--- openapi: 3.0.2 info: title: Keycloak Admin REST API description: This is a REST API reference for the Keycloak Admin version: '1' paths: # Login Manualisht # "/auth/realms/{realm}": # get: # tags: # - Login # summary: Login # responses: # 2XX: # description: success # content: # application/json: # schema: # "$ref": "#/components/schemas/LoginResponse" # post: # tags: # - Login to Realm # summary: Login with Username/Email and password # requestBody: # description: JSON representation of the realm # content: # application/json: # schema: # "$ref": "#/components/schemas/RealmRepresentation" # required: true # responses: # 2XX: # description: success #end Login "/": get: tags: - Root summary: Get themes, social providers, auth providers, and event listeners available on this server responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ServerInfoRepresentation" post: tags: - Realms Admin summary: Import a realm Imports a realm from a full representation of that realm. requestBody: description: JSON representation of the realm content: application/json: schema: "$ref": "#/components/schemas/RealmRepresentation" required: true responses: 2XX: description: success "/{id}/name": get: tags: - User Storage Provider summary: Need this for admin console to display simple name of provider when displaying client detail KEYCLOAK-4328 responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: id required: true schema: type: string style: simple "/{realm}": get: tags: - Realms Admin summary: Get the top-level representation of the realm It will not include nested information like User and Client representations. responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/RealmRepresentation" put: tags: - Realms Admin summary: Update the top-level information of the realm Any user, roles or client information in the representation will be ignored. requestBody: content: application/json: schema: "$ref": "#/components/schemas/RealmRepresentation" required: true responses: 2XX: description: success delete: tags: - Realms Admin summary: Delete the realm responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/admin-events": get: tags: - Realms Admin summary: Get admin events Returns all admin events, or filters events based on URL query parameters listed here parameters: - in: query name: authClient schema: type: string style: form - in: query name: authIpAddress schema: type: string style: form - in: query name: authRealm schema: type: string style: form - in: query name: authUser description: user id schema: type: string style: form - in: query name: dateFrom schema: type: string style: form - in: query name: dateTo schema: type: string style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form - in: query name: operationTypes schema: type: array items: type: string style: form - in: query name: resourcePath schema: type: string style: form - in: query name: resourceTypes schema: type: array items: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true delete: tags: - Realms Admin summary: Delete all admin events responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/attack-detection/brute-force/users": delete: tags: - Attack Detection summary: Clear any user login failures for all users This can release temporary disabled users responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/attack-detection/brute-force/users/{userId}": get: tags: - Attack Detection summary: Get status of a username in brute force detection responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true delete: tags: - Attack Detection summary: Clear any user login failures for the user This can release temporary disabled user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: userId required: true schema: type: string style: simple "/{realm}/authentication/authenticator-providers": get: tags: - Authentication Management summary: Get authenticator providers Returns a stream of authenticator providers. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/client-authenticator-providers": get: tags: - Authentication Management summary: Get client authenticator providers Returns a stream of client authenticator providers. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/config-description/{providerId}": get: tags: - Authentication Management summary: Get authenticator provider’s configuration description responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/AuthenticatorConfigInfoRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: providerId required: true schema: type: string style: simple "/{realm}/authentication/config/{id}": get: tags: - Authentication Management summary: Get authenticator configuration responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/AuthenticatorConfigRepresentation" put: tags: - Authentication Management summary: Update authenticator configuration requestBody: description: JSON describing new state of authenticator configuration content: application/json: schema: "$ref": "#/components/schemas/AuthenticatorConfigRepresentation" required: true responses: 2XX: description: success delete: tags: - Authentication Management summary: Delete authenticator configuration responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: Configuration id required: true schema: type: string style: simple "/{realm}/authentication/executions": post: tags: - Authentication Management summary: Add new authentication execution requestBody: description: JSON model describing authentication execution content: application/json: schema: "$ref": "#/components/schemas/AuthenticationExecutionRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/executions/{executionId}": get: tags: - Authentication Management summary: Get Single Execution responses: 2XX: description: success delete: tags: - Authentication Management summary: Delete execution responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: executionId description: Execution id required: true schema: type: string style: simple "/{realm}/authentication/executions/{executionId}/config": post: tags: - Authentication Management summary: Update execution with new configuration requestBody: description: JSON with new configuration content: application/json: schema: "$ref": "#/components/schemas/AuthenticatorConfigRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: executionId description: Execution id required: true schema: type: string style: simple "/{realm}/authentication/executions/{executionId}/lower-priority": post: tags: - Authentication Management summary: Lower execution’s priority responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: executionId description: Execution id required: true schema: type: string style: simple "/{realm}/authentication/executions/{executionId}/raise-priority": post: tags: - Authentication Management summary: Raise execution’s priority responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: executionId description: Execution id required: true schema: type: string style: simple "/{realm}/authentication/flows": get: tags: - Authentication Management summary: Get authentication flows Returns a stream of authentication flows. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Authentication Management summary: Create a new authentication flow requestBody: description: Authentication flow representation content: application/json: schema: "$ref": "#/components/schemas/AuthenticationFlowRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/flows/{flowAlias}/copy": post: tags: - Authentication Management summary: Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object requestBody: description: JSON containing 'newName' attribute content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: flowAlias description: Name of the existing authentication flow required: true schema: type: string style: simple "/{realm}/authentication/flows/{flowAlias}/executions": get: tags: - Authentication Management summary: Get authentication executions for a flow responses: 2XX: description: success put: tags: - Authentication Management summary: Update authentication executions of a Flow requestBody: description: AuthenticationExecutionInfoRepresentation content: application/json: schema: "$ref": "#/components/schemas/AuthenticationExecutionInfoRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: flowAlias description: Flow alias required: true schema: type: string style: simple "/{realm}/authentication/flows/{flowAlias}/executions/execution": post: tags: - Authentication Management summary: Add new authentication execution to a flow requestBody: description: New execution JSON data containing 'provider' attribute content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: flowAlias description: Alias of parent flow required: true schema: type: string style: simple "/{realm}/authentication/flows/{flowAlias}/executions/flow": post: tags: - Authentication Management summary: Add new flow with new execution to existing flow requestBody: description: New authentication flow / execution JSON data containing 'alias', 'type', 'provider', and 'description' attributes content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: flowAlias description: Alias of parent authentication flow required: true schema: type: string style: simple "/{realm}/authentication/flows/{id}": get: tags: - Authentication Management summary: Get authentication flow for id responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/AuthenticationFlowRepresentation" put: tags: - Authentication Management summary: Update an authentication flow requestBody: description: Authentication flow representation content: application/json: schema: "$ref": "#/components/schemas/AuthenticationFlowRepresentation" required: true responses: 2XX: description: success delete: tags: - Authentication Management summary: Delete an authentication flow responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: Flow id required: true schema: type: string style: simple "/{realm}/authentication/form-action-providers": get: tags: - Authentication Management summary: Get form action providers Returns a stream of form action providers. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/form-providers": get: tags: - Authentication Management summary: Get form providers Returns a stream of form providers. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/per-client-config-description": get: tags: - Authentication Management summary: Get configuration descriptions for all clients responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/register-required-action": post: tags: - Authentication Management summary: Register a new required actions requestBody: description: JSON containing 'providerId', and 'name' attributes. content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/required-actions": get: tags: - Authentication Management summary: Get required actions Returns a stream of required actions. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/authentication/required-actions/{alias}": get: tags: - Authentication Management summary: Get required action for alias responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/RequiredActionProviderRepresentation" put: tags: - Authentication Management summary: Update required action requestBody: description: JSON describing new state of required action content: application/json: schema: "$ref": "#/components/schemas/RequiredActionProviderRepresentation" required: true responses: 2XX: description: success delete: tags: - Authentication Management summary: Delete required action responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias description: Alias of required action required: true schema: type: string style: simple "/{realm}/authentication/required-actions/{alias}/lower-priority": post: tags: - Authentication Management summary: Lower required action’s priority responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias description: Alias of required action required: true schema: type: string style: simple "/{realm}/authentication/required-actions/{alias}/raise-priority": post: tags: - Authentication Management summary: Raise required action’s priority responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias description: Alias of required action required: true schema: type: string style: simple "/{realm}/authentication/unregistered-required-actions": get: tags: - Authentication Management summary: Get unregistered required actions Returns a stream of unregistered required actions. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/clear-keys-cache": post: tags: - Realms Admin summary: Clear cache of external public keys (Public keys of clients or Identity providers) responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/clear-realm-cache": post: tags: - Realms Admin summary: Clear realm cache responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/clear-user-cache": post: tags: - Realms Admin summary: Clear user cache responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/client-description-converter": post: tags: - Realms Admin summary: Base path for importing clients under this realm. requestBody: content: text/plain: schema: type: string required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ClientRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/client-policies/policies": get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ClientPoliciesRepresentation" put: tags: - Realms Admin requestBody: content: application/json: schema: "$ref": "#/components/schemas/ClientPoliciesRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/client-policies/profiles": get: tags: - Realms Admin parameters: - in: query name: include-global-profiles schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ClientProfilesRepresentation" put: tags: - Realms Admin requestBody: content: application/json: schema: "$ref": "#/components/schemas/ClientProfilesRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/client-registration-policy/providers": get: tags: - Client Registration Policy summary: Base path for retrieve providers with the configProperties properly filled responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/client-scopes": get: tags: - Client Scopes summary: Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Client Scopes summary: Create a new client scope Client Scope’s name must be unique! requestBody: content: application/json: schema: "$ref": "#/components/schemas/ClientScopeRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/client-scopes/{id1}/protocol-mappers/models/{id2}": get: tags: - Protocol Mappers summary: Get mapper by id responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ProtocolMapperRepresentation" put: tags: - Protocol Mappers summary: Update the mapper requestBody: content: application/json: schema: "$ref": "#/components/schemas/ProtocolMapperRepresentation" required: true responses: 2XX: description: success delete: tags: - Protocol Mappers summary: Delete the mapper responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id1 required: true schema: type: string style: simple - in: path name: id2 required: true schema: type: string style: simple "/{realm}/client-scopes/{id}": get: tags: - Client Scopes summary: Get representation of the client scope responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ClientScopeRepresentation" put: tags: - Client Scopes summary: Update the client scope requestBody: content: application/json: schema: "$ref": "#/components/schemas/ClientScopeRepresentation" required: true responses: 2XX: description: success delete: tags: - Client Scopes summary: Delete the client scope responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/protocol-mappers/add-models": post: tags: - Protocol Mappers summary: Create multiple mappers requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/ProtocolMapperRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/protocol-mappers/models": get: tags: - Protocol Mappers summary: Get mappers responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Protocol Mappers summary: Create a mapper requestBody: content: application/json: schema: "$ref": "#/components/schemas/ProtocolMapperRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol}": get: tags: - Protocol Mappers summary: Get mappers by name for a specific protocol responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple - in: path name: protocol required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/scope-mappings/clients/{client}": get: tags: - Scope Mappings summary: Get the roles associated with a client’s scope Returns roles for the client. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Scope Mappings summary: Add client-level roles to the client’s scope requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Scope Mappings summary: Remove client-level roles from the client’s scope. requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available": get: tags: - Scope Mappings summary: The available client-level roles Returns the roles for the client that can be associated with the client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite": get: tags: - Scope Mappings summary: Get effective client roles Returns the roles for the client that are associated with the client’s scope. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/scope-mappings/realm": get: tags: - Scope Mappings summary: Get realm-level roles associated with the client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Scope Mappings summary: Add a set of realm-level roles to the client’s scope requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Scope Mappings summary: Remove a set of realm-level roles from the client’s scope requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/scope-mappings/realm/available": get: tags: - Scope Mappings summary: Get realm-level roles that are available to attach to this client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple "/{realm}/client-scopes/{id}/scope-mappings/realm/composite": get: tags: - Scope Mappings summary: Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple "/{realm}/client-session-stats": get: tags: - Realms Admin summary: Get client session stats Returns a JSON map. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/clients": get: tags: - Clients summary: Get clients belonging to the realm. parameters: - in: query name: clientId description: filter by clientId schema: type: string style: form - in: query name: first description: the first result schema: type: integer format: int32 style: form - in: query name: max description: the max results to return schema: type: integer format: int32 style: form - in: query name: q schema: type: string style: form - in: query name: search description: whether this is a search query or a getClientById query schema: type: boolean style: form - in: query name: viewableOnly description: filter clients that cannot be viewed in full by admin schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Clients summary: Create a new client Client’s client_id must be unique! requestBody: content: application/json: schema: "$ref": "#/components/schemas/ClientRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/clients-initial-access": get: tags: - Client Initial Access responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Client Initial Access summary: Create a new initial access token. requestBody: content: application/json: schema: "$ref": "#/components/schemas/ClientInitialAccessCreatePresentation" required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ClientInitialAccessPresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/clients-initial-access/{id}": delete: tags: - Client Initial Access responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/clients/{id1}/protocol-mappers/models/{id2}": get: tags: - Protocol Mappers summary: Get mapper by id responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ProtocolMapperRepresentation" put: tags: - Protocol Mappers summary: Update the mapper requestBody: content: application/json: schema: "$ref": "#/components/schemas/ProtocolMapperRepresentation" required: true responses: 2XX: description: success delete: tags: - Protocol Mappers summary: Delete the mapper responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id1 required: true schema: type: string style: simple - in: path name: id2 required: true schema: type: string style: simple "/{realm}/clients/{id}": get: tags: - Clients summary: Get representation of the client responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ClientRepresentation" put: tags: - Clients summary: Update the client requestBody: content: application/json: schema: "$ref": "#/components/schemas/ClientRepresentation" required: true responses: 2XX: description: success delete: tags: - Clients summary: Delete the client responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/certificates/{attr}": get: tags: - Client Attribute Certificate summary: Get key info responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/CertificateRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple "/{realm}/clients/{id}/certificates/{attr}/download": post: tags: - Client Attribute Certificate summary: Get a keystore file for the client, containing private key and public certificate requestBody: description: Keystore configuration as JSON content: application/json: schema: "$ref": "#/components/schemas/KeyStoreConfig" required: true responses: 2XX: description: success content: application/octet-stream: schema: type: string format: byte parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple "/{realm}/clients/{id}/certificates/{attr}/generate": post: tags: - Client Attribute Certificate summary: Generate a new certificate with new key pair responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/CertificateRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple "/{realm}/clients/{id}/certificates/{attr}/generate-and-download": post: tags: - Client Attribute Certificate summary: Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format. requestBody: description: Keystore configuration as JSON content: application/json: schema: "$ref": "#/components/schemas/KeyStoreConfig" required: true responses: 2XX: description: success content: application/octet-stream: schema: type: string format: byte parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple "/{realm}/clients/{id}/certificates/{attr}/upload": post: tags: - Client Attribute Certificate summary: Upload certificate and eventually private key responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/CertificateRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple "/{realm}/clients/{id}/certificates/{attr}/upload-certificate": post: tags: - Client Attribute Certificate summary: Upload only certificate, not private key responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/CertificateRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple "/{realm}/clients/{id}/client-secret": get: tags: - Clients summary: Get the client secret responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/CredentialRepresentation" post: tags: - Clients summary: Generate a new secret for the client responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/CredentialRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/client-secret/rotated": get: tags: - Clients summary: Get the rotated client secret responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/CredentialRepresentation" delete: tags: - Clients summary: Invalidate the rotated secret for the client responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/default-client-scopes": get: tags: - Clients summary: Get default client scopes. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/default-client-scopes/{clientScopeId}": put: tags: - Clients responses: 2XX: description: success delete: tags: - Clients responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: clientScopeId required: true schema: type: string style: simple "/{realm}/clients/{id}/evaluate-scopes/generate-example-access-token": get: tags: - Clients summary: Create JSON with payload of example access token parameters: - in: query name: scope schema: type: string style: form - in: query name: userId schema: type: string style: form responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/AccessToken" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/evaluate-scopes/generate-example-id-token": get: tags: - Clients summary: Create JSON with payload of example id token parameters: - in: query name: scope schema: type: string style: form - in: query name: userId schema: type: string style: form responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/IDToken" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/evaluate-scopes/generate-example-userinfo": get: tags: - Clients summary: Create JSON with payload of example user info parameters: - in: query name: scope schema: type: string style: form - in: query name: userId schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/evaluate-scopes/protocol-mappers": get: tags: - Clients summary: Return list of all protocol mappers, which will be used when generating tokens issued for particular client. parameters: - in: query name: scope schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted": get: tags: - Clients summary: Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him. parameters: - in: query name: scope schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: roleContainerId description: either realm name OR client UUID required: true schema: type: string style: simple "/{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted": get: tags: - Clients summary: Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him. parameters: - in: query name: scope schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: roleContainerId description: either realm name OR client UUID required: true schema: type: string style: simple "/{realm}/clients/{id}/installation/providers/{providerId}": get: tags: - Clients responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: providerId required: true schema: type: string style: simple "/{realm}/clients/{id}/management/permissions": get: tags: - Clients summary: Return object stating whether client Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" put: tags: - Clients summary: Return object stating whether client Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/nodes": post: tags: - Clients summary: Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to Keycloak requestBody: content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/nodes/{node}": delete: tags: - Clients summary: Unregister a cluster node from the client responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: node required: true schema: type: string style: simple "/{realm}/clients/{id}/offline-session-count": get: tags: - Clients summary: 'Get application offline session count Returns a number of offline user sessions associated with this client { "count": number }' responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/offline-sessions": get: tags: - Clients summary: Get offline sessions for client Returns a list of offline user sessions associated with this client parameters: - in: query name: first description: Paging offset schema: type: integer format: int32 style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/optional-client-scopes": get: tags: - Clients summary: Get optional client scopes. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/optional-client-scopes/{clientScopeId}": put: tags: - Clients responses: 2XX: description: success delete: tags: - Clients responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: clientScopeId required: true schema: type: string style: simple "/{realm}/clients/{id}/protocol-mappers/add-models": post: tags: - Protocol Mappers summary: Create multiple mappers requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/ProtocolMapperRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/protocol-mappers/models": get: tags: - Protocol Mappers summary: Get mappers responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Protocol Mappers summary: Create a mapper requestBody: content: application/json: schema: "$ref": "#/components/schemas/ProtocolMapperRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/protocol-mappers/protocol/{protocol}": get: tags: - Protocol Mappers summary: Get mappers by name for a specific protocol responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: protocol required: true schema: type: string style: simple "/{realm}/clients/{id}/push-revocation": post: tags: - Clients summary: Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it. responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/GlobalRequestResult" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/registration-access-token": post: tags: - Clients summary: Generate a new registration access token for the client responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ClientRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/roles": get: tags: - Roles summary: Get all roles for the realm or client parameters: - in: query name: briefRepresentation schema: type: boolean style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles summary: Create a new role for the realm or client requestBody: content: application/json: schema: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/roles/{role-name}": get: tags: - Roles summary: Get a role by name responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/RoleRepresentation" put: tags: - Roles summary: Update a role by name requestBody: content: application/json: schema: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Roles summary: Delete a role by name responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple "/{realm}/clients/{id}/roles/{role-name}/composites": get: tags: - Roles summary: Get composites of the role responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles summary: Add a composite to the role requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Roles summary: Remove roles from the role’s composite requestBody: description: roles to remove content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple "/{realm}/clients/{id}/roles/{role-name}/composites/clients/{clientUuid}": get: tags: - Roles summary: Get client-level roles for the client that are in the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple - in: path name: clientUuid required: true schema: type: string style: simple "/{realm}/clients/{id}/roles/{role-name}/composites/realm": get: tags: - Roles summary: Get realm-level roles of the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple "/{realm}/clients/{id}/roles/{role-name}/groups": get: tags: - Roles summary: Returns a stream of groups that have the specified role name parameters: - in: query name: briefRepresentation description: if false, return a full representation of the {@code GroupRepresentation} objects. schema: type: boolean style: form - in: query name: first description: first result to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form - in: query name: max description: maximum number of results to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: the role name. required: true schema: type: string style: simple "/{realm}/clients/{id}/roles/{role-name}/management/permissions": get: tags: - Roles summary: Return object stating whether role Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" put: tags: - Roles summary: Return object stating whether role Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name required: true schema: type: string style: simple "/{realm}/clients/{id}/roles/{role-name}/users": get: tags: - Roles summary: Returns a stream of users that have the specified role name. parameters: - in: query name: first description: first result to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form - in: query name: max description: maximum number of results to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: the role name. required: true schema: type: string style: simple "/{realm}/clients/{id}/scope-mappings/clients/{client}": get: tags: - Scope Mappings summary: Get the roles associated with a client’s scope Returns roles for the client. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Scope Mappings summary: Add client-level roles to the client’s scope requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Scope Mappings summary: Remove client-level roles from the client’s scope. requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/clients/{id}/scope-mappings/clients/{client}/available": get: tags: - Scope Mappings summary: The available client-level roles Returns the roles for the client that can be associated with the client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/clients/{id}/scope-mappings/clients/{client}/composite": get: tags: - Scope Mappings summary: Get effective client roles Returns the roles for the client that are associated with the client’s scope. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/clients/{id}/scope-mappings/realm": get: tags: - Scope Mappings summary: Get realm-level roles associated with the client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Scope Mappings summary: Add a set of realm-level roles to the client’s scope requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Scope Mappings summary: Remove a set of realm-level roles from the client’s scope requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/scope-mappings/realm/available": get: tags: - Scope Mappings summary: Get realm-level roles that are available to attach to this client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/scope-mappings/realm/composite": get: tags: - Scope Mappings summary: Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/service-account-user": get: tags: - Clients summary: Get a user dedicated to the service account responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/UserRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/session-count": get: tags: - Clients summary: 'Get application session count Returns a number of user sessions associated with this client { "count": number }' responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/test-nodes-available": get: tags: - Clients summary: Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes. responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/GlobalRequestResult" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/clients/{id}/user-sessions": get: tags: - Clients summary: Get user sessions for client Returns a list of user sessions associated with this client parameters: - in: query name: first description: Paging offset schema: type: integer format: int32 style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple "/{realm}/components": get: tags: - Component parameters: - in: query name: name schema: type: string style: form - in: query name: parent schema: type: string style: form - in: query name: type schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Component requestBody: content: application/json: schema: "$ref": "#/components/schemas/ComponentRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/components/{id}": get: tags: - Component responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ComponentRepresentation" put: tags: - Component requestBody: content: application/json: schema: "$ref": "#/components/schemas/ComponentRepresentation" required: true responses: 2XX: description: success delete: tags: - Component responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/components/{id}/sub-component-types": get: tags: - Component summary: List of subcomponent types that are available to configure for a particular parent component. parameters: - in: query name: type schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/credential-registrators": get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/default-default-client-scopes": get: tags: - Realms Admin summary: Get realm default client scopes. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/default-default-client-scopes/{clientScopeId}": put: tags: - Realms Admin responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: clientScopeId required: true schema: type: string style: simple "/{realm}/default-groups": get: tags: - Realms Admin summary: Get group hierarchy. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/default-groups/{groupId}": put: tags: - Realms Admin responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: groupId required: true schema: type: string style: simple "/{realm}/default-optional-client-scopes": get: tags: - Realms Admin summary: Get realm optional client scopes. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/default-optional-client-scopes/{clientScopeId}": put: tags: - Realms Admin responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: clientScopeId required: true schema: type: string style: simple "/{realm}/events": get: tags: - Realms Admin summary: Get events Returns all events, or filters them based on URL query parameters listed here parameters: - in: query name: client description: App or oauth client name schema: type: string style: form - in: query name: dateFrom description: From date schema: type: string style: form - in: query name: dateTo description: To date schema: type: string style: form - in: query name: first description: Paging offset schema: type: integer format: int32 style: form - in: query name: ipAddress description: IP address schema: type: string style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form - in: query name: type description: The types of events to return schema: type: array items: type: string style: form - in: query name: user description: User id schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true delete: tags: - Realms Admin summary: Delete all events responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/events/config": get: tags: - Realms Admin summary: Get the events provider configuration Returns JSON object with events provider configuration responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/RealmEventsConfigRepresentation" put: tags: - Realms Admin summary: Update the events provider Change the events provider and/or its configuration requestBody: content: application/json: schema: "$ref": "#/components/schemas/RealmEventsConfigRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/group-by-path/{path}": get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/GroupRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: path required: true schema: type: string style: simple "/{realm}/groups": get: tags: - Groups summary: Get group hierarchy. parameters: - in: query name: briefRepresentation schema: type: boolean style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Groups summary: create or add a top level realm groupSet or create child. requestBody: content: application/json: schema: "$ref": "#/components/schemas/GroupRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/groups/count": get: tags: - Groups summary: Returns the groups counts. parameters: - in: query name: search schema: type: string style: form - in: query name: top schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/groups/{id}": get: tags: - Groups responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/GroupRepresentation" put: tags: - Groups summary: Update group, ignores subgroups. requestBody: content: application/json: schema: "$ref": "#/components/schemas/GroupRepresentation" required: true responses: 2XX: description: success delete: tags: - Groups responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/groups/{id}/children": post: tags: - Groups summary: Set or create child. requestBody: content: application/json: schema: "$ref": "#/components/schemas/GroupRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/groups/{id}/management/permissions": get: tags: - Groups summary: Return object stating whether client Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" put: tags: - Groups summary: Return object stating whether client Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/groups/{id}/members": get: tags: - Groups summary: Get users Returns a stream of users, filtered according to query parameters parameters: - in: query name: briefRepresentation description: |- Only return basic information (only guaranteed to return id, username, created, first and last name, email, enabled state, email verification state, federation link, and access. Note that it means that namely user attributes, required actions, and not before are not returned.) schema: type: boolean style: form - in: query name: first description: Pagination offset schema: type: integer format: int32 style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/groups/{id}/role-mappings": get: tags: - Role Mapper summary: Get role mappings responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/MappingsRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/groups/{id}/role-mappings/clients/{client}": get: tags: - Client Role Mappings summary: Get client-level role mappings for the user, and the app responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Client Role Mappings summary: Add client-level roles to the user role mapping requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Client Role Mappings summary: Delete client-level roles from user role mapping requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/groups/{id}/role-mappings/clients/{client}/available": get: tags: - Client Role Mappings summary: Get available client-level roles that can be mapped to the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/groups/{id}/role-mappings/clients/{client}/composite": get: tags: - Client Role Mappings summary: Get effective client-level role mappings This recurses any composite roles parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/groups/{id}/role-mappings/realm": get: tags: - Role Mapper summary: Get realm-level role mappings responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Role Mapper summary: Add realm-level role mappings to the user requestBody: description: Roles to add content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Role Mapper summary: Delete realm-level role mappings requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/groups/{id}/role-mappings/realm/available": get: tags: - Role Mapper summary: Get realm-level roles that can be mapped responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/groups/{id}/role-mappings/realm/composite": get: tags: - Role Mapper summary: Get effective realm-level role mappings This will recurse all composite roles to get the result. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/identity-provider/import-config": post: tags: - Identity Providers summary: Import identity provider from uploaded JSON file responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/identity-provider/instances": get: tags: - Identity Providers summary: Get identity providers responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Identity Providers summary: Create a new identity provider requestBody: description: JSON body content: application/json: schema: "$ref": "#/components/schemas/IdentityProviderRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/identity-provider/instances/{alias}": get: tags: - Identity Providers summary: Get the identity provider responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/IdentityProviderRepresentation" put: tags: - Identity Providers summary: Update the identity provider requestBody: content: application/json: schema: "$ref": "#/components/schemas/IdentityProviderRepresentation" required: true responses: 2XX: description: success delete: tags: - Identity Providers summary: Delete the identity provider responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple "/{realm}/identity-provider/instances/{alias}/export": get: tags: - Identity Providers summary: Export public broker configuration for identity provider parameters: - in: query name: format description: Format to use schema: type: string style: form responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple "/{realm}/identity-provider/instances/{alias}/management/permissions": get: tags: - Identity Providers summary: Return object stating whether client Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" put: tags: - Identity Providers summary: Return object stating whether client Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple "/{realm}/identity-provider/instances/{alias}/mapper-types": get: tags: - Identity Providers summary: Get mapper types for identity provider responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple "/{realm}/identity-provider/instances/{alias}/mappers": get: tags: - Identity Providers summary: Get mappers for identity provider responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Identity Providers summary: Add a mapper to identity provider requestBody: content: application/json: schema: "$ref": "#/components/schemas/IdentityProviderMapperRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple "/{realm}/identity-provider/instances/{alias}/mappers/{id}": get: tags: - Identity Providers summary: Get mapper by id for the identity provider responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/IdentityProviderMapperRepresentation" put: tags: - Identity Providers summary: Update a mapper for the identity provider requestBody: content: application/json: schema: "$ref": "#/components/schemas/IdentityProviderMapperRepresentation" required: true responses: 2XX: description: success delete: tags: - Identity Providers summary: Delete a mapper for the identity provider responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple - in: path name: id description: Mapper id required: true schema: type: string style: simple "/{realm}/identity-provider/providers/{provider_id}": get: tags: - Identity Providers summary: Get identity providers responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: provider_id description: Provider id required: true schema: type: string style: simple "/{realm}/keys": get: tags: - Key responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/KeysMetadataRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/ldap-server-capabilities": post: tags: - Realms Admin summary: Get LDAP supported extensions. requestBody: description: LDAP configuration content: application/json: schema: "$ref": "#/components/schemas/TestLdapConnectionRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/localization": get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/localization/{locale}": get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true post: tags: - Realms Admin requestBody: content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: locale required: true schema: type: string style: simple "/{realm}/localization/{locale}/{key}": get: tags: - Realms Admin responses: 2XX: description: success content: text/plain: schema: type: string put: tags: - Realms Admin requestBody: content: text/plain: schema: type: string required: true responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: locale required: true schema: type: string style: simple - in: path name: key required: true schema: type: string style: simple "/{realm}/logout-all": post: tags: - Realms Admin summary: Removes all user sessions. responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/GlobalRequestResult" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/partial-export": post: tags: - Realms Admin summary: Partial export of existing realm into a JSON file. parameters: - in: query name: exportClients schema: type: boolean style: form - in: query name: exportGroupsAndRoles schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/RealmRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/partialImport": post: tags: - Realms Admin summary: Partial import from a JSON file to an existing realm. requestBody: content: application/json: schema: "$ref": "#/components/schemas/PartialImportRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/push-revocation": post: tags: - Realms Admin summary: Push the realm’s revocation policy to any client that has an admin url associated with it. responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/roles": get: tags: - Roles summary: Get all roles for the realm or client parameters: - in: query name: briefRepresentation schema: type: boolean style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles summary: Create a new role for the realm or client requestBody: content: application/json: schema: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/roles-by-id/{role-id}": get: tags: - Roles (by ID) summary: Get a specific role’s representation responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/RoleRepresentation" put: tags: - Roles (by ID) summary: Update the role requestBody: content: application/json: schema: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Roles (by ID) summary: Delete the role responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id description: id of role required: true schema: type: string style: simple "/{realm}/roles-by-id/{role-id}/composites": get: tags: - Roles (by ID) summary: Get role’s children Returns a set of role’s children provided the role is a composite. parameters: - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles (by ID) summary: Make the role a composite role by associating some child roles requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Roles (by ID) summary: Remove a set of roles from the role’s composite requestBody: description: A set of roles to be removed content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id description: Role id required: true schema: type: string style: simple "/{realm}/roles-by-id/{role-id}/composites/clients/{clientUuid}": get: tags: - Roles (by ID) summary: Get client-level roles for the client that are in the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id required: true schema: type: string style: simple - in: path name: clientUuid required: true schema: type: string style: simple "/{realm}/roles-by-id/{role-id}/composites/realm": get: tags: - Roles (by ID) summary: Get realm-level roles that are in the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id required: true schema: type: string style: simple "/{realm}/roles-by-id/{role-id}/management/permissions": get: tags: - Roles (by ID) summary: Return object stating whether role Authoirzation permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" put: tags: - Roles (by ID) summary: Return object stating whether role Authoirzation permissions have been initialized or not and a reference requestBody: content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id required: true schema: type: string style: simple "/{realm}/roles/{role-name}": get: tags: - Roles summary: Get a role by name responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/RoleRepresentation" put: tags: - Roles summary: Update a role by name requestBody: content: application/json: schema: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Roles summary: Delete a role by name responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple "/{realm}/roles/{role-name}/composites": get: tags: - Roles summary: Get composites of the role responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles summary: Add a composite to the role requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Roles summary: Remove roles from the role’s composite requestBody: description: roles to remove content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple "/{realm}/roles/{role-name}/composites/clients/{clientUuid}": get: tags: - Roles summary: Get client-level roles for the client that are in the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple - in: path name: clientUuid required: true schema: type: string style: simple "/{realm}/roles/{role-name}/composites/realm": get: tags: - Roles summary: Get realm-level roles of the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple "/{realm}/roles/{role-name}/groups": get: tags: - Roles summary: Returns a stream of groups that have the specified role name parameters: - in: query name: briefRepresentation description: if false, return a full representation of the {@code GroupRepresentation} objects. schema: type: boolean style: form - in: query name: first description: first result to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form - in: query name: max description: maximum number of results to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: the role name. required: true schema: type: string style: simple "/{realm}/roles/{role-name}/management/permissions": get: tags: - Roles summary: Return object stating whether role Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" put: tags: - Roles summary: Return object stating whether role Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name required: true schema: type: string style: simple "/{realm}/roles/{role-name}/users": get: tags: - Roles summary: Returns a stream of users that have the specified role name. parameters: - in: query name: first description: first result to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form - in: query name: max description: maximum number of results to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: the role name. required: true schema: type: string style: simple "/{realm}/sessions/{session}": delete: tags: - Realms Admin summary: Remove a specific user session. responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: session required: true schema: type: string style: simple "/{realm}/testLDAPConnection": post: tags: - Realms Admin summary: Test LDAP connection requestBody: content: application/json: schema: "$ref": "#/components/schemas/TestLdapConnectionRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/testSMTPConnection": post: tags: - Realms Admin requestBody: content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/user-storage/{id}/name": get: tags: - User Storage Provider summary: Need this for admin console to display simple name of provider when displaying user detail KEYCLOAK-4328 responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/user-storage/{id}/remove-imported-users": post: tags: - User Storage Provider summary: Remove imported users responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/user-storage/{id}/sync": post: tags: - User Storage Provider summary: Trigger sync of users Action can be "triggerFullSync" or "triggerChangedUsersSync" parameters: - in: query name: action schema: type: string style: form responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/SynchronizationResult" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/user-storage/{id}/unlink-users": post: tags: - User Storage Provider summary: Unlink imported users from a storage provider responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/user-storage/{parentId}/mappers/{id}/sync": post: tags: - User Storage Provider summary: Trigger sync of mapper data related to ldap mapper (roles, groups, …​) direction is "fedToKeycloak" or "keycloakToFed" parameters: - in: query name: direction schema: type: string style: form responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/SynchronizationResult" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: parentId required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple "/{realm}/users": get: tags: - Users summary: Get users Returns a stream of users, filtered according to query parameters. parameters: - in: query name: briefRepresentation description: 'Boolean which defines whether brief representations are returned (default: false)' schema: type: boolean style: form - in: query name: email description: A String contained in email, or the complete email, if param "exact" is true schema: type: string style: form - in: query name: emailVerified description: whether the email has been verified schema: type: boolean style: form - in: query name: enabled description: Boolean representing if user is enabled or not schema: type: boolean style: form - in: query name: exact description: Boolean which defines whether the params "last", "first", "email" and "username" must match exactly schema: type: boolean style: form - in: query name: first description: Pagination offset schema: type: integer format: int32 style: form - in: query name: firstName description: A String contained in firstName, or the complete firstName, if param "exact" is true schema: type: string style: form - in: query name: idpAlias description: The alias of an Identity Provider linked to the user schema: type: string style: form - in: query name: idpUserId description: The userId at an Identity Provider linked to the user schema: type: string style: form - in: query name: lastName description: A String contained in lastName, or the complete lastName, if param "exact" is true schema: type: string style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form - in: query name: q description: A query to search for custom attributes, in the format 'key1:value2 key2:value2' schema: type: string style: form - in: query name: search description: A String contained in username, first or last name, or email schema: type: string style: form - in: query name: username description: A String contained in username, or the complete username, if param "exact" is true schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Users summary: Create a new user Username must be unique. requestBody: content: application/json: schema: "$ref": "#/components/schemas/UserRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/users-management-permissions": get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" put: tags: - Realms Admin requestBody: content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" required: true responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/ManagementPermissionReference" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/users/count": get: tags: - Users summary: Returns the number of users that match the given criteria. parameters: - in: query name: email description: email filter schema: type: string style: form - in: query name: emailVerified schema: type: boolean style: form - in: query name: enabled description: Boolean representing if user is enabled or not schema: type: boolean style: form - in: query name: firstName description: first name filter schema: type: string style: form - in: query name: lastName description: last name filter schema: type: string style: form - in: query name: search description: arbitrary search string for all the fields below schema: type: string style: form - in: query name: username description: username filter schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: integer format: int32 parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/users/profile": get: tags: - Users responses: 2XX: description: success content: application/json: schema: type: string put: tags: - Users requestBody: content: application/json: schema: type: string required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple "/{realm}/users/{id}": get: tags: - Users summary: Get representation of the user responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/UserRepresentation" put: tags: - Users summary: Update the user requestBody: content: application/json: schema: "$ref": "#/components/schemas/UserRepresentation" required: true responses: 2XX: description: success delete: tags: - Users summary: Delete the user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/configured-user-storage-credential-types": get: tags: - Users summary: Return credential types, which are provided by the user storage where user is stored. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/consents": get: tags: - Users summary: Get consents granted by the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/consents/{client}": delete: tags: - Users summary: Revoke consent and offline tokens for particular client from user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: client description: Client id required: true schema: type: string style: simple "/{realm}/users/{id}/credentials": get: tags: - Users responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/credentials/{credentialId}": delete: tags: - Users summary: Remove a credential for a user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: credentialId required: true schema: type: string style: simple "/{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId}": post: tags: - Users summary: Move a credential to a position behind another credential responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: credentialId description: The credential to move required: true schema: type: string style: simple - in: path name: newPreviousCredentialId description: The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list. required: true schema: type: string style: simple "/{realm}/users/{id}/credentials/{credentialId}/moveToFirst": post: tags: - Users summary: Move a credential to a first position in the credentials list of the user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: credentialId description: The credential to move required: true schema: type: string style: simple "/{realm}/users/{id}/credentials/{credentialId}/userLabel": put: tags: - Users summary: Update a credential label for a user requestBody: content: text/plain: schema: type: string required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: credentialId required: true schema: type: string style: simple "/{realm}/users/{id}/disable-credential-types": put: tags: - Users summary: Disable all credentials for a user of a specific type requestBody: content: application/json: schema: type: array items: type: string required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/execute-actions-email": put: tags: - Users summary: Send a update account email to the user An email contains a link the user can click to perform a set of required actions. parameters: - in: query name: client_id description: Client id schema: type: string style: form - in: query name: lifespan description: Number of seconds after which the generated token expires schema: type: integer format: int32 style: form - in: query name: redirect_uri description: Redirect uri schema: type: string style: form requestBody: description: required actions the user needs to complete content: application/json: schema: type: array items: type: string required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/federated-identity": get: tags: - Users summary: Get social logins associated with the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/federated-identity/{provider}": post: tags: - Users summary: Add a social login provider to the user requestBody: content: application/json: schema: "$ref": "#/components/schemas/FederatedIdentityRepresentation" required: true responses: 2XX: description: success delete: tags: - Users summary: Remove a social login provider from user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: provider description: Social login provider id required: true schema: type: string style: simple "/{realm}/users/{id}/groups": get: tags: - Users parameters: - in: query name: briefRepresentation schema: type: boolean style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/groups/count": get: tags: - Users parameters: - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/groups/{groupId}": put: tags: - Users responses: 2XX: description: success delete: tags: - Users responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: groupId required: true schema: type: string style: simple "/{realm}/users/{id}/impersonation": post: tags: - Users summary: Impersonate the user responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/logout": post: tags: - Users summary: Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user. responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/offline-sessions/{clientUuid}": get: tags: - Users summary: Get offline sessions associated with the user and client responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: clientUuid required: true schema: type: string style: simple "/{realm}/users/{id}/reset-password": put: tags: - Users summary: Set up a new password for the user. requestBody: description: The representation must contain a rawPassword with the plain-text password content: application/json: schema: "$ref": "#/components/schemas/CredentialRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/role-mappings": get: tags: - Role Mapper summary: Get role mappings responses: 2XX: description: success content: application/json: schema: "$ref": "#/components/schemas/MappingsRepresentation" parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/role-mappings/clients/{client}": get: tags: - Client Role Mappings summary: Get client-level role mappings for the user, and the app responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Client Role Mappings summary: Add client-level roles to the user role mapping requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Client Role Mappings summary: Delete client-level roles from user role mapping requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/users/{id}/role-mappings/clients/{client}/available": get: tags: - Client Role Mappings summary: Get available client-level roles that can be mapped to the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/users/{id}/role-mappings/clients/{client}/composite": get: tags: - Client Role Mappings summary: Get effective client-level role mappings This recurses any composite roles parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple "/{realm}/users/{id}/role-mappings/realm": get: tags: - Role Mapper summary: Get realm-level role mappings responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Role Mapper summary: Add realm-level role mappings to the user requestBody: description: Roles to add content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success delete: tags: - Role Mapper summary: Delete realm-level role mappings requestBody: content: application/json: schema: type: array items: "$ref": "#/components/schemas/RoleRepresentation" required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/role-mappings/realm/available": get: tags: - Role Mapper summary: Get realm-level roles that can be mapped responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/role-mappings/realm/composite": get: tags: - Role Mapper summary: Get effective realm-level role mappings This will recurse all composite roles to get the result. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/send-verify-email": put: tags: - Users summary: Send an email-verification email to the user An email contains a link the user can click to verify their email address. parameters: - in: query name: client_id description: Client id schema: type: string style: form - in: query name: redirect_uri description: Redirect uri schema: type: string style: form responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple "/{realm}/users/{id}/sessions": get: tags: - Users summary: Get sessions associated with the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple components: securitySchemes: access_token: type: http scheme: bearer bearerFormat: schemas: #LoginResponse Manual # LoginResponse: # type: object # properties: # access_token: # type: string # expires_in: # type: integer # format: int32 # refresh_token: # type: string # refresh_expires_in: # type: integer # format: int32 # token_type: # type: string # not-before-policy: # type: integer # format: int32 # session_state: # type: string # token_type: # scope: string #EndLoginResponse AccessToken: type: object properties: acr: type: string address: "$ref": "#/components/schemas/AddressClaimSet" allowed-origins: type: array items: type: string at_hash: type: string auth_time: type: integer format: int64 authorization: "$ref": "#/components/schemas/AccessToken-Authorization" azp: type: string birthdate: type: string c_hash: type: string category: type: string enum: - INTERNAL - ACCESS - ID - ADMIN - USERINFO - LOGOUT - AUTHORIZATION_RESPONSE claims_locales: type: string cnf: "$ref": "#/components/schemas/AccessToken-CertConf" email: type: string email_verified: type: boolean exp: type: integer format: int64 family_name: type: string gender: type: string given_name: type: string iat: type: integer format: int64 iss: type: string jti: type: string locale: type: string middle_name: type: string name: type: string nbf: type: integer format: int64 nickname: type: string nonce: type: string otherClaims: type: object additionalProperties: true phone_number: type: string phone_number_verified: type: boolean picture: type: string preferred_username: type: string profile: type: string realm_access: "$ref": "#/components/schemas/AccessToken-Access" s_hash: type: string scope: type: string session_state: type: string sid: type: string sub: type: string trusted-certs: type: array items: type: string typ: type: string updated_at: type: integer format: int64 website: type: string zoneinfo: type: string AccessToken-Access: type: object properties: roles: type: array items: type: string verify_caller: type: boolean AccessToken-Authorization: type: object properties: permissions: type: array items: "$ref": "#/components/schemas/Permission" AccessToken-CertConf: type: object properties: x5t#S256: type: string AddressClaimSet: type: object properties: country: type: string formatted: type: string locality: type: string postal_code: type: string region: type: string street_address: type: string AuthenticationExecutionExportRepresentation: type: object properties: authenticator: type: string authenticatorConfig: type: string authenticatorFlow: type: boolean flowAlias: type: string priority: type: integer format: int32 requirement: type: string userSetupAllowed: type: boolean AuthenticationExecutionInfoRepresentation: type: object properties: alias: type: string authenticationConfig: type: string authenticationFlow: type: boolean configurable: type: boolean description: type: string displayName: type: string flowId: type: string id: type: string index: type: integer format: int32 level: type: integer format: int32 providerId: type: string requirement: type: string requirementChoices: type: array items: type: string AuthenticationExecutionRepresentation: type: object properties: authenticator: type: string authenticatorConfig: type: string authenticatorFlow: type: boolean flowId: type: string id: type: string parentFlow: type: string priority: type: integer format: int32 requirement: type: string AuthenticationFlowRepresentation: type: object properties: alias: type: string authenticationExecutions: type: array items: "$ref": "#/components/schemas/AuthenticationExecutionExportRepresentation" builtIn: type: boolean description: type: string id: type: string providerId: type: string topLevel: type: boolean AuthenticatorConfigInfoRepresentation: type: object properties: helpText: type: string name: type: string properties: type: array items: "$ref": "#/components/schemas/ConfigPropertyRepresentation" providerId: type: string AuthenticatorConfigRepresentation: type: object properties: alias: type: string config: type: object additionalProperties: true id: type: string CertificateRepresentation: type: object properties: certificate: type: string kid: type: string privateKey: type: string publicKey: type: string ClientInitialAccessCreatePresentation: type: object properties: count: type: integer format: int32 expiration: type: integer format: int32 ClientInitialAccessPresentation: type: object properties: count: type: integer format: int32 expiration: type: integer format: int32 id: type: string remainingCount: type: integer format: int32 timestamp: type: integer format: int32 token: type: string ClientMappingsRepresentation: type: object properties: client: type: string id: type: string mappings: type: array