresentation

Name Type Format

id
optional

String

clientId
optional

String

name
optional

String

description
optional

String

rootUrl
optional

String

adminUrl
optional

String

baseUrl
optional

String

surrogateAuthRequired
optional

Boolean

enabled
optional

Boolean

alwaysDisplayInConsole
optional

Boolean

clientAuthenticatorType
optional

String

secret
optional

String

registrationAccessToken
optional

String

defaultRoles
optional

List of [string]

redirectUris
optional

List of [string]

webOrigins
optional

List of [string]

notBefore
optional

Integer

int32

bearerOnly
optional

Boolean

consentRequired
optional

Boolean

standardFlowEnabled
optional

Boolean

implicitFlowEnabled
optional

Boolean

directAccessGrantsEnabled
optional

Boolean

serviceAccountsEnabled
optional

Boolean

authorizationServicesEnabled
optional

Boolean

directGrantsOnly
optional

Boolean

publicClient
optional

Boolean

frontchannelLogout
optional

Boolean

protocol
optional

String

attributes
optional

Map of [string]

authenticationFlowBindingOverrides
optional

Map of [string]

fullScopeAllowed
optional

Boolean

nodeReRegistrationTimeout
optional

Integer

int32

registeredNodes
optional

Map of [integer]

int32

protocolMappers
optional

List of ProtocolMapperRepresentation

clientTemplate
optional

String

useTemplateConfig
optional

Boolean

useTemplateScope
optional

Boolean

useTemplateMappers
optional

Boolean

defaultClientScopes
optional

List of [string]

optionalClientScopes
optional

List of [string]

authorizationSettings
optional

ResourceServerRepresentation

access
optional

Map of [boolean]

origin
optional

String

ClientScopeRepresentation

Name Type Format

id
optional

String

name
optional

String

description
optional

String

protocol
optional

String

attributes
optional

Map of [string]

protocolMappers
optional

List of ProtocolMapperRepresentation

ClientTemplateRepresentation

Name Type Format

id
optional

String

name
optional

String

description
optional

String

protocol
optional

String

fullScopeAllowed
optional

Boolean

bearerOnly
optional

Boolean

consentRequired
optional

Boolean

standardFlowEnabled
optional

Boolean

implicitFlowEnabled
optional

Boolean

directAccessGrantsEnabled
optional

Boolean

serviceAccountsEnabled
optional

Boolean

publicClient
optional

Boolean

frontchannelLogout
optional

Boolean

attributes
optional

Map of [string]

protocolMappers
optional

List of ProtocolMapperRepresentation

ComponentExportRepresentation

Name Type Format

id
optional

String

name
optional

String

providerId
optional

String

subType
optional

String

subComponents
optional

Map of [array]

config
optional

Map of [array]

ComponentRepresentation

Name Type Format

id
optional

String

name
optional

String

providerId
optional

String

providerType
optional

String

parentId
optional

String

subType
optional

String

config
optional

Map of [array]

ComponentTypeRepresentation

Name Type Format

id
optional

String

helpText
optional

String

properties
optional

List of ConfigPropertyRepresentation

metadata
optional

Map of [AnyType]

Composites

Name Type Format

realm
optional

Set of [string]

client
optional

Map of [array]

application
optional

Map of [array]

ConfigPropertyRepresentation

Name Type Format

name
optional

String

label
optional

String

helpText
optional

String

type
optional

String

defaultValue
optional

oas_any_type_not_mapped

options
optional

List of [string]

