openapi: 3.0.2 info: version: 1.0.0 title: Keycloak Admin REST API license: name: MIT paths: /: get: tags: - Root summary: Get themes, social providers, auth providers, and event listeners available on this server responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ServerInfoRepresentation' post: tags: - Realms Admin summary: Import a realm Imports a realm from a full representation of that realm. requestBody: description: JSON representation of the realm content: application/json: schema: $ref: '#/components/schemas/RealmRepresentation' required: true responses: 2XX: description: success /{id}/name: get: tags: - User Storage Provider summary: Need this for admin console to display simple name of provider when displaying client detail KEYCLOAK-4328 responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: id required: true schema: type: string style: simple /{realm}: get: tags: - Realms Admin summary: Get the top-level representation of the realm It will not include nested information like User and Client representations. responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/RealmRepresentation' put: tags: - Realms Admin summary: Update the top-level information of the realm Any user, roles or client information in the representation will be ignored. requestBody: content: application/json: schema: $ref: '#/components/schemas/RealmRepresentation' required: true responses: 2XX: description: success delete: tags: - Realms Admin summary: Delete the realm responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/admin-events: get: tags: - Realms Admin summary: Get admin events Returns all admin events, or filters events based on URL query parameters listed here parameters: - in: query name: authClient schema: type: string style: form - in: query name: authIpAddress schema: type: string style: form - in: query name: authRealm schema: type: string style: form - in: query name: authUser description: user id schema: type: string style: form - in: query name: dateFrom schema: type: string style: form - in: query name: dateTo schema: type: string style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form - in: query name: operationTypes schema: type: array items: type: string style: form - in: query name: resourcePath schema: type: string style: form - in: query name: resourceTypes schema: type: array items: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true delete: tags: - Realms Admin summary: Delete all admin events responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/attack-detection/brute-force/users: delete: tags: - Attack Detection summary: Clear any user login failures for all users This can release temporary disabled users responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/attack-detection/brute-force/users/{userId}: get: tags: - Attack Detection summary: Get status of a username in brute force detection responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true delete: tags: - Attack Detection summary: Clear any user login failures for the user This can release temporary disabled user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: userId required: true schema: type: string style: simple /{realm}/authentication/authenticator-providers: get: tags: - Authentication Management summary: Get authenticator providers Returns a stream of authenticator providers. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/client-authenticator-providers: get: tags: - Authentication Management summary: Get client authenticator providers Returns a stream of client authenticator providers. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/config-description/{providerId}: get: tags: - Authentication Management summary: Get authenticator provider’s configuration description responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/AuthenticatorConfigInfoRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: providerId required: true schema: type: string style: simple /{realm}/authentication/config/{id}: get: tags: - Authentication Management summary: Get authenticator configuration responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/AuthenticatorConfigRepresentation' put: tags: - Authentication Management summary: Update authenticator configuration requestBody: description: JSON describing new state of authenticator configuration content: application/json: schema: $ref: '#/components/schemas/AuthenticatorConfigRepresentation' required: true responses: 2XX: description: success delete: tags: - Authentication Management summary: Delete authenticator configuration responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: Configuration id required: true schema: type: string style: simple /{realm}/authentication/executions: post: tags: - Authentication Management summary: Add new authentication execution requestBody: description: JSON model describing authentication execution content: application/json: schema: $ref: '#/components/schemas/AuthenticationExecutionRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/executions/{executionId}: get: tags: - Authentication Management summary: Get Single Execution responses: 2XX: description: success delete: tags: - Authentication Management summary: Delete execution responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: executionId description: Execution id required: true schema: type: string style: simple /{realm}/authentication/executions/{executionId}/config: post: tags: - Authentication Management summary: Update execution with new configuration requestBody: description: JSON with new configuration content: application/json: schema: $ref: '#/components/schemas/AuthenticatorConfigRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: executionId description: Execution id required: true schema: type: string style: simple /{realm}/authentication/executions/{executionId}/lower-priority: post: tags: - Authentication Management summary: Lower execution’s priority responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: executionId description: Execution id required: true schema: type: string style: simple /{realm}/authentication/executions/{executionId}/raise-priority: post: tags: - Authentication Management summary: Raise execution’s priority responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: executionId description: Execution id required: true schema: type: string style: simple /{realm}/authentication/flows: get: tags: - Authentication Management summary: Get authentication flows Returns a stream of authentication flows. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Authentication Management summary: Create a new authentication flow requestBody: description: Authentication flow representation content: application/json: schema: $ref: '#/components/schemas/AuthenticationFlowRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/flows/{flowAlias}/copy: post: tags: - Authentication Management summary: Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object requestBody: description: JSON containing 'newName' attribute content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: flowAlias description: Name of the existing authentication flow required: true schema: type: string style: simple /{realm}/authentication/flows/{flowAlias}/executions: get: tags: - Authentication Management summary: Get authentication executions for a flow responses: 2XX: description: success put: tags: - Authentication Management summary: Update authentication executions of a Flow requestBody: description: AuthenticationExecutionInfoRepresentation content: application/json: schema: $ref: '#/components/schemas/AuthenticationExecutionInfoRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: flowAlias description: Flow alias required: true schema: type: string style: simple /{realm}/authentication/flows/{flowAlias}/executions/execution: post: tags: - Authentication