### GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-access-token Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Generates an example access token for a client, optionally specifying audience, scope, and user ID. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-access-token ### Description Generates an example access token for a client, optionally specifying audience, scope, and user ID. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-access-token ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) #### Query Parameters - **audience** (string) - Optional - - **scope** (string) - Optional - - **userId** (string) - Optional - ### Responses #### Success Response (200) - (AccessToken) #### Error Response (403) - Forbidden #### Error Response (404) - Not Found ``` -------------------------------- ### GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-userinfo Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Generates an example user info payload for a client, optionally specifying scope and user ID. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-userinfo ### Description Generates an example user info payload for a client, optionally specifying scope and user ID. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-userinfo ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) #### Query Parameters - **scope** (string) - Optional - - **userId** (string) - Optional - ### Responses #### Success Response (200) - (Object) #### Error Response (403) - Forbidden ``` -------------------------------- ### GET /admin/realms/{realm}/clients/{client-uuid}/installation/providers/{providerId} Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves installation information for a specific client using a given provider ID. This is useful for obtaining client configuration details in a specific format. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/installation/providers/{providerId} ### Description Retrieves installation information for a specific client using a given provider ID. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/installation/providers/{providerId} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **providerId** (string) - Required ### Response #### Success Response (200) - OK ``` -------------------------------- ### GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-id-token Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Generates an example ID token for a client, optionally specifying audience, scope, and user ID. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-id-token ### Description Generates an example ID token for a client, optionally specifying audience, scope, and user ID. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-id-token ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) #### Query Parameters - **audience** (string) - Optional - - **scope** (string) - Optional - - **userId** (string) - Optional - ### Responses #### Success Response (200) - (IDToken) #### Error Response (403) - Forbidden #### Error Response (404) - Not Found ``` -------------------------------- ### Generate Example UserInfo Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Creates a JSON object with the payload of an example user info response for a client. This is useful for verifying how user information is presented. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-userinfo ### Description Create JSON with payload of example user info. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-userinfo ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) #### Query Parameters - **scope** (string) - Optional - The scope to include in the user info. - **userId** (string) - Optional - The ID of the user for whom to generate the user info. ### Response #### Success Response (200) - (object) - OK. Returns user information. ``` -------------------------------- ### Base URL Example Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Example of a base URL for accessing the Keycloak Admin REST API. ```plaintext http://localhost:8080/admin/realms ``` -------------------------------- ### Generate Example Access Token Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Creates a JSON object containing the payload of an example access token for a client. This is useful for testing and debugging token-related functionalities. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-access-token ### Description Create JSON with payload of example access token. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-access-token ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) #### Query Parameters - **audience** (string) - Optional - The audience for the token. - **scope** (string) - Optional - The scope to include in the token. - **userId** (string) - Optional - The ID of the user for whom to generate the token. ### Response #### Success Response (200) - (object) - An empty description, but returns an AccessToken object. - (AccessToken) - The generated example access token payload. ``` -------------------------------- ### GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Get all scope mappings for the client. ```APIDOC ## GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings ### Description Get all scope mappings for the client. ### Method GET ### Endpoint /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-scope-id** (string) - Required ### Responses #### Success Response (200) - **Data Type**: MappingsRepresentation ``` -------------------------------- ### Get Resource Server Settings Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Retrieves the settings for a resource server. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/settings ### Description Retrieves the settings for the resource server. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/settings ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) ### Responses #### Success Response (200) - **settings** (ResourceServerRepresentation) - The resource server settings. ``` -------------------------------- ### Generate Example ID Token Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Generates a JSON object representing the payload of an example ID token for a client. This helps in understanding the structure and content of ID tokens. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-id-token ### Description Create JSON with payload of example id token. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/generate-example-id-token ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) #### Query Parameters - **audience** (string) - Optional - The audience for the token. - **scope** (string) - Optional - The scope to include in the token. - **userId** (string) - Optional - The ID of the user for whom to generate the token. ### Response #### Success Response (200) - (object) - An empty description, but returns an IDToken object. - (IDToken) - The generated example ID token payload. #### Error Response (403) - Forbidden #### Error Response (404) - Not Found ``` -------------------------------- ### GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Retrieves all scope mappings for the client. ```APIDOC ## GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings ### Description Gets all scope mappings for the client. ### Method GET ### Endpoint /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-scope-id** (string) - Required ### Responses #### Success Response (200) - **MappingsRepresentation** - OK ``` -------------------------------- ### GET /admin/realms/{realm}/workflows Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Lists workflows, with options for filtering by name and pagination. ```APIDOC ## GET /admin/realms/{realm}/workflows ### Description List workflows filtered by name and paginated using first and max parameters. ### Method GET ### Endpoint /admin/realms/{realm}/workflows ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) #### Query Parameters - **exact** (boolean) - Optional - Boolean which defines whether the param 'search' must match exactly or not - **first** (integer) - Optional - The position of the first result to be processed (pagination offset) - **max** (integer) - Optional - The maximum number of results to be returned - defaults to 10 - **search** (string) - Optional - A String representing the workflow name - either partial or exact ### Content Type - `application/yaml` - `application/json` ``` -------------------------------- ### GET /admin/realms/{realm}/authentication/config/{id} Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Retrieves an authenticator configuration by its ID. ```APIDOC ## GET /admin/realms/{realm}/authentication/config/{id} ### Description Get authenticator configuration. ### Method GET ### Endpoint /admin/realms/{realm}/authentication/config/{id} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **id** (string) - Required - Configuration id ### Content Type application/json ### Responses #### Success Response (200) - **AuthenticatorConfigRepresentation** - OK ``` -------------------------------- ### Get User Profile Configuration Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves the configuration for the user profile within a realm. ```APIDOC ## GET /admin/realms/{realm}/users/profile ### Description Get the configuration for the user profile in the specified realm. ### Method GET ### Endpoint /admin/realms/{realm}/users/profile ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) ### Response #### Success Response (200) - (UPConfig) - The user profile configuration. #### Response Example ```json { "example": "UPConfig schema" } ``` ``` -------------------------------- ### GET /admin/realms/{realm}/client-scopes/{client-scope-id} Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Get the representation of a specific client scope by its ID. ```APIDOC ## GET /admin/realms/{realm}/client-scopes/{client-scope-id} ### Description Get representation of the client scope. ### Method GET ### Endpoint /admin/realms/{realm}/client-scopes/{client-scope-id} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-scope-id** (string) - Required - The ID of the client scope ### Response #### Success Response (200) - **content** (object) - A ClientScopeRepresentation object #### Response Example { "example": "ClientScopeRepresentation object" } #### Error Response (403) - **description** (string) - Forbidden ``` -------------------------------- ### List and Create Clients Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieve a list of clients belonging to the realm or create a new client. ```APIDOC ## GET /admin/realms/{realm}/clients ### Description Get clients belonging to the realm. If a client can’t be retrieved from the storage due to a problem with the underlying storage, it is silently removed from the returned list. This ensures that concurrent modifications to the list don’t prevent callers from retrieving this list. ### Method GET ### Endpoint /admin/realms/{realm}/clients ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) #### Query Parameters - **clientId** (string) - Optional - filter by clientId - **first** (integer) - Optional - the first result - **max** (integer) - Optional - the max results to return - **q** (string) - Optional - **search** (boolean) - Optional - whether this is a search query or a getClientById query (default: false) - **viewableOnly** (boolean) - Optional - filter clients that cannot be viewed in full by admin (default: false) ### Response #### Success Response (200) - (array) - OK - items: ClientRepresentation ## POST /admin/realms/{realm}/clients ### Description Create a new client. Client’s client_id must be unique! ### Method POST ### Endpoint /admin/realms/{realm}/clients ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) ### Request Body - ClientRepresentation ``` -------------------------------- ### POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/download Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Downloads a keystore file for a specific client, which includes its private key and public certificate. This is useful for securely managing client credentials. ```APIDOC ## POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/download ### Description Get a keystore file for the client, containing private key and public certificate ### Method POST ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/download ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **attr** (string) - Required - #### Request Body - **KeyStoreConfig** (object) - Optional - KeyStoreConfig ### Responses #### Success Response (200) - **File** - OK ``` -------------------------------- ### GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Get realm-level roles associated with the client’s scope. ```APIDOC ## GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm ### Description Get realm-level roles associated with the client’s scope. ### Method