secret
optional

Boolean

required
optional

Boolean

readOnly
optional

Boolean

Confirmation

Name Type Format

x5t#S256
optional

String

jkt
optional

String

CredentialRepresentation

Name Type Format

id
optional

String

type
optional

String

userLabel
optional

String

createdDate
optional

Long

int64

secretData
optional

String

credentialData
optional

String

priority
optional

Integer

int32

value
optional

String

temporary
optional

Boolean

device
optional

String

hashedSaltedValue
optional

String

salt
optional

String

hashIterations
optional

Integer

int32

counter
optional

Integer

int32

algorithm
optional

String

digits
optional

Integer

int32

period
optional

Integer

int32

config
optional

Map

DecisionEffect

Name Type Format

DecisionStrategy

Name Type Format

EnforcementMode

Name Type Format

EvaluationResultRepresentation

Name Type Format

resource
optional

ResourceRepresentation

scopes
optional

List of ScopeRepresentation

policies
optional

List of PolicyResultRepresentation

status
optional

DecisionEffect

allowedScopes
optional

List of ScopeRepresentation

EventRepresentation

Name Type Format

time
optional

Long

int64

type
optional

String

realmId
optional

String

clientId
optional

String

userId
optional

String

sessionId
optional

String

ipAddress
optional

String

error
optional

String

details
optional

Map of [string]

FederatedIdentityRepresentation

Name Type Format

identityProvider
optional

String

userId
optional

String

userName
optional

String

GlobalRequestResult

Name Type Format

successRequests
optional

List of [string]

failedRequests
optional

List of [string]

GroupRepresentation

Name Type Format

id
optional

String

name
optional

String

path
optional

String

parentId
optional

String

subGroupCount
optional

Long

int64

subGroups
optional

List of GroupRepresentation

attributes
optional

Map of [array]

realmRoles
optional

List of [string]

clientRoles
optional

Map of [array]

access
optional

Map of [boolean]

IDToken

Name Type Format

jti
optional

String

exp
optional

Long

int64

nbf
optional

Long

int64

iat
optional

Long

int64

iss
optional

String

sub
optional

String

typ
optional

String

azp
optional

String

otherClaims
optional

Map of [AnyType]

nonce
optional

String

auth_time
optional

Long

int64

session_state
optional

String

at_hash
optional

String

c_hash
optional

String

name
optional

String

given_name
optional

String

family_name
optional

String

middle_name
optional

String

nickname
optional

String

preferred_username
optional

String

profile
optional

String

picture
optional

String

website
optional

String

email
optional

String

email_verified
optional

Boolean

gender
optional

String

birthdate
optional

String

zoneinfo
optional

String

locale
optional

String

phone_number
optional

String

phone_number_verified
optional

Boolean

address
optional

AddressClaimSet

updated_at
optional

Long

int64

claims_locales
optional

String

acr
optional

String

s_hash
optional

String

authTime
optional

Integer

int32

sid
optional

String

IdentityProviderMapperRepresentation

Name Type Format

id
optional

String

name
optional

String

identityProviderAlias
optional

String

identityProviderMapper
optional

String

config
optional

Map of [string]

IdentityProviderMapperTypeRepresentation

Name Type Format

id
optional

String

name
optional

String

category
optional

String

helpText
optional

String

properties
optional

List of ConfigPropertyRepresentation

IdentityProviderRepresentation

Name Type Format

alias
optional

String

displayName
optional

String

internalId
optional

String

providerId
optional

String

enabled
optional

Boolean

updateProfileFirstLoginMode
optional

String

trustEmail
optional

Boolean

storeToken
optional

Boolean

addReadTokenRoleOnCreate
optional

Boolean

authenticateByDefault
optional

Boolean

linkOnly
optional

Boolean

firstBrokerLoginFlowAlias
optional

String

postBrokerLoginFlowAlias
optional

String

config
optional

Map of [string]

updateProfileFirstLogin
optional

Boolean

InstallationAdapterConfig

Name Type Format

realm
optional

String

realm-public-key
optional

String

auth-server-url
optional

String

ssl-required
optional

String

bearer-only
optional

Boolean

resource
optional

String

public-client
optional

Boolean

verify-token-audience
optional

Boolean

credentials
optional

Map of [AnyType]