Management summary: Add new authentication execution to a flow requestBody: description: New execution JSON data containing 'provider' attribute content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: flowAlias description: Alias of parent flow required: true schema: type: string style: simple /{realm}/authentication/flows/{flowAlias}/executions/flow: post: tags: - Authentication Management summary: Add new flow with new execution to existing flow requestBody: description: New authentication flow / execution JSON data containing 'alias', 'type', 'provider', and 'description' attributes content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: flowAlias description: Alias of parent authentication flow required: true schema: type: string style: simple /{realm}/authentication/flows/{id}: get: tags: - Authentication Management summary: Get authentication flow for id responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/AuthenticationFlowRepresentation' put: tags: - Authentication Management summary: Update an authentication flow requestBody: description: Authentication flow representation content: application/json: schema: $ref: '#/components/schemas/AuthenticationFlowRepresentation' required: true responses: 2XX: description: success delete: tags: - Authentication Management summary: Delete an authentication flow responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: Flow id required: true schema: type: string style: simple /{realm}/authentication/form-action-providers: get: tags: - Authentication Management summary: Get form action providers Returns a stream of form action providers. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/form-providers: get: tags: - Authentication Management summary: Get form providers Returns a stream of form providers. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/per-client-config-description: get: tags: - Authentication Management summary: Get configuration descriptions for all clients responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/register-required-action: post: tags: - Authentication Management summary: Register a new required actions requestBody: description: JSON containing 'providerId', and 'name' attributes. content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/required-actions: get: tags: - Authentication Management summary: Get required actions Returns a stream of required actions. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/authentication/required-actions/{alias}: get: tags: - Authentication Management summary: Get required action for alias responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/RequiredActionProviderRepresentation' put: tags: - Authentication Management summary: Update required action requestBody: description: JSON describing new state of required action content: application/json: schema: $ref: '#/components/schemas/RequiredActionProviderRepresentation' required: true responses: 2XX: description: success delete: tags: - Authentication Management summary: Delete required action responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias description: Alias of required action required: true schema: type: string style: simple /{realm}/authentication/required-actions/{alias}/lower-priority: post: tags: - Authentication Management summary: Lower required action’s priority responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias description: Alias of required action required: true schema: type: string style: simple /{realm}/authentication/required-actions/{alias}/raise-priority: post: tags: - Authentication Management summary: Raise required action’s priority responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias description: Alias of required action required: true schema: type: string style: simple /{realm}/authentication/unregistered-required-actions: get: tags: - Authentication Management summary: Get unregistered required actions Returns a stream of unregistered required actions. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/clear-keys-cache: post: tags: - Realms Admin summary: Clear cache of external public keys (Public keys of clients or Identity providers) responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/clear-realm-cache: post: tags: - Realms Admin summary: Clear realm cache responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/clear-user-cache: post: tags: - Realms Admin summary: Clear user cache responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/client-description-converter: post: tags: - Realms Admin summary: Base path for importing clients under this realm. requestBody: content: text/plain: schema: type: string required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ClientRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/client-policies/policies: get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ClientPoliciesRepresentation' put: tags: - Realms Admin requestBody: content: application/json: schema: $ref: '#/components/schemas/ClientPoliciesRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/client-policies/profiles: get: tags: - Realms Admin parameters: - in: query name: include-global-profiles schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ClientProfilesRepresentation' put: tags: - Realms Admin requestBody: content: application/json: schema: $ref: '#/components/schemas/ClientProfilesRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/client-registration-policy/providers: get: tags: - Client Registration Policy summary: Base path for retrieve providers with the configProperties properly filled responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/client-scopes: get: tags: - Client Scopes summary: Get client scopes belonging to the realm Returns a list of client scopes belonging to the realm responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Client Scopes summary: Create a new client scope Client Scope’s name must be unique! requestBody: content: application/json: schema: $ref: '#/components/schemas/ClientScopeRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2}: get: tags: - Protocol Mappers summary: Get mapper by id responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ProtocolMapperRepresentation' put: tags: - Protocol Mappers summary: Update the mapper requestBody: content: application/json: schema: $ref: '#/components/schemas/ProtocolMapperRepresentation' required: true responses: 2XX: description: success delete: tags: - Protocol Mappers summary: Delete the mapper responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id1 required: true schema: type: string style: simple - in: path name: id2 required: true schema: type: string style: simple /{realm}/client-scopes/{id}: get: tags: - Client Scopes summary: Get representation of the client scope responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ClientScopeRepresentation' put: tags: - Client Scopes summary: Update the client scope requestBody: content: application/json: schema: $ref: '#/components/schemas/ClientScopeRepresentation' required: true responses: 2XX: description: success delete: tags: - Client Scopes summary: Delete the client scope responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple /{realm}/client-scopes/{id}/protocol-mappers/add-models: post: tags: - Protocol Mappers summary: Create multiple mappers requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/ProtocolMapperRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple /{realm}/client-scopes/{id}/protocol-mappers/models: get: tags: - Protocol Mappers summary: Get mappers responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Protocol Mappers summary: Create a mapper requestBody: content: application/json: schema: $ref: '#/components/schemas/ProtocolMapperRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol}: get: tags: - Protocol Mappers summary: Get mappers by name for a specific protocol responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple - in: path name: protocol required: true schema: type: string style: simple /{realm}/client-scopes/{id}/scope-mappings/clients/{client}: get: tags: - Scope Mappings summary: Get the roles associated with a client’s scope Returns roles for the client. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Scope Mappings summary: Add client-level roles to the client’s scope requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Scope Mappings summary: Remove client-level roles from the client’s scope. requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available: get: tags: - Scope Mappings summary: The available client-level roles Returns the roles for the client that can be associated with the client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite: get: tags: - Scope Mappings summary: Get effective client roles Returns the roles for the client that are associated with the client’s scope. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/client-scopes/{id}/scope-mappings/realm: get: tags: - Scope Mappings summary: Get realm-level roles associated with the client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Scope Mappings summary: Add a set of realm-level roles to the client’s scope requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Scope Mappings summary: Remove a set of realm-level roles from the client’s scope requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple /{realm}/client-scopes/{id}/scope-mappings/realm/available: get: tags: - Scope Mappings summary: Get realm-level roles that are available to attach to this client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple /{realm}/client-scopes/{id}/scope-mappings/realm/composite: get: tags: - Scope Mappings summary: Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client scope (not name) required: true schema: type: string style: simple /{realm}/client-session-stats: get: tags: - Realms Admin summary: Get client session stats Returns a JSON map. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/clients: get: tags: - Clients summary: Get clients belonging to the realm. parameters: - in: query name: clientId description: filter by clientId schema: type: string style: form - in: query name: first description: the first result schema: type: integer format: int32 style: form - in: query name: max description: the max results to return schema: type: integer format: int32 style: form - in: query name: q schema: type: string style: form - in: query name: search description: whether this is a search query or a getClientById query schema: type: boolean style: form - in: query name: viewableOnly description: filter clients that cannot be viewed in full by admin schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Clients summary: Create a new client Client’s client_id must be unique! requestBody: content: application/json: schema: $ref: '#/components/schemas/ClientRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/clients-initial-access: get: tags: - Client Initial Access responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Client Initial Access summary: Create a new initial access token. requestBody: content: application/json: schema: $ref: '#/components/schemas/ClientInitialAccessCreatePresentation' required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ClientInitialAccessPresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/clients-initial-access/{id}: delete: tags: - Client Initial Access responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/clients/{id1}/protocol-mappers/models/{id2}: get: tags: - Protocol Mappers summary: Get mapper by id responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ProtocolMapperRepresentation' put: tags: - Protocol Mappers summary: Update the mapper requestBody: content: application/json: schema: $ref: '#/components/schemas/ProtocolMapperRepresentation' required: true responses: 2XX: description: success delete: tags: - Protocol Mappers summary: Delete the mapper responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id1 required: true schema: type: string style: simple - in: path name: id2 required: true schema: type: string style: simple /{realm}/clients/{id}: get: tags: - Clients summary: Get representation of the client responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ClientRepresentation' put: tags: - Clients summary: Update the client requestBody: content: application/json: schema: $ref: '#/components/schemas/ClientRepresentation' required: true responses: 2XX: description: success delete: tags: - Clients summary: Delete the client responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/certificates/{attr}: get: tags: - Client Attribute Certificate summary: Get key info responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/CertificateRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple /{realm}/clients/{id}/certificates/{attr}/download: post: tags: - Client Attribute Certificate summary: Get a keystore file for the client, containing private key and public certificate requestBody: description: Keystore configuration as JSON content: application/json: schema: $ref: '#/components/schemas/KeyStoreConfig' required: true responses: 2XX: description: success content: application/octet-stream: schema: type: string format: byte parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple /{realm}/clients/{id}/certificates/{attr}/generate: post: tags: - Client Attribute Certificate summary: Generate a new certificate with new key pair responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/CertificateRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple /{realm}/clients/{id}/certificates/{attr}/generate-and-download: post: tags: - Client Attribute Certificate summary: Generate a new keypair and certificate, and get the private key file Generates a keypair and certificate and serves the private key in a specified keystore format. requestBody: description: Keystore configuration as JSON content: application/json: schema: $ref: '#/components/schemas/KeyStoreConfig' required: true responses: 2XX: description: success content: application/octet-stream: schema: type: string format: byte parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple /{realm}/clients/{id}/certificates/{attr}/upload: post: tags: - Client Attribute Certificate summary: Upload certificate and eventually private key responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/CertificateRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple /{realm}/clients/{id}/certificates/{attr}/upload-certificate: post: tags: - Client Attribute Certificate summary: Upload only certificate, not private key responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/CertificateRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: attr required: true schema: type: string style: simple /{realm}/clients/{id}/client-secret: get: tags: - Clients summary: Get the client secret responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/CredentialRepresentation' post: tags: - Clients summary: Generate a new secret for the client responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/CredentialRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/client-secret/rotated: get: tags: - Clients summary: Get the rotated client secret responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/CredentialRepresentation' delete: tags: - Clients summary: Invalidate the rotated secret for the client responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/default-client-scopes: get: tags: - Clients summary: Get default client scopes. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/default-client-scopes/{clientScopeId}: put: tags: - Clients responses: 2XX: description: success delete: tags: - Clients responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: clientScopeId required: true schema: type: string style: simple /{realm}/clients/{id}/evaluate-scopes/generate-example-access-token: get: tags: - Clients summary: Create JSON with payload of example access token parameters: - in: query name: scope schema: type: string style: form - in: query name: userId schema: type: string style: form responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/AccessToken' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/evaluate-scopes/generate-example-id-token: get: tags: - Clients summary: Create JSON with payload of example id token parameters: - in: query name: scope schema: type: string style: form - in: query name: userId schema: type: string style: form responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/IDToken' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/evaluate-scopes/generate-example-userinfo: get: tags: - Clients summary: Create JSON with payload of example user info parameters: - in: query name: scope schema: type: string style: form - in: query name: userId schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/evaluate-scopes/protocol-mappers: get: tags: - Clients summary: Return list of all protocol mappers, which will be used when generating tokens issued for particular client. parameters: - in: query name: scope schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted: get: tags: - Clients summary: Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him. parameters: - in: query name: scope schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: roleContainerId description: either realm name OR client UUID required: true schema: type: string style: simple /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted: get: tags: - Clients summary: Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him. parameters: - in: query name: scope schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: roleContainerId description: either realm name OR client UUID required: true schema: type: string style: simple /{realm}/clients/{id}/installation/providers/{providerId}: get: tags: - Clients responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: providerId required: true schema: type: string style: simple /{realm}/clients/{id}/management/permissions: get: tags: - Clients summary: Return object stating whether client Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' put: tags: - Clients summary: Return object stating whether client Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/nodes: post: tags: - Clients summary: Register a cluster node with the client Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle by sending registration request to Keycloak requestBody: content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/nodes/{node}: delete: tags: - Clients summary: Unregister a cluster node from the client responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: node required: true schema: type: string style: simple /{realm}/clients/{id}/offline-session-count: get: tags: - Clients summary: 'Get application offline session count Returns a number of offline user sessions associated with this client { "count": number }' responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/offline-sessions: get: tags: - Clients summary: Get offline sessions for client Returns a list of offline user sessions associated with this client parameters: - in: query name: first description: Paging offset schema: type: integer format: int32 style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/optional-client-scopes: get: tags: - Clients summary: Get optional client scopes. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}: put: tags: - Clients responses: 2XX: description: success delete: tags: - Clients responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: clientScopeId required: true schema: type: string style: simple /{realm}/clients/{id}/protocol-mappers/add-models: post: tags: - Protocol Mappers summary: Create multiple mappers requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/ProtocolMapperRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/protocol-mappers/models: get: tags: - Protocol Mappers summary: Get mappers responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Protocol Mappers summary: Create a mapper requestBody: content: application/json: schema: $ref: '#/components/schemas/ProtocolMapperRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/protocol-mappers/protocol/{protocol}: get: tags: - Protocol Mappers summary: Get mappers by name for a specific protocol responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: protocol required: true schema: type: string style: simple /{realm}/clients/{id}/push-revocation: post: tags: - Clients summary: Push the client’s revocation policy to its admin URL If the client has an admin URL, push revocation policy to it. responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/GlobalRequestResult' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/registration-access-token: post: tags: - Clients summary: Generate a new registration access token for the client responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ClientRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/roles: get: tags: - Roles summary: Get all roles for the realm or client parameters: - in: query name: briefRepresentation schema: type: boolean style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles summary: Create a new role for the realm or client requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/roles/{role-name}: get: tags: - Roles summary: Get a role by name responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/RoleRepresentation' put: tags: - Roles summary: Update a role by name requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Roles summary: Delete a role by name responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple /{realm}/clients/{id}/roles/{role-name}/composites: get: tags: - Roles summary: Get composites of the role responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles summary: Add a composite to the role requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Roles summary: Remove roles from the role’s composite requestBody: description: roles to remove content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple /{realm}/clients/{id}/roles/{role-name}/composites/clients/{clientUuid}: get: tags: - Roles summary: Get client-level roles for the client that are in the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple - in: path name: clientUuid required: true schema: type: string style: simple /{realm}/clients/{id}/roles/{role-name}/composites/realm: get: tags: - Roles summary: Get realm-level roles of the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple /{realm}/clients/{id}/roles/{role-name}/groups: get: tags: - Roles summary: Returns a stream of groups that have the specified role name parameters: - in: query name: briefRepresentation description: if false, return a full representation of the {@code GroupRepresentation} objects. schema: type: boolean style: form - in: query name: first description: first result to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form - in: query name: max description: maximum number of results to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: the role name. required: true schema: type: string style: simple /{realm}/clients/{id}/roles/{role-name}/management/permissions: get: tags: - Roles summary: Return object stating whether role Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' put: tags: - Roles summary: Return object stating whether role Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name required: true schema: type: string style: simple /{realm}/clients/{id}/roles/{role-name}/users: get: tags: - Roles summary: Returns a stream of users that have the specified role name. parameters: - in: query name: first description: first result to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form - in: query name: max description: maximum number of results to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: role-name description: the role name. required: true schema: type: string style: simple /{realm}/clients/{id}/scope-mappings/clients/{client}: get: tags: - Scope Mappings summary: Get the roles associated with a client’s scope Returns roles for the client. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Scope Mappings summary: Add client-level roles to the client’s scope requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Scope Mappings summary: Remove client-level roles from the client’s scope. requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/clients/{id}/scope-mappings/clients/{client}/available: get: tags: - Scope Mappings summary: The available client-level roles Returns the roles for the client that can be associated with the client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/clients/{id}/scope-mappings/clients/{client}/composite: get: tags: - Scope Mappings summary: Get effective client roles Returns the roles for the client that are associated with the client’s scope. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/clients/{id}/scope-mappings/realm: get: tags: - Scope Mappings summary: Get realm-level roles associated with the client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Scope Mappings summary: Add a set of realm-level roles to the client’s scope requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Scope Mappings summary: Remove a set of realm-level roles from the client’s scope requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/scope-mappings/realm/available: get: tags: - Scope Mappings summary: Get realm-level roles that are available to attach to this client’s scope responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/scope-mappings/realm/composite: get: tags: - Scope Mappings summary: Get effective realm-level roles associated with the client’s scope What this does is recurse any composite roles associated with the client’s scope and adds the roles to this lists. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/service-account-user: get: tags: - Clients summary: Get a user dedicated to the service account responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/UserRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/session-count: get: tags: - Clients summary: 'Get application session count Returns a number of user sessions associated with this client { "count": number }' responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/test-nodes-available: get: tags: - Clients summary: Test if registered cluster nodes are available Tests availability by sending 'ping' request to all cluster nodes. responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/GlobalRequestResult' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/clients/{id}/user-sessions: get: tags: - Clients summary: Get user sessions for client Returns a list of user sessions associated with this client parameters: - in: query name: first description: Paging offset schema: type: integer format: int32 style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: id of client (not client-id) required: true schema: type: string style: simple /{realm}/components: get: tags: - Component parameters: - in: query name: name schema: type: string style: form - in: query name: parent schema: type: string style: form - in: query name: type schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Component requestBody: content: application/json: schema: $ref: '#/components/schemas/ComponentRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/components/{id}: get: tags: - Component responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ComponentRepresentation' put: tags: - Component requestBody: content: application/json: schema: $ref: '#/components/schemas/ComponentRepresentation' required: true responses: 2XX: description: success delete: tags: - Component responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/components/{id}/sub-component-types: get: tags: - Component summary: List of subcomponent types that are available to configure for a particular parent component. parameters: - in: query name: type schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/credential-registrators: get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/default-default-client-scopes: get: tags: - Realms Admin summary: Get realm default client scopes. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/default-default-client-scopes/{clientScopeId}: put: tags: - Realms Admin responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: clientScopeId required: true schema: type: string style: simple /{realm}/default-groups: get: tags: - Realms Admin summary: Get group hierarchy. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/default-groups/{groupId}: put: tags: - Realms Admin responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: groupId required: true schema: type: string style: simple /{realm}/default-optional-client-scopes: get: tags: - Realms Admin summary: Get realm optional client scopes. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/default-optional-client-scopes/{clientScopeId}: put: tags: - Realms Admin responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: clientScopeId required: true schema: type: string style: simple /{realm}/events: get: tags: - Realms Admin summary: Get events Returns all events, or filters them based on URL query parameters listed here parameters: - in: query name: client description: App or oauth client name schema: type: string style: form - in: query name: dateFrom description: From date schema: type: string style: form - in: query name: dateTo description: To date schema: type: string style: form - in: query name: first description: Paging offset schema: type: integer format: int32 style: form - in: query name: ipAddress description: IP address schema: type: string style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form - in: query name: type description: The types of events to return schema: type: array items: type: string style: form - in: query name: user description: User id schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true delete: tags: - Realms Admin summary: Delete all events responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/events/config: get: tags: - Realms Admin summary: Get the events provider configuration Returns JSON object with events provider configuration responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/RealmEventsConfigRepresentation' put: tags: - Realms Admin summary: Update the events provider Change the events provider and/or its configuration requestBody: content: application/json: schema: $ref: '#/components/schemas/RealmEventsConfigRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/group-by-path/{path}: get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/GroupRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: path required: true schema: type: string style: simple /{realm}/groups: get: tags: - Groups summary: Get group hierarchy. parameters: - in: query name: briefRepresentation schema: type: boolean style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Groups summary: create or add a top level realm groupSet or create child. requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/groups/count: get: tags: - Groups summary: Returns the groups counts. parameters: - in: query name: search schema: type: string style: form - in: query name: top schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/groups/{id}: get: tags: - Groups responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/GroupRepresentation' put: tags: - Groups summary: Update group, ignores subgroups. requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRepresentation' required: true responses: 2XX: description: success delete: tags: - Groups responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/groups/{id}/children: post: tags: - Groups summary: Set or create child. requestBody: content: application/json: schema: $ref: '#/components/schemas/GroupRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/groups/{id}/management/permissions: get: tags: - Groups summary: Return object stating whether client Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' put: tags: - Groups summary: Return object stating whether client Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/groups/{id}/members: get: tags: - Groups summary: Get users Returns a stream of users, filtered according to query parameters parameters: - in: query name: briefRepresentation description: "Only return basic information (only guaranteed to return id,\ \ username, created, first and last name,\n email, enabled state, email\ \ verification state, federation link, and access.