GET ### Endpoint /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-scope-id** (string) - Required ### Responses #### Success Response (200) - **Data Type**: List[RoleRepresentation] ``` -------------------------------- ### GET /admin/realms/{realm}/client-scopes Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Get client scopes belonging to the realm. Returns a list of client scopes. ```APIDOC ## GET /admin/realms/{realm}/client-scopes ### Description Get client scopes belonging to the realm. Returns a list of client scopes belonging to the realm. ### Method GET ### Endpoint /admin/realms/{realm}/client-scopes ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) ### Response #### Success Response (200) - **content** (array) - A list of ClientScopeRepresentation objects #### Response Example { "example": "Array of ClientScopeRepresentation objects" } ``` -------------------------------- ### Create Authenticator Configuration Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Creates a new authenticator configuration in a given realm. ```bash POST /admin/realms/{realm}/authentication/config ``` -------------------------------- ### GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/available Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Get realm-level roles that are available to attach to this client’s scope. ```APIDOC ## GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/available ### Description Get realm-level roles that are available to attach to this client’s scope. ### Method GET ### Endpoint /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/available ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-scope-id** (string) - Required ### Responses #### Success Response (200) - **Data Type**: List[RoleRepresentation] ``` -------------------------------- ### Create Component Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Creates a new component in the specified realm. ```APIDOC ## POST /admin/realms/{realm}/components ### Description Creates a new component in the specified realm. ### Method POST ### Endpoint /admin/realms/{realm}/components ### Request Body - **ComponentRepresentation** - Required - The representation of the component to create. ### Response #### Success Response (200) - **OK** ``` -------------------------------- ### Initialize Role Authorization Permissions Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Initializes role Authorization permissions. ```APIDOC ## PUT /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions ### Description Initializes Authorization permissions for the specified role. ### Method PUT ### Endpoint /admin/realms/{realm}/roles-by-id/{role-id}/management/permissions ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **role-id** (string) - Required ### Response #### Success Response (200) - (object) - A ManagementPermissionReference object, potentially updated. #### Response Example ```json { "enabled": true, "resourceServerId": "resource-server-id" } ``` #### Error Response (403) Forbidden ``` -------------------------------- ### GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client} Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Get the roles associated with a client’s scope. Returns roles for the client. ```APIDOC ## GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client} ### Description Get the roles associated with a client’s scope. Returns roles for the client. ### Method GET ### Endpoint /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/clients/{client} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-scope-id** (string) - Required - **client** (string) - Required ### Responses #### Success Response (200) - **Data Type**: List[RoleRepresentation] ``` -------------------------------- ### Get Configuration Descriptions for All Clients Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Fetches configuration descriptions applicable to all clients. This helps in understanding the configurable properties for client integrations. ```APIDOC ## GET /admin/realms/{realm}/authentication/per-client-config-description ### Description Fetches configuration descriptions for all clients. ### Method GET ### Endpoint /admin/realms/{realm}/authentication/per-client-config-description ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) ### Response #### Success Response (200) - **description** (OK) - **content** (object) - **application/json** (object) - **additionalProperties** (array) - **items** ($ref: '#/components/schemas/ConfigPropertyRepresentation') ``` -------------------------------- ### Get Protocol Mapper by ID Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves a specific protocol mapper by its ID for a given client. Use this to get details of a single mapper. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id} ### Description Retrieves a specific protocol mapper by its ID. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/protocol-mappers/models/{id} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **id** (string) - Required - Mapper id ### Response #### Success Response (200) Description: OK - **ProtocolMapperRepresentation** (object) - The protocol mapper configuration ``` -------------------------------- ### POST /admin/realms/{realm}/authentication/config Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Creates a new authenticator configuration. ```APIDOC ## POST /admin/realms/{realm}/authentication/config ### Description Create new authenticator configuration. ### Method POST ### Endpoint /admin/realms/{realm}/authentication/config ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) ``` -------------------------------- ### GET /admin/realms/{realm}/authentication/per-client-config-description Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Retrieves configuration descriptions for all clients within a specified realm. ```APIDOC ## GET /admin/realms/{realm}/authentication/per-client-config-description ### Description Get configuration descriptions for all clients ### Method GET ### Endpoint /admin/realms/{realm}/authentication/per-client-config-description ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) ### Responses #### Success Response (200) - **[AnyType]** - OK ``` -------------------------------- ### Get effective realm-level role mappings Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves the effective realm-level role mappings for a user, including any composite roles. This