use-resource-role-mappings
optional

Boolean

confidential-port
optional

Integer

int32

policy-enforcer
optional

PolicyEnforcerConfig

KeyMetadataRepresentation

Name Type Format

providerId
optional

String

providerPriority
optional

Long

int64

kid
optional

String

status
optional

String

type
optional

String

algorithm
optional

String

publicKey
optional

String

certificate
optional

String

use
optional

KeyUse

validTo
optional

Long

int64

KeyStoreConfig

Name Type Format

realmCertificate
optional

Boolean

storePassword
optional

String

keyPassword
optional

String

keyAlias
optional

String

realmAlias
optional

String

format
optional

String

KeyUse

Name Type Format

KeysMetadataRepresentation

Name Type Format

active
optional

Map of [string]

keys
optional

List of KeyMetadataRepresentation

Logic

Name Type Format

ManagementPermissionReference

Name Type Format

enabled
optional

Boolean

resource
optional

String

scopePermissions
optional

Map of [string]

MappingsRepresentation

Name Type Format

realmMappings
optional

List of RoleRepresentation

clientMappings
optional

Map of ClientMappingsRepresentation

MethodConfig

Name Type Format

method
optional

String

scopes
optional

List of [string]

scopes-enforcement-mode
optional

ScopeEnforcementMode

OAuthClientRepresentation

Name Type Format

id
optional

String

clientId
optional

String

description
optional

String

rootUrl
optional

String

adminUrl
optional

String

baseUrl
optional

String

surrogateAuthRequired
optional

Boolean

enabled
optional

Boolean

alwaysDisplayInConsole
optional

Boolean

clientAuthenticatorType
optional

String

secret
optional

String

registrationAccessToken
optional

String

defaultRoles
optional

List of [string]

redirectUris
optional

List of [string]

webOrigins
optional

List of [string]

notBefore
optional

Integer

int32

bearerOnly
optional

Boolean

consentRequired
optional

Boolean

standardFlowEnabled
optional

Boolean

implicitFlowEnabled
optional

Boolean

directAccessGrantsEnabled
optional

Boolean

serviceAccountsEnabled
optional

Boolean

authorizationServicesEnabled
optional

Boolean

directGrantsOnly
optional

Boolean

publicClient
optional

Boolean

frontchannelLogout
optional

Boolean

protocol
optional

String

attributes
optional

Map of [string]

authenticationFlowBindingOverrides
optional

Map of [string]

fullScopeAllowed
optional

Boolean

nodeReRegistrationTimeout
optional

Integer

int32

registeredNodes
optional

Map of [integer]

int32

protocolMappers
optional

List of ProtocolMapperRepresentation

clientTemplate
optional

String

useTemplateConfig
optional

Boolean

useTemplateScope
optional

Boolean

useTemplateMappers
optional

Boolean

defaultClientScopes
optional

List of [string]

optionalClientScopes
optional

List of [string]

authorizationSettings
optional

ResourceServerRepresentation

access
optional

Map of [boolean]

origin
optional

String

name
optional

String

claims
optional

ApplicationRepresentation_claims

PathCacheConfig

Name Type Format

max-entries
optional

Integer

int32

lifespan
optional

Long

int64

PathConfig

Name Type Format

name
optional

String

type
optional

String

path
optional

String

methods
optional

List of MethodConfig

scopes
optional

List of [string]

id
optional

String

enforcement-mode
optional

EnforcementMode

claim-information-point
optional

Map of [map]

invalidated
optional

Boolean

staticPath
optional

Boolean

static
optional

Boolean

PathSegment

Name Type Format

path
optional

String

matrixParameters
optional

Map of [array]

Permission

Name Type Format

rsid
optional

String

rsname
optional

String

scopes
optional

Set of [string]

claims
optional

Map of [set]