\n Note that it means\ \ that namely user attributes, required actions, and not before are not\ \ returned.)" schema: type: boolean style: form - in: query name: first description: Pagination offset schema: type: integer format: int32 style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/groups/{id}/role-mappings: get: tags: - Role Mapper summary: Get role mappings responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/MappingsRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/groups/{id}/role-mappings/clients/{client}: get: tags: - Client Role Mappings summary: Get client-level role mappings for the user, and the app responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Client Role Mappings summary: Add client-level roles to the user role mapping requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Client Role Mappings summary: Delete client-level roles from user role mapping requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/groups/{id}/role-mappings/clients/{client}/available: get: tags: - Client Role Mappings summary: Get available client-level roles that can be mapped to the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/groups/{id}/role-mappings/clients/{client}/composite: get: tags: - Client Role Mappings summary: Get effective client-level role mappings This recurses any composite roles parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/groups/{id}/role-mappings/realm: get: tags: - Role Mapper summary: Get realm-level role mappings responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Role Mapper summary: Add realm-level role mappings to the user requestBody: description: Roles to add content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Role Mapper summary: Delete realm-level role mappings requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/groups/{id}/role-mappings/realm/available: get: tags: - Role Mapper summary: Get realm-level roles that can be mapped responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/groups/{id}/role-mappings/realm/composite: get: tags: - Role Mapper summary: Get effective realm-level role mappings This will recurse all composite roles to get the result. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/identity-provider/import-config: post: tags: - Identity Providers summary: Import identity provider from uploaded JSON file responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/identity-provider/instances: get: tags: - Identity Providers summary: Get identity providers responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Identity Providers summary: Create a new identity provider requestBody: description: JSON body content: application/json: schema: $ref: '#/components/schemas/IdentityProviderRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/identity-provider/instances/{alias}: get: tags: - Identity Providers summary: Get the identity provider responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/IdentityProviderRepresentation' put: tags: - Identity Providers summary: Update the identity provider requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentityProviderRepresentation' required: true responses: 2XX: description: success delete: tags: - Identity Providers summary: Delete the identity provider responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple /{realm}/identity-provider/instances/{alias}/export: get: tags: - Identity Providers summary: Export public broker configuration for identity provider parameters: - in: query name: format description: Format to use schema: type: string style: form responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple /{realm}/identity-provider/instances/{alias}/management/permissions: get: tags: - Identity Providers summary: Return object stating whether client Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' put: tags: - Identity Providers summary: Return object stating whether client Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple /{realm}/identity-provider/instances/{alias}/mapper-types: get: tags: - Identity Providers summary: Get mapper types for identity provider responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple /{realm}/identity-provider/instances/{alias}/mappers: get: tags: - Identity Providers summary: Get mappers for identity provider responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Identity Providers summary: Add a mapper to identity provider requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentityProviderMapperRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple /{realm}/identity-provider/instances/{alias}/mappers/{id}: get: tags: - Identity Providers summary: Get mapper by id for the identity provider responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/IdentityProviderMapperRepresentation' put: tags: - Identity Providers summary: Update a mapper for the identity provider requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentityProviderMapperRepresentation' required: true responses: 2XX: description: success delete: tags: - Identity Providers summary: Delete a mapper for the identity provider responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: alias required: true schema: type: string style: simple - in: path name: id description: Mapper id required: true schema: type: string style: simple /{realm}/identity-provider/providers/{provider_id}: get: tags: - Identity Providers summary: Get identity providers responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: provider_id description: Provider id required: true schema: type: string style: simple /{realm}/keys: get: tags: - Key responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/KeysMetadataRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/ldap-server-capabilities: post: tags: - Realms Admin summary: Get LDAP supported extensions. requestBody: description: LDAP configuration content: application/json: schema: $ref: '#/components/schemas/TestLdapConnectionRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/localization: get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/localization/{locale}: get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true post: tags: - Realms Admin requestBody: content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: locale required: true schema: type: string style: simple /{realm}/localization/{locale}/{key}: get: tags: - Realms Admin responses: 2XX: description: success content: text/plain: schema: type: string put: tags: - Realms Admin requestBody: content: text/plain: schema: type: string required: true responses: 2XX: description: success delete: tags: - Realms Admin responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: locale required: true schema: type: string style: simple - in: path name: key