items: "$ref": "#/components/schemas/RoleRepresentation" ClientPoliciesRepresentation: type: object properties: policies: type: array items: "$ref": "#/components/schemas/ClientPolicyRepresentation" ClientPolicyConditionRepresentation: type: object properties: condition: type: string configuration: "$ref": "#/components/schemas/JsonNode" ClientPolicyExecutorRepresentation: type: object properties: configuration: "$ref": "#/components/schemas/JsonNode" executor: type: string ClientPolicyRepresentation: type: object properties: conditions: type: array items: "$ref": "#/components/schemas/ClientPolicyConditionRepresentation" description: type: string enabled: type: boolean name: type: string profiles: type: array items: type: string ClientProfileRepresentation: type: object properties: description: type: string executors: type: array items: "$ref": "#/components/schemas/ClientPolicyExecutorRepresentation" name: type: string ClientProfilesRepresentation: type: object properties: globalProfiles: type: array items: "$ref": "#/components/schemas/ClientProfileRepresentation" profiles: type: array items: "$ref": "#/components/schemas/ClientProfileRepresentation" ClientRepresentation: type: object properties: access: type: object additionalProperties: true adminUrl: type: string alwaysDisplayInConsole: type: boolean attributes: type: object additionalProperties: true authenticationFlowBindingOverrides: type: object additionalProperties: true authorizationServicesEnabled: type: boolean authorizationSettings: "$ref": "#/components/schemas/ResourceServerRepresentation" baseUrl: type: string bearerOnly: type: boolean clientAuthenticatorType: type: string clientId: type: string consentRequired: type: boolean defaultClientScopes: type: array items: type: string description: type: string directAccessGrantsEnabled: type: boolean enabled: type: boolean frontchannelLogout: type: boolean fullScopeAllowed: type: boolean id: type: string implicitFlowEnabled: type: boolean name: type: string nodeReRegistrationTimeout: type: integer format: int32 notBefore: type: integer format: int32 oauth2DeviceAuthorizationGrantEnabled: type: boolean optionalClientScopes: type: array items: type: string origin: type: string protocol: type: string protocolMappers: type: array items: "$ref": "#/components/schemas/ProtocolMapperRepresentation" publicClient: type: boolean redirectUris: type: array items: type: string registeredNodes: type: object additionalProperties: true registrationAccessToken: type: string rootUrl: type: string secret: type: string serviceAccountsEnabled: type: boolean standardFlowEnabled: type: boolean surrogateAuthRequired: type: boolean webOrigins: type: array items: type: string ClientScopeEvaluateResource-ProtocolMapperEvaluationRepresentation: type: object properties: containerId: type: string containerName: type: string containerType: type: string mapperId: type: string mapperName: type: string protocolMapper: type: string ClientScopeRepresentation: type: object properties: attributes: type: object additionalProperties: true description: type: string id: type: string name: type: string protocol: type: string protocolMappers: type: array items: "$ref": "#/components/schemas/ProtocolMapperRepresentation" ComponentExportRepresentation: type: object properties: config: "$ref": "#/components/schemas/MultivaluedHashMap" id: type: string name: type: string providerId: type: string subComponents: "$ref": "#/components/schemas/MultivaluedHashMap" subType: type: string ComponentRepresentation: type: object properties: config: "$ref": "#/components/schemas/MultivaluedHashMap" id: type: string name: type: string parentId: type: string providerId: type: string providerType: type: string subType: type: string ConfigPropertyRepresentation: type: object properties: defaultValue: type: object helpText: type: string label: type: string name: type: string options: type: array items: type: string readOnly: type: boolean secret: type: boolean type: type: string CredentialRepresentation: type: object properties: createdDate: type: integer format: int64 credentialData: type: string id: type: string priority: type: integer format: int32 secretData: type: string temporary: type: boolean type: type: string userLabel: type: string value: type: string FederatedIdentityRepresentation: type: object properties: identityProvider: type: string userId: type: string userName: type: string GlobalRequestResult: type: object properties: failedRequests: type: array items: type: string successRequests: type: array items: type: string GroupRepresentation: type: object properties: access: type: object additionalProperties: true attributes: type: object additionalProperties: true clientRoles: type: object additionalProperties: true id: type: string name: type: string path: type: string realmRoles: type: array items: type: string subGroups: type: array items: "$ref": "#/components/schemas/GroupRepresentation" IDToken: type: object properties: acr: type: string address: "$ref": "#/components/schemas/AddressClaimSet" at_hash: type: string auth_time: type: integer format: int64 azp: type: string birthdate: type: string c_hash: type: string category: type: string enum: - INTERNAL - ACCESS - ID - ADMIN - USERINFO - LOGOUT - AUTHORIZATION_RESPONSE claims_locales: type: string email: type: string email_verified: type: boolean exp: type: integer format: int64 family_name: type: string gender: type: string given_name: type: string iat: type: integer format: int64 iss: type: string jti: type: string locale: type: string middle_name: type: string name: type: string nbf: type: integer format: int64 nickname: type: string nonce: type: string otherClaims: type: object additionalProperties: true phone_number: type: string phone_number_verified: type: boolean picture: type: string preferred_username: type: string profile: type: string s_hash: type: string session_state: type: string sid: type: string sub: type: string typ: type: string updated_at: type: integer format: int64 website: type: string zoneinfo: type: string IdentityProviderMapperRepresentation: type: object properties: config: type: object additionalProperties: true id: type: string identityProviderAlias: type: string identityProviderMapper: type: string name: type: string IdentityProviderRepresentation: type: object properties: addReadTokenRoleOnCreate: type: boolean alias: type: string config: type: object additionalProperties: true displayName: type: string enabled: type: boolean firstBrokerLoginFlowAlias: type: string internalId: type: string linkOnly: type: boolean postBrokerLoginFlowAlias: type: string providerId: type: string storeToken: type: boolean trustEmail: type: boolean JsonNode: type: object properties: array: type: boolean bigDecimal: type: boolean bigInteger: type: boolean binary: type: boolean boolean: type: boolean containerNode: type: boolean double: type: boolean empty: type: boolean float: type: boolean floatingPointNumber: type: boolean int: type: boolean integralNumber: type: boolean long: type: boolean missingNode: type: boolean nodeType: type: string enum: - ARRAY - BINARY - BOOLEAN - MISSING - 'NULL' - NUMBER - OBJECT - POJO - STRING 'null': type: boolean number: type: boolean object: type: boolean pojo: type: boolean short: type: boolean textual: type: boolean valueNode: type: boolean KeyStoreConfig: type: object properties: format: type: string keyAlias: type: string keyPassword: type: string realmAlias: type: string realmCertificate: type: boolean storePassword: type: string KeysMetadataRepresentation: type: object properties: active: type: object additionalProperties: true keys: type: array items: "$ref": "#/components/schemas/KeysMetadataRepresentation-KeyMetadataRepresentation" KeysMetadataRepresentation-KeyMetadataRepresentation: type: object properties: algorithm: type: string certificate: type: string kid: type: string providerId: type: string providerPriority: type: integer format: int64 publicKey: type: string status: type: string type: type: string use: type: string enum: - SIG - ENC ManagementPermissionReference: type: object properties: enabled: type: boolean resource: type: string scopePermissions: type: object additionalProperties: true MappingsRepresentation: type: object properties: clientMappings: type: object additionalProperties: true realmMappings: type: array items: "$ref": "#/components/schemas/RoleRepresentation" MemoryInfoRepresentation: type: object properties: free: type: integer format: int64 freeFormated: type: string freePercentage: type: integer format: int64 total: type: integer format: int64 totalFormated: type: string used: type: integer format: int64 usedFormated: type: string MultivaluedHashMap: type: object properties: empty: type: boolean loadFactor: type: number format: float threshold: type: integer format: int32 PartialImportRepresentation: type: object properties: clients: type: array items: "$ref": "#/components/schemas/ClientRepresentation" groups: type: array items: "$ref": "#/components/schemas/GroupRepresentation" identityProviders: type: array items: "$ref": "#/components/schemas/IdentityProviderRepresentation" ifResourceExists: type: string policy: type: string enum: - SKIP - OVERWRITE - FAIL roles: "$ref": "#/components/schemas/RolesRepresentation" users: type: array items: "$ref": "#/components/schemas/UserRepresentation" PasswordPolicyTypeRepresentation: type: object properties: configType: type: string defaultValue: type: string displayName: type: string id: type: string multipleSupported: type: boolean Permission: type: object properties: claims: type: object additionalProperties: true rsid: type: string rsname: type: string scopes: type: array items: type: string PolicyRepresentation: type: object properties: config: type: object additionalProperties: true decisionStrategy: type: string enum: - AFFIRMATIVE - UNANIMOUS - CONSENSUS description: type: string id: type: string logic: type: string enum: - POSITIVE - NEGATIVE name: type: string owner: type: string policies: type: array items: type: string resources: type: array items: type: string resourcesData: type: array items: "$ref": "#/components/schemas/ResourceRepresentation" scopes: type: array items: type: string scopesData: type: array items: "$ref": "#/components/schemas/ScopeRepresentation" type: type: string ProfileInfoRepresentation: type: object properties: disabledFeatures: type: array items: type: string experimentalFeatures: type: array items: type: string name: type: string previewFeatures: type: array items: type: string ProtocolMapperRepresentation: type: object properties: config: type: object additionalProperties: true id: type: string name: type: string protocol: type: string protocolMapper: type: string ProviderRepresentation: type: object properties: operationalInfo: type: object additionalProperties: true order: type: integer format: int32 RealmEventsConfigRepresentation: type: object properties: adminEventsDetailsEnabled: type: boolean adminEventsEnabled: type: boolean enabledEventTypes: type: array items: type: string eventsEnabled: type: boolean eventsExpiration: type: integer format: int64 eventsListeners: type: array items: type: string RealmRepresentation: type: object properties: accessCodeLifespan: type: integer format: int32 accessCodeLifespanLogin: type: integer format: int32 accessCodeLifespanUserAction: type: integer format: int32 accessTokenLifespan: type: integer format: int32 accessTokenLifespanForImplicitFlow: type: integer format: int32 accountTheme: type: string actionTokenGeneratedByAdminLifespan: type: integer format: int32 actionTokenGeneratedByUserLifespan: type: integer format: int32 adminEventsDetailsEnabled: type: boolean adminEventsEnabled: type: boolean adminTheme: type: string attributes: type: object additionalProperties: true authenticationFlows: type: array items: "$ref": "#/components/schemas/AuthenticationFlowRepresentation" authenticatorConfig: type: array items: "$ref": "#/components/schemas/AuthenticatorConfigRepresentation" browserFlow: type: string