PolicyEnforcementMode

Name Type Format

PolicyEnforcerConfig

Name Type Format

enforcement-mode
optional

EnforcementMode

paths
optional

List of PathConfig

path-cache
optional

PathCacheConfig

lazy-load-paths
optional

Boolean

on-deny-redirect-to
optional

String

user-managed-access
optional

Object

claim-information-point
optional

Map of [map]

http-method-as-scope
optional

Boolean

realm
optional

String

auth-server-url
optional

String

credentials
optional

Map of [AnyType]

resource
optional

String

PolicyEvaluationRequest

Name Type Format

context
optional

Map of [map]

resources
optional

List of ResourceRepresentation

clientId
optional

String

userId
optional

String

roleIds
optional

List of [string]

entitlements
optional

Boolean

PolicyEvaluationResponse

Name Type Format

results
optional

List of EvaluationResultRepresentation

entitlements
optional

Boolean

status
optional

DecisionEffect

rpt
optional

AccessToken

PolicyProviderRepresentation

Name Type Format

type
optional

String

name
optional

String

group
optional

String

PolicyRepresentation

Name Type Format

id
optional

String

name
optional

String

description
optional

String

type
optional

String

policies
optional

Set of [string]

resources
optional

Set of [string]

scopes
optional

Set of [string]

logic
optional

Logic

decisionStrategy
optional

DecisionStrategy

owner
optional

String

resourcesData
optional

Set of ResourceRepresentation

scopesData
optional

Set of ScopeRepresentation

config
optional

Map of [string]

PolicyResultRepresentation

Name Type Format

policy
optional

PolicyRepresentation

status
optional

DecisionEffect

associatedPolicies
optional

List of PolicyResultRepresentation

scopes
optional

Set of [string]

ProtocolMapperEvaluationRepresentation

Name Type Format

mapperId
optional

String

mapperName
optional

String

containerId
optional

String

containerName
optional

String

containerType
optional

String

protocolMapper
optional

String

ProtocolMapperRepresentation

Name Type Format

id
optional

String

name
optional

String

protocol
optional

String

protocolMapper
optional

String

consentRequired
optional

Boolean

consentText
optional

String

config
optional

Map of [string]

PublishedRealmRepresentation

Name Type Format

realm
optional

String

public_key
optional

String

token-service
optional

String

account-service
optional

String

tokens-not-before
optional

Integer

int32

RealmEventsConfigRepresentation

Name Type Format

eventsEnabled
optional

Boolean

eventsExpiration
optional

Long

int64

eventsListeners
optional

List of [string]

enabledEventTypes
optional

List of [string]