required: true schema: type: string style: simple /{realm}/logout-all: post: tags: - Realms Admin summary: Removes all user sessions. responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/GlobalRequestResult' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/partial-export: post: tags: - Realms Admin summary: Partial export of existing realm into a JSON file. parameters: - in: query name: exportClients schema: type: boolean style: form - in: query name: exportGroupsAndRoles schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/RealmRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/partialImport: post: tags: - Realms Admin summary: Partial import from a JSON file to an existing realm. requestBody: content: application/json: schema: $ref: '#/components/schemas/PartialImportRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/push-revocation: post: tags: - Realms Admin summary: Push the realm’s revocation policy to any client that has an admin url associated with it. responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/roles: get: tags: - Roles summary: Get all roles for the realm or client parameters: - in: query name: briefRepresentation schema: type: boolean style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles summary: Create a new role for the realm or client requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/roles-by-id/{role-id}: get: tags: - Roles (by ID) summary: Get a specific role’s representation responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/RoleRepresentation' put: tags: - Roles (by ID) summary: Update the role requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Roles (by ID) summary: Delete the role responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id description: id of role required: true schema: type: string style: simple /{realm}/roles-by-id/{role-id}/composites: get: tags: - Roles (by ID) summary: Get role’s children Returns a set of role’s children provided the role is a composite. parameters: - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles (by ID) summary: Make the role a composite role by associating some child roles requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Roles (by ID) summary: Remove a set of roles from the role’s composite requestBody: description: A set of roles to be removed content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id description: Role id required: true schema: type: string style: simple /{realm}/roles-by-id/{role-id}/composites/clients/{clientUuid}: get: tags: - Roles (by ID) summary: Get client-level roles for the client that are in the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id required: true schema: type: string style: simple - in: path name: clientUuid required: true schema: type: string style: simple /{realm}/roles-by-id/{role-id}/composites/realm: get: tags: - Roles (by ID) summary: Get realm-level roles that are in the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id required: true schema: type: string style: simple /{realm}/roles-by-id/{role-id}/management/permissions: get: tags: - Roles (by ID) summary: Return object stating whether role Authoirzation permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' put: tags: - Roles (by ID) summary: Return object stating whether role Authoirzation permissions have been initialized or not and a reference requestBody: content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-id required: true schema: type: string style: simple /{realm}/roles/{role-name}: get: tags: - Roles summary: Get a role by name responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/RoleRepresentation' put: tags: - Roles summary: Update a role by name requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Roles summary: Delete a role by name responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple /{realm}/roles/{role-name}/composites: get: tags: - Roles summary: Get composites of the role responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Roles summary: Add a composite to the role requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Roles summary: Remove roles from the role’s composite requestBody: description: roles to remove content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple /{realm}/roles/{role-name}/composites/clients/{clientUuid}: get: tags: - Roles summary: Get client-level roles for the client that are in the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple - in: path name: clientUuid required: true schema: type: string style: simple /{realm}/roles/{role-name}/composites/realm: get: tags: - Roles summary: Get realm-level roles of the role’s composite responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: role’s name (not id!) required: true schema: type: string style: simple /{realm}/roles/{role-name}/groups: get: tags: - Roles summary: Returns a stream of groups that have the specified role name parameters: - in: query name: briefRepresentation description: if false, return a full representation of the {@code GroupRepresentation} objects. schema: type: boolean style: form - in: query name: first description: first result to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form - in: query name: max description: maximum number of results to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: the role name. required: true schema: type: string style: simple /{realm}/roles/{role-name}/management/permissions: get: tags: - Roles summary: Return object stating whether role Authorization permissions have been initialized or not and a reference responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' put: tags: - Roles summary: Return object stating whether role Authorization permissions have been initialized or not and a reference requestBody: content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name required: true schema: type: string style: simple /{realm}/roles/{role-name}/users: get: tags: - Roles summary: Returns a stream of users that have the specified role name. parameters: - in: query name: first description: first result to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form - in: query name: max description: maximum number of results to return. Ignored if negative or {@code null}. schema: type: integer format: int32 style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: role-name description: the role name. required: true schema: type: string style: simple /{realm}/sessions/{session}: delete: tags: - Realms Admin summary: Remove a specific user session. responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: session required: true schema: type: string style: simple /{realm}/testLDAPConnection: post: tags: - Realms Admin summary: Test LDAP connection requestBody: content: application/json: schema: $ref: '#/components/schemas/TestLdapConnectionRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/testSMTPConnection: post: tags: - Realms Admin requestBody: content: application/json: schema: type: object additionalProperties: true required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/user-storage/{id}/name: get: tags: - User Storage Provider summary: Need this for admin console to display simple name of provider when displaying user detail KEYCLOAK-4328 responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/user-storage/{id}/remove-imported-users: post: tags: - User Storage Provider summary: Remove imported users responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/user-storage/{id}/sync: post: tags: - User Storage Provider summary: Trigger sync of users Action can be "triggerFullSync" or "triggerChangedUsersSync" parameters: - in: query name: action schema: type: string style: form responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/SynchronizationResult' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/user-storage/{id}/unlink-users: post: tags: - User