browserSecurityHeaders: type: object additionalProperties: true bruteForceProtected: type: boolean clientAuthenticationFlow: type: string clientOfflineSessionIdleTimeout: type: integer format: int32 clientOfflineSessionMaxLifespan: type: integer format: int32 clientPolicies: "$ref": "#/components/schemas/JsonNode" clientProfiles: "$ref": "#/components/schemas/JsonNode" clientScopeMappings: type: object additionalProperties: true clientScopes: type: array items: "$ref": "#/components/schemas/ClientScopeRepresentation" clientSessionIdleTimeout: type: integer format: int32 clientSessionMaxLifespan: type: integer format: int32 clients: type: array items: "$ref": "#/components/schemas/ClientRepresentation" components: "$ref": "#/components/schemas/MultivaluedHashMap" defaultDefaultClientScopes: type: array items: type: string defaultGroups: type: array items: type: string defaultLocale: type: string defaultOptionalClientScopes: type: array items: type: string defaultRole: "$ref": "#/components/schemas/RoleRepresentation" defaultSignatureAlgorithm: type: string directGrantFlow: type: string displayName: type: string displayNameHtml: type: string dockerAuthenticationFlow: type: string duplicateEmailsAllowed: type: boolean editUsernameAllowed: type: boolean emailTheme: type: string enabled: type: boolean enabledEventTypes: type: array items: type: string eventsEnabled: type: boolean eventsExpiration: type: integer format: int64 eventsListeners: type: array items: type: string failureFactor: type: integer format: int32 federatedUsers: type: array items: "$ref": "#/components/schemas/UserRepresentation" groups: type: array items: "$ref": "#/components/schemas/GroupRepresentation" id: type: string identityProviderMappers: type: array items: "$ref": "#/components/schemas/IdentityProviderMapperRepresentation" identityProviders: type: array items: "$ref": "#/components/schemas/IdentityProviderRepresentation" internationalizationEnabled: type: boolean keycloakVersion: type: string loginTheme: type: string loginWithEmailAllowed: type: boolean maxDeltaTimeSeconds: type: integer format: int32 maxFailureWaitSeconds: type: integer format: int32 minimumQuickLoginWaitSeconds: type: integer format: int32 notBefore: type: integer format: int32 oAuth2DeviceCodeLifespan: type: integer format: int32 oAuth2DevicePollingInterval: type: integer format: int32 oauth2DeviceCodeLifespan: type: integer format: int32 oauth2DevicePollingInterval: type: integer format: int32 offlineSessionIdleTimeout: type: integer format: int32 offlineSessionMaxLifespan: type: integer format: int32 offlineSessionMaxLifespanEnabled: type: boolean otpPolicyAlgorithm: type: string otpPolicyDigits: type: integer format: int32 otpPolicyInitialCounter: type: integer format: int32 otpPolicyLookAheadWindow: type: integer format: int32 otpPolicyPeriod: type: integer format: int32 otpPolicyType: type: string otpSupportedApplications: type: array items: type: string passwordPolicy: type: string permanentLockout: type: boolean protocolMappers: type: array items: "$ref": "#/components/schemas/ProtocolMapperRepresentation" quickLoginCheckMilliSeconds: type: integer format: int64 realm: type: string refreshTokenMaxReuse: type: integer format: int32 registrationAllowed: type: boolean registrationEmailAsUsername: type: boolean registrationFlow: type: string rememberMe: type: boolean requiredActions: type: array items: "$ref": "#/components/schemas/RequiredActionProviderRepresentation" resetCredentialsFlow: type: string resetPasswordAllowed: type: boolean revokeRefreshToken: type: boolean roles: "$ref": "#/components/schemas/RolesRepresentation" scopeMappings: type: array items: "$ref": "#/components/schemas/ScopeMappingRepresentation" smtpServer: type: object additionalProperties: true sslRequired: type: string ssoSessionIdleTimeout: type: integer format: int32 ssoSessionIdleTimeoutRememberMe: type: integer format: int32 ssoSessionMaxLifespan: type: integer format: int32 ssoSessionMaxLifespanRememberMe: type: integer format: int32 supportedLocales: type: array items: type: string userFederationMappers: type: array items: "$ref": "#/components/schemas/UserFederationMapperRepresentation" userFederationProviders: type: array items: "$ref": "#/components/schemas/UserFederationProviderRepresentation" userManagedAccessAllowed: type: boolean users: type: array items: "$ref": "#/components/schemas/UserRepresentation" verifyEmail: type: boolean waitIncrementSeconds: type: integer format: int32 webAuthnPolicyAcceptableAaguids: type: array items: type: string webAuthnPolicyAttestationConveyancePreference: type: string webAuthnPolicyAuthenticatorAttachment: type: string webAuthnPolicyAvoidSameAuthenticatorRegister: type: boolean webAuthnPolicyCreateTimeout: type: integer format: int32 webAuthnPolicyPasswordlessAcceptableAaguids: type: array items: type: string webAuthnPolicyPasswordlessAttestationConveyancePreference: type: string webAuthnPolicyPasswordlessAuthenticatorAttachment: type: string webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: type: boolean webAuthnPolicyPasswordlessCreateTimeout: type: integer format: int32 webAuthnPolicyPasswordlessRequireResidentKey: type: string webAuthnPolicyPasswordlessRpEntityName: type: string webAuthnPolicyPasswordlessRpId: type: string webAuthnPolicyPasswordlessSignatureAlgorithms: type: array items: type: string webAuthnPolicyPasswordlessUserVerificationRequirement: type: string webAuthnPolicyRequireResidentKey: type: string webAuthnPolicyRpEntityName: type: string webAuthnPolicyRpId: type: string webAuthnPolicySignatureAlgorithms: type: array items: type: string webAuthnPolicyUserVerificationRequirement: type: string RequiredActionProviderRepresentation: type: object properties: alias: type: string config: type: object additionalProperties: true defaultAction: type: boolean enabled: type: boolean name: type: string priority: type: integer format: int32 providerId: type: string ResourceRepresentation: type: object properties: id: type: string attributes: type: object additionalProperties: true displayName: type: string icon_uri: type: string name: type: string ownerManagedAccess: type: boolean scopes: type: array items: "$ref": "#/components/schemas/ScopeRepresentation" type: type: string uris: type: array items: type: string ResourceServerRepresentation: type: object properties: allowRemoteResourceManagement: type: boolean clientId: type: string decisionStrategy: type: string enum: - AFFIRMATIVE - UNANIMOUS - CONSENSUS id: type: string name: type: string policies: type: array items: "$ref": "#/components/schemas/PolicyRepresentation" policyEnforcementMode: type: string enum: - ENFORCING - PERMISSIVE - DISABLED resources: type: array items: "$ref": "#/components/schemas/ResourceRepresentation" scopes: type: array items: "$ref": "#/components/schemas/ScopeRepresentation" RoleRepresentation: type: object properties: attributes: type: object additionalProperties: true clientRole: type: boolean composite: type: boolean composites: "$ref": "#/components/schemas/RoleRepresentation-Composites" containerId: type: string description: type: string id: type: string name: type: string RoleRepresentation-Composites: type: object properties: client: type: object additionalProperties: true realm: type: array items: type: string RolesRepresentation: type: object properties: client: type: object additionalProperties: true realm: type: array items: "$ref": "#/components/schemas/RoleRepresentation" ScopeMappingRepresentation: type: object properties: client: type: string clientScope: type: string roles: type: array items: type: string self: type: string ScopeRepresentation: type: object properties: displayName: type: string iconUri: type: string id: type: string name: type: string policies: type: array items: "$ref": "#/components/schemas/PolicyRepresentation" resources: type: array items: "$ref": "#/components/schemas/ResourceRepresentation" ServerInfoRepresentation: type: object properties: builtinProtocolMappers: type: object additionalProperties: true clientImporters: type: array items: type: object additionalProperties: true clientInstallations: type: object additionalProperties: true componentTypes: type: object additionalProperties: true enums: type: object additionalProperties: true identityProviders: type: array items: type: object additionalProperties: true memoryInfo: "$ref": "#/components/schemas/MemoryInfoRepresentation" passwordPolicies: type: array items: "$ref": "#/components/schemas/PasswordPolicyTypeRepresentation" profileInfo: "$ref": "#/components/schemas/ProfileInfoRepresentation" protocolMapperTypes: type: object additionalProperties: true providers: type: object additionalProperties: true socialProviders: type: array items: type: object additionalProperties: true systemInfo: "$ref": "#/components/schemas/SystemInfoRepresentation" themes: type: object additionalProperties: true SpiInfoRepresentation: type: object properties: internal: type: boolean providers: type: object additionalProperties: true SynchronizationResult: type: object properties: added: type: integer format: int32 failed: type: integer format: int32 ignored: type: boolean removed: type: integer format: int32 status: type: string updated: type: integer format: int32 SystemInfoRepresentation: type: object properties: fileEncoding: type: string javaHome: type: string javaRuntime: type: string javaVendor: type: string javaVersion: type: string javaVm: type: string javaVmVersion: type: string osArchitecture: type: string osName: type: string osVersion: type: string serverTime: type: string uptime: type: string uptimeMillis: type: integer format: int64 userDir: type: string userLocale: type: string userName: type: string userTimezone: type: string version: type: string TestLdapConnectionRepresentation: type: object properties: action: type: string authType: type: string bindCredential: type: string bindDn: type: string componentId: type: string connectionTimeout: type: string connectionUrl: type: string startTls: type: string useTruststoreSpi: type: string UserConsentRepresentation: type: object properties: clientId: type: string createdDate: type: integer format: int64 grantedClientScopes: type: array items: type: string lastUpdatedDate: type: integer format: int64 UserFederationMapperRepresentation: type: object properties: config: type: object additionalProperties: true federationMapperType: type: string federationProviderDisplayName: type: string id: type: string name: type: string UserFederationProviderRepresentation: type: object properties: changedSyncPeriod: type: integer format: int32 config: type: object additionalProperties: true displayName: type: string fullSyncPeriod: type: integer format: int32 id: type: string lastSync: type: integer format: int32 priority: type: integer format: int32 providerName: type: string UserRepresentation: type: object properties: access: type: object additionalProperties: true attributes: type: object additionalProperties: true clientConsents: type: array items: "$ref": "#/components/schemas/UserConsentRepresentation" clientRoles: type: object additionalProperties: true createdTimestamp: type: integer format: int64 credentials: type: array items: "$ref": "#/components/schemas/CredentialRepresentation" disableableCredentialTypes: type: array items: type: string email: type: string emailVerified: type: boolean enabled: type: boolean federatedIdentities: type: array items: "$ref": "#/components/schemas/FederatedIdentityRepresentation" federationLink: type: string firstName: type: string groups: type: array items: type: string id: type: string lastName: type: string notBefore: type: integer format: int32 origin: type: string realmRoles: type: array items: type: string requiredActions: type: array items: type: string self: type: string serviceAccountClientId: type: string username: type: string security: - access_token: [] externalDocs: description: Schema source code url: https://github.com/keycloak/keycloak/tree/6.0.1/core/src/main/java/org/keycloak/representations