adminEventsEnabled
optional

Boolean

adminEventsDetailsEnabled
optional

Boolean

RealmRepresentation

Name Type Format

id
optional

String

realm
optional

String

displayName
optional

String

displayNameHtml
optional

String

notBefore
optional

Integer

int32

defaultSignatureAlgorithm
optional

String

revokeRefreshToken
optional

Boolean

refreshTokenMaxReuse
optional

Integer

int32

accessTokenLifespan
optional

Integer

int32

accessTokenLifespanForImplicitFlow
optional

Integer

int32

ssoSessionIdleTimeout
optional

Integer

int32

ssoSessionMaxLifespan
optional

Integer

int32

ssoSessionIdleTimeoutRememberMe
optional

Integer

int32

ssoSessionMaxLifespanRememberMe
optional

Integer

int32

offlineSessionIdleTimeout
optional

Integer

int32

offlineSessionMaxLifespanEnabled
optional

Boolean

offlineSessionMaxLifespan
optional

Integer

int32

clientSessionIdleTimeout
optional

Integer

int32

clientSessionMaxLifespan
optional

Integer

int32

clientOfflineSessionIdleTimeout
optional

Integer

int32

clientOfflineSessionMaxLifespan
optional

Integer

int32

accessCodeLifespan
optional

Integer

int32

accessCodeLifespanUserAction
optional

Integer

int32

accessCodeLifespanLogin
optional

Integer

int32

actionTokenGeneratedByAdminLifespan
optional

Integer

int32

actionTokenGeneratedByUserLifespan
optional

Integer

int32

oauth2DeviceCodeLifespan
optional

Integer

int32

oauth2DevicePollingInterval
optional

Integer

int32

enabled
optional

Boolean

sslRequired
optional

String

passwordCredentialGrantAllowed
optional

Boolean

registrationAllowed
optional

Boolean

registrationEmailAsUsername
optional

Boolean

rememberMe
optional

Boolean

verifyEmail
optional

Boolean

loginWithEmailAllowed
optional

Boolean

duplicateEmailsAllowed
optional

Boolean

resetPasswordAllowed
optional

Boolean

editUsernameAllowed
optional

Boolean

userCacheEnabled
optional

Boolean

realmCacheEnabled
optional

Boolean

bruteForceProtected
optional

Boolean

permanentLockout
optional

Boolean

maxTemporaryLockouts
optional

Integer

int32

maxFailureWaitSeconds
optional

Integer

int32

minimumQuickLoginWaitSeconds
optional

Integer

int32

waitIncrementSeconds
optional

Integer

int32

quickLoginCheckMilliSeconds
optional

Long

int64

maxDeltaTimeSeconds
optional

Integer

int32

failureFactor
optional

Integer

int32

privateKey
optional

String

publicKey
optional

String

certificate
optional

String

codeSecret
optional

String

roles
optional

RolesRepresentation

groups
optional

List of GroupRepresentation

defaultRoles
optional

List of [string]

defaultRole
optional

RoleRepresentation

defaultGroups
optional

List of [string]

requiredCredentials
optional

Set of [string]

passwordPolicy
optional

String

otpPolicyType
optional

String

otpPolicyAlgorithm
optional

String

otpPolicyInitialCounter
optional

Integer

int32

otpPolicyDigits
optional

Integer

int32

otpPolicyLookAheadWindow
optional

Integer

int32

otpPolicyPeriod
optional

Integer

int32

otpPolicyCodeReusable
optional

Boolean

otpSupportedApplications
optional

List of [string]

localizationTexts
optional

Map of [map]

webAuthnPolicyRpEntityName
optional

String

webAuthnPolicySignatureAlgorithms
optional

List of [string]

webAuthnPolicyRpId
optional

String

webAuthnPolicyAttestationConveyancePreference
optional

String

webAuthnPolicyAuthenticatorAttachment
optional

String

webAuthnPolicyRequireResidentKey
optional

String

webAuthnPolicyUserVerificationRequirement
optional

String

webAuthnPolicyCreateTimeout
optional

Integer

int32

webAuthnPolicyAvoidSameAuthenticatorRegister
optional

Boolean

webAuthnPolicyAcceptableAaguids
optional

List of [string]

webAuthnPolicyExtraOrigins
optional

List of [string]

webAuthnPolicyPasswordlessRpEntityName
optional

String

webAuthnPolicyPasswordlessSignatureAlgorithms
optional

List of [string]

webAuthnPolicyPasswordlessRpId
optional

String

webAuthnPolicyPasswordlessAttestationConveyancePreference
optional

String

webAuthnPolicyPasswordlessAuthenticatorAttachment
optional

String

webAuthnPolicyPasswordlessRequireResidentKey
optional

String

webAuthnPolicyPasswordlessUserVerificationRequirement
optional

String

webAuthnPolicyPasswordlessCreateTimeout
optional

Integer

int32

webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister
optional

Boolean

webAuthnPolicyPasswordlessAcceptableAaguids
optional

List of [string]

webAuthnPolicyPasswordlessExtraOrigins
optional

List of [string]

clientProfiles
optional

ClientProfilesRepresentation

clientPolicies
optional

ClientPoliciesRepresentation

users
optional

List of UserRepresentation

federatedUsers
optional

List of UserRepresentation

scopeMappings
optional

List of ScopeMappingRepresentation

clientScopeMappings
optional

Map of [array]

clients
optional

List of ClientRepresentation

clientScopes
optional

List of ClientScopeRepresentation

defaultDefaultClientScopes
optional

List of [string]

defaultOptionalClientScopes
optional

List of [string]

browserSecurityHeaders
optional

Map of [string]