will recurse all composite roles to get the result. ```APIDOC ## GET /admin/realms/{realm}/users/{user-id}/role-mappings/realm/composite ### Description Get effective realm-level role mappings. This will recurse all composite roles to get the result. ### Method GET ### Endpoint /admin/realms/{realm}/users/{user-id}/role-mappings/realm/composite ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **user-id** (string) - Required - User ID #### Query Parameters - **briefRepresentation** (boolean) - Optional - if false, return roles with their attributes (defaults to true) ### Response #### Success Response (200) - **roles** (array) - List of RoleRepresentation objects #### Error Response (403) - **error** (string) - Description of the error ``` -------------------------------- ### KeyStoreConfig Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Configuration for Key Store. ```APIDOC ## KeyStoreConfig ### Description Configuration settings for managing the Key Store, including passwords and aliases. ### Fields - **realmCertificate** (Boolean) - Optional - Whether to use the realm certificate. - **storePassword** (String) - Optional - Password for the keystore. - **keyPassword** (String) - Optional - Password for the key. - **keyAlias** (String) - Optional - Alias for the key. - **realmAlias** (String) - Optional - Alias for the realm. - **format** (String) - Optional - Format of the keystore (e.g., JKS, PKCS12). - **keySize** (Integer) - Optional - Size of the key in bits. - **validity** (Integer) - Optional - Validity period of the key in days. ``` -------------------------------- ### Generate and Download Key Pair and Certificate Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Generates a new key pair and certificate, and then serves the private key in a specified keystore format. Note that only the public certificate is saved in the Keycloak database; the private key is not persisted. ```APIDOC ## POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate-and-download ### Description Generate a new keypair and certificate, and get the private key file. Generates a keypair and certificate and serves the private key in a specified keystore format. Only generated public certificate is saved in Keycloak DB - the private key is not. ### Method POST ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate-and-download ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **attr** (string) - Required - #### Request Body - **KeyStoreConfig** (object) - Required - ### Request Example ```json { "example": "KeyStoreConfig object" } ``` ### Response #### Success Response (200) - **binary** (string) - #### Response Example [binary data representing keystore file] ``` -------------------------------- ### GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Get realm-level roles associated with the client’s scope. This endpoint retrieves all realm roles that are currently mapped to the specified client's scope. ```APIDOC ## GET /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm ### Description Get realm-level roles associated with the client’s scope. ### Method GET ### Endpoint /admin/realms/{realm}/client-templates/{client-scope-id}/scope-mappings/realm ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-scope-id** (string) - Required - #### Query Parameters - **briefRepresentation** (boolean) - Optional - if false, return roles with their attributes ### Responses #### Success Response (200) - **List[RoleRepresentation]** - OK ``` -------------------------------- ### POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Creates a new scope. ```APIDOC ## POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope ### Description Creates a new scope. ### Method POST ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) #### Request Body - **ScopeRepresentation** (object) - Required - The scope object to create. - **id** (string) - Optional - **name** (string) - Optional - **description** (string) - Optional ### Response #### Success Response (200) - **Scope** (object) - The created scope object. #### Response Example { "example": "{\n \"id\": \"string\",\n \"name\": \"string\",\n \"description\": \"string\"\n}" } ``` -------------------------------- ### GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/composite Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Get effective realm-level roles associated with the client’s scope. This method shows a comprehensive total view of realm-level roles associated with the client. ```APIDOC ## GET /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/composite ### Description Get effective realm-level roles associated with the client’s scope. This method shows a comprehensive total view of realm-level roles associated with the client. ### Method GET ### Endpoint /admin/realms/{realm}/client-scopes/{client-scope-id}/scope-mappings/realm/composite ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-scope-id** (string) - Required #### Query Parameters - **briefRepresentation** (boolean) - Optional - if false, return roles with their attributes ### Responses #### Success Response (200) - **Data Type**: List[RoleRepresentation] ``` -------------------------------- ### GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/composite Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Get effective client roles Returns the roles for the client that are associated with the client’s scope. This includes roles inherited from composite roles. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/composite ### Description Get effective client roles Returns the roles for the client that are associated with the client’s scope. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client}/composite ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **client** (string) - Required - #### Query Parameters - **briefRepresentation** (boolean) - Optional - if false, return roles with their attributes ### Responses #### Success Response (200) - **List[RoleRepresentation]** - OK ``` -------------------------------- ### GET /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Retrieves the status of client Authorization permissions initialization for an identity provider instance. It returns a reference object indicating whether permissions have been initialized. ```APIDOC ## GET /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions ### Description Return object stating whether client Authorization permissions have been initialized or not and a reference. ### Method GET ### Endpoint /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **alias** (string) - Required - ### Responses #### Success Response (200) - **ManagementPermissionReference** (object) - OK ``` -------------------------------- ### GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client} Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Get the roles associated with a client’s scope Returns roles for the client. This endpoint retrieves all client roles currently mapped to the client's scope. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client} ### Description Get the roles associated with a client’s scope Returns roles for the client. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/scope-mappings/clients/{client} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **client** (string) - Required - ### Responses #### Success Response (200) - **List[RoleRepresentation]** - OK ``` -------------------------------- ### POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/import Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Imports an authorization resource server configuration for a specific client within a realm. ```APIDOC ## POST /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/import ### Description Imports an authorization resource server configuration for a specific client within a realm. ### Method POST ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/import ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) #### Request Body - **ResourceServerRepresentation** (object) - Optional - ResourceServerRepresentation ### Responses #### Success Response (204) - **<<>>** (any) - No Content ``` -------------------------------- ### GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/granted Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Gets the effective scope mapping of all roles from a particular role container that the client is allowed to have in its access token. This includes direct scope mappings and those granted through client scopes linked to the client. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/granted ### Description Gets effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him. This contains scope mappings, which this client has directly, as well as scope mappings, which are granted to all client scopes, which are linked with this client. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/evaluate-scopes/scope-mappings/{roleContainerId}/granted ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **roleContainerId** (string) - Required - either realm name OR client UUID #### Query Parameters - **scope** (string) - Optional ### Response #### Success Response (200) - (array) - Contains RoleRepresentation objects. #### Error Response - **403** - Forbidden ``` -------------------------------- ### POST /admin/realms/{realm}/components Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Creates a new component within a specified realm. ```APIDOC ## POST /admin/realms/{realm}/components ### Description Creates a new component within a specified realm. ### Method POST ### Endpoint /admin/realms/{realm}/components ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) #### Request Body - **ComponentRepresentation** (object) - Optional - ComponentRepresentation ### Responses #### Success Response (200) - **<<>>** (any) - OK ``` -------------------------------- ### Get Unmanaged Attributes Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves unmanaged attributes for a specific user. ```APIDOC ## GET /admin/realms/{realm}/users/{user-id}/unmanagedAttributes ### Description Get unmanaged attributes for a user. ### Method GET ### Endpoint /admin/realms/{realm}/users/{user-id}/unmanagedAttributes ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **user-id** (string) - Required ### Responses #### Success Response (200) OK - **object** (object) - An object where keys are attribute names and values are arrays of strings. ``` -------------------------------- ### List Components Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves a list of components for a given realm. Supports filtering by name, parent, provider ID, and type. ```APIDOC ## GET /admin/realms/{realm}/components ### Description Retrieves a list of components for a given realm. Supports filtering by name, parent, provider ID, and type. ### Method GET ### Endpoint /admin/realms/{realm}/components ### Parameters #### Query Parameters - **name** (string) - Optional - Filter by component name. - **parent** (string) - Optional - Filter by parent component. - **providerId** (string) - Optional - Filter by provider ID. - **type** (string) - Optional - Filter by component type. ### Response #### Success Response (200) - **array** - List of ComponentRepresentation objects. ``` -------------------------------- ### POST /admin/realms/{realm}/client-description-converter Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Base path for importing clients under a specific realm. Accepts client descriptions in JSON, XML, or plain text format. ```APIDOC ## POST /admin/realms/{realm}/client-description-converter ### Description Base path for importing clients under this realm. ### Method POST ### Endpoint /admin/realms/{realm}/client-description-converter ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) #### Request Body - **content** (string) - Required - Accepts application/json, application/xml, or text/plain ### Response #### Success Response (200) - **content** (object) - Description of the imported client representation #### Response Example { "example": "ClientRepresentation object" } ``` -------------------------------- ### Get Resources for Scope Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Retrieves all resources associated with a specific scope. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/resources ### Description Retrieves all resources associated with a specific scope. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/resources ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **scope-id** (string) - Required - The ID of the scope. ### Responses #### Success Response (200) - **resources** (List[ResourceRepresentation]) - A list of resources associated with the scope. ``` -------------------------------- ### Manage Identity Provider Management Permissions Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Manages the initialization status and reference for client Authorization permissions for an identity provider. ```APIDOC ## GET /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions ### Description Returns an object stating whether client Authorization permissions have been initialized or not and a reference. ### Method GET ### Endpoint /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **alias** (string) - Required - The alias of the identity provider ### Response #### Success Response (200) - **ManagementPermissionReference** - An object indicating the status of authorization permissions. ``` ```APIDOC ## PUT /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions ### Description Updates the initialization status and reference for client Authorization permissions for an identity provider. ### Method PUT ### Endpoint /admin/realms/{realm}/identity-provider/instances/{alias}/management/permissions ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **alias** (string) - Required - The alias of the identity provider #### Request Body - **ManagementPermissionReference** - Required - The object containing the updated permission status and reference. ``` -------------------------------- ### Get Permissions for Scope Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Retrieves all permissions associated with a specific scope. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/permissions ### Description Retrieves all permissions associated with a specific scope. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id}/permissions ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **scope-id** (string) - Required - The ID of the scope. ### Responses #### Success Response (200) - **permissions** (List[PolicyRepresentation]) - A list of policies associated with the scope. ``` -------------------------------- ### Create Client Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Creates a new client within a realm. The client's client_id must be unique. ```APIDOC ## POST /admin/realms/{realm}/clients ### Description Create a new client. Client’s client_id must be unique! ### Method POST ### Endpoint /admin/realms/{realm}/clients ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) #### Request Body - **ClientRepresentation** (object) - Optional - ClientRepresentation ### Responses #### Success Response (201) - <<>> - Created #### Error Response (409) - <<>> - Conflict ``` -------------------------------- ### Get Scope by ID Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Retrieves details of a specific scope by its ID. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id} ### Description Retrieves a specific scope by its ID. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/authz/resource-server/scope/{scope-id} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **scope-id** (string) - Required - The ID of the scope to retrieve. ### Responses #### Success Response (200) - **scope** (ScopeRepresentation) - The details of the requested scope. #### Error Response (404) - Not found ``` -------------------------------- ### Get User Representation Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves the representation of a specific user by their ID. ```APIDOC ## GET /admin/realms/{realm}/users/{user-id} ### Description Get representation of the user specified by the user ID in the given realm. ### Method GET ### Endpoint /admin/realms/{realm}/users/{user-id} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **user-id** (string) - Required - The ID of the user to retrieve. #### Query Parameters - **userProfileMetadata** (boolean) - Optional - Indicates if the user profile metadata should be added to the response. ### Response #### Success Response (200) - (UserRepresentation) - The user representation. #### Response Example ```json { "example": "UserRepresentation schema" } ``` ``` -------------------------------- ### Get Keystore File for Client Certificate Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves a keystore file for a client, containing its private key and public certificate. This is useful for obtaining the necessary credentials for secure communication. ```APIDOC ## GET /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr} ### Description Get a keystore file for the client, containing private key and public certificate. ### Method GET ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **attr** (string) - Required - ### Response #### Success Response (200) - **binary** (string) - #### Response Example [binary data representing keystore file] ``` -------------------------------- ### POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate-and-download Source: https://www.keycloak.org/docs-api/latest/rest-api/index.html Generates a new key pair and certificate for a client and serves the private key in a specified keystore format. Only the public certificate is saved in Keycloak; the private key is not persisted. ```APIDOC ## POST /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate-and-download ### Description Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format. Only generated public certificate is saved in Keycloak DB - the private key is not. ### Method POST ### Endpoint /admin/realms/{realm}/clients/{client-uuid}/certificates/{attr}/generate-and-download ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **client-uuid** (string) - Required - id of client (not client-id!) - **attr** (string) - Required - #### Request Body - **KeyStoreConfig** (object) - Optional - KeyStoreConfig ### Responses #### Success Response (200) - **File** - OK ``` -------------------------------- ### Get Invitation by ID Source: https://www.keycloak.org/docs-api/latest/rest-api/openapi.yaml Retrieves a specific invitation by its unique ID. ```APIDOC ## GET /admin/realms/{realm}/organizations/{org-id}/invitations/{id} ### Description Get invitation by ID. ### Method GET ### Endpoint /admin/realms/{realm}/organizations/{org-id}/invitations/{id} ### Parameters #### Path Parameters - **realm** (string) - Required - realm name (not id!) - **org-id** (string) - Required - The organization ID - **id** (string) - Required - The invitation ID ### Response #### Success Response (200) - **OrganizationInvitationRepresentation** - Description of the invitation representation #### Response Example { "example": "{\"id\": \"invitation-id-1\", \"email\": \"user@example.com\", \"status\": \"PENDING\"}" } #### Error Response - **404** - Not Found ```