smtpServer
optional

Map of [string]

userFederationProviders
optional

List of UserFederationProviderRepresentation

userFederationMappers
optional

List of UserFederationMapperRepresentation

loginTheme
optional

String

accountTheme
optional

String

adminTheme
optional

String

emailTheme
optional

String

eventsEnabled
optional

Boolean

eventsExpiration
optional

Long

int64

eventsListeners
optional

List of [string]

enabledEventTypes
optional

List of [string]

adminEventsEnabled
optional

Boolean

adminEventsDetailsEnabled
optional

Boolean

identityProviders
optional

List of IdentityProviderRepresentation

identityProviderMappers
optional

List of IdentityProviderMapperRepresentation

protocolMappers
optional

List of ProtocolMapperRepresentation

components
optional

Map of [array]

internationalizationEnabled
optional

Boolean

supportedLocales
optional

Set of [string]

defaultLocale
optional

String

authenticationFlows
optional

List of AuthenticationFlowRepresentation

authenticatorConfig
optional

List of AuthenticatorConfigRepresentation

requiredActions
optional

List of RequiredActionProviderRepresentation

browserFlow
optional

String

registrationFlow
optional

String

directGrantFlow
optional

String

resetCredentialsFlow
optional

String

clientAuthenticationFlow
optional

String

dockerAuthenticationFlow
optional

String

firstBrokerLoginFlow
optional

String

attributes
optional

Map of [string]

keycloakVersion
optional

String

userManagedAccessAllowed
optional

Boolean

social
optional

Boolean

updateProfileOnInitialSocialLogin
optional

Boolean

socialProviders
optional

Map of [string]

applicationScopeMappings
optional

Map of [array]

applications
optional

List of ApplicationRepresentation

oauthClients
optional

List of OAuthClientRepresentation

clientTemplates
optional

List of ClientTemplateRepresentation

oAuth2DeviceCodeLifespan
optional

Integer

int32

oAuth2DevicePollingInterval
optional

Integer

int32

RequiredActionProviderRepresentation

Name Type Format

alias
optional

String

name
optional

String

providerId
optional

String

enabled
optional

Boolean

defaultAction
optional

Boolean

priority
optional

Integer

int32

config
optional

Map of [string]

ResourceOwnerRepresentation

Name Type Format

id
optional

String

name
optional

String

ResourceRepresentation

Name Type Format

id
_optional

String

name
optional

String

uris
optional

Set of [string]

type
optional

String

scopes
optional

Set of ScopeRepresentation

icon_uri
optional

String

owner
optional

ResourceRepresentation_owner

ownerManagedAccess
optional

Boolean

displayName
optional

String

attributes
optional

Map of [array]

uri
optional

String

scopesUma
optional

Set of ScopeRepresentation

ResourceRepresentationOwner

Name Type Format

id
optional

String

name
optional

String

ResourceServerRepresentation

Name Type Format

id
optional

String

clientId
optional

String

name
optional

String

allowRemoteResourceManagement
optional

Boolean

policyEnforcementMode
optional

PolicyEnforcementMode

resources
optional

List of ResourceRepresentation

policies
optional

List of PolicyRepresentation

scopes
optional

List of ScopeRepresentation

decisionStrategy
optional

DecisionStrategy

RoleRepresentation

Name Type Format

id
optional

String

name
optional

String

description
optional

String

scopeParamRequired
optional

Boolean

composite
optional

Boolean

composites
optional

Composites

clientRole
optional

Boolean

containerId
optional

String

attributes
optional

Map of [array]

RolesRepresentation

Name Type Format

realm
optional

List of RoleRepresentation

client
optional

Map of [array]

application
optional

Map of [array]

ScopeEnforcementMode

Name Type Format

ScopeMappingRepresentation

Name Type Format

self
optional

String

client
optional

String

clientTemplate
optional

String

clientScope
optional

String

roles
optional

Set of [string]

ScopeRepresentation

Name Type Format

id
optional

String

name
optional

String

iconUri
optional

String

policies
optional

List of PolicyRepresentation

resources
optional

List of ResourceRepresentation

displayName
optional

String

SocialLinkRepresentation

Name Type Format

socialProvider
optional

String

socialUserId
optional

String

socialUsername
optional

String

UPAttribute

Name Type Format

name
optional

String

displayName
optional

String

validations
optional

Map of [map]

annotations
optional

Map of [AnyType]

required
optional

UPAttributeRequired

permissions
optional

UPAttributePermissions

selector
optional

UPAttributeSelector

group
optional

String

multivalued
optional

Boolean

UPAttributePermissions

Name Type Format

view
optional

Set of [string]

edit
optional

Set of [string]

UPAttributeRequired

Name Type Format

roles
optional

Set of [string]

scopes
optional

Set of [string]

UPAttributeSelector

Name Type Format

scopes
optional

Set of [string]

UPConfig

Name Type Format

attributes
optional

List of UPAttribute

groups
optional

List of UPGroup

unmanagedAttributePolicy
optional

UnmanagedAttributePolicy

UPGroup

Name Type Format

name
optional

String

displayHeader
optional

String

displayDescription
optional

String

annotations
optional

Map of [AnyType]

UnmanagedAttributePolicy

Name Type Format

UserConsentRepresentation

Name Type Format

clientId
optional

String

grantedClientScopes
optional

List of [string]

createdDate
optional

Long

int64

lastUpdatedDate
optional

Long

int64

grantedRealmRoles
optional

List of [string]

UserFederationMapperRepresentation

Name Type Format

id
optional

String

name
optional

String

federationProviderDisplayName
optional

String

federationMapperType
optional

String

config
optional

Map of [string]

UserFederationProviderRepresentation

Name Type Format

id
optional

String

displayName
optional

String

providerName
optional

String

config
optional

Map of [string]

priority
optional

Integer

int32

fullSyncPeriod
optional

Integer

int32

changedSyncPeriod
optional

Integer

int32

lastSync
optional

Integer

int32

UserProfileAttributeGroupMetadata

Name Type Format

name
optional

String

displayHeader
optional

String

displayDescription
optional

String

annotations
optional

Map of [AnyType]

UserProfileAttributeMetadata

Name Type Format

name
optional

String

displayName
optional

String

required
optional

Boolean

readOnly
optional

Boolean

annotations
optional

Map of [AnyType]

validators
optional

Map of [map]

group
optional

String

multivalued
optional

Boolean

UserProfileMetadata

Name Type Format

attributes
optional

List of UserProfileAttributeMetadata

groups
optional

List of UserProfileAttributeGroupMetadata

UserRepresentation

Name Type Format

id
optional

String

username
optional

String

firstName
optional

String

lastName
optional

String

email
optional

String

emailVerified
optional

Boolean

attributes
optional

Map of [array]

userProfileMetadata
optional

UserProfileMetadata

self
optional

String

origin
optional

String

createdTimestamp
optional

Long

int64

enabled
optional

Boolean

totp
optional

Boolean

federationLink
optional

String

serviceAccountClientId
optional

String

credentials
optional

List of CredentialRepresentation

disableableCredentialTypes
optional

Set of [string]

requiredActions
optional

List of [string]

federatedIdentities
optional

List of FederatedIdentityRepresentation

realmRoles
optional

List of [string]

clientRoles
optional

Map of [array]

clientConsents
optional

List of UserConsentRepresentation

notBefore
optional

Integer

int32

applicationRoles
optional

Map of [array]

socialLinks
optional

List of SocialLinkRepresentation

groups
optional

List of [string]

access
optional

Map of [boolean]

UserSessionRepresentation

Name Type Format

id
optional

String

username
optional

String

userId
optional

String

ipAddress
optional

String

start
optional

Long

int64

lastAccess
optional

Long

int64

rememberMe
optional

Boolean

clients
optional

Map of [string]