Storage Provider summary: Unlink imported users from a storage provider responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/user-storage/{parentId}/mappers/{id}/sync: post: tags: - User Storage Provider summary: Trigger sync of mapper data related to ldap mapper (roles, groups, …​) direction is "fedToKeycloak" or "keycloakToFed" parameters: - in: query name: direction schema: type: string style: form responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/SynchronizationResult' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: parentId required: true schema: type: string style: simple - in: path name: id required: true schema: type: string style: simple /{realm}/users: get: tags: - Users summary: Get users Returns a stream of users, filtered according to query parameters. parameters: - in: query name: briefRepresentation description: 'Boolean which defines whether brief representations are returned (default: false)' schema: type: boolean style: form - in: query name: email description: A String contained in email, or the complete email, if param "exact" is true schema: type: string style: form - in: query name: emailVerified description: whether the email has been verified schema: type: boolean style: form - in: query name: enabled description: Boolean representing if user is enabled or not schema: type: boolean style: form - in: query name: exact description: Boolean which defines whether the params "last", "first", "email" and "username" must match exactly schema: type: boolean style: form - in: query name: first description: Pagination offset schema: type: integer format: int32 style: form - in: query name: firstName description: A String contained in firstName, or the complete firstName, if param "exact" is true schema: type: string style: form - in: query name: idpAlias description: The alias of an Identity Provider linked to the user schema: type: string style: form - in: query name: idpUserId description: The userId at an Identity Provider linked to the user schema: type: string style: form - in: query name: lastName description: A String contained in lastName, or the complete lastName, if param "exact" is true schema: type: string style: form - in: query name: max description: Maximum results size (defaults to 100) schema: type: integer format: int32 style: form - in: query name: q description: A query to search for custom attributes, in the format 'key1:value2 key2:value2' schema: type: string style: form - in: query name: search description: A String contained in username, first or last name, or email schema: type: string style: form - in: query name: username description: A String contained in username, or the complete username, if param "exact" is true schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Users summary: Create a new user Username must be unique. requestBody: content: application/json: schema: $ref: '#/components/schemas/UserRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/users-management-permissions: get: tags: - Realms Admin responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' put: tags: - Realms Admin requestBody: content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' required: true responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/ManagementPermissionReference' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/users/count: get: tags: - Users summary: Returns the number of users that match the given criteria. parameters: - in: query name: email description: email filter schema: type: string style: form - in: query name: emailVerified schema: type: boolean style: form - in: query name: enabled description: Boolean representing if user is enabled or not schema: type: boolean style: form - in: query name: firstName description: first name filter schema: type: string style: form - in: query name: lastName description: last name filter schema: type: string style: form - in: query name: search description: arbitrary search string for all the fields below schema: type: string style: form - in: query name: username description: username filter schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: integer format: int32 parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/users/profile: get: tags: - Users responses: 2XX: description: success content: application/json: schema: type: string put: tags: - Users requestBody: content: application/json: schema: type: string required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple /{realm}/users/{id}: get: tags: - Users summary: Get representation of the user responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/UserRepresentation' put: tags: - Users summary: Update the user requestBody: content: application/json: schema: $ref: '#/components/schemas/UserRepresentation' required: true responses: 2XX: description: success delete: tags: - Users summary: Delete the user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/configured-user-storage-credential-types: get: tags: - Users summary: Return credential types, which are provided by the user storage where user is stored. responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/consents: get: tags: - Users summary: Get consents granted by the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/consents/{client}: delete: tags: - Users summary: Revoke consent and offline tokens for particular client from user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: client description: Client id required: true schema: type: string style: simple /{realm}/users/{id}/credentials: get: tags: - Users responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/credentials/{credentialId}: delete: tags: - Users summary: Remove a credential for a user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: credentialId required: true schema: type: string style: simple /{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId}: post: tags: - Users summary: Move a credential to a position behind another credential responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: credentialId description: The credential to move required: true schema: type: string style: simple - in: path name: newPreviousCredentialId description: The credential that will be the previous element in the list. If set to null, the moved credential will be the first element in the list. required: true schema: type: string style: simple /{realm}/users/{id}/credentials/{credentialId}/moveToFirst: post: tags: - Users summary: Move a credential to a first position in the credentials list of the user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: credentialId description: The credential to move required: true schema: type: string style: simple /{realm}/users/{id}/credentials/{credentialId}/userLabel: put: tags: - Users summary: Update a credential label for a user requestBody: content: text/plain: schema: type: string required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: credentialId required: true schema: type: string style: simple /{realm}/users/{id}/disable-credential-types: put: tags: - Users summary: Disable all credentials for a user of a specific type requestBody: content: application/json: schema: type: array items: type: string required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/execute-actions-email: put: tags: - Users summary: Send a update account email to the user An email contains a link the user can click to perform a set of required actions. parameters: - in: query name: client_id description: Client id schema: type: string style: form - in: query name: lifespan description: Number of seconds after which the generated token expires schema: type: integer format: int32 style: form - in: query name: redirect_uri description: Redirect uri schema: type: string style: form requestBody: description: required actions the user needs to complete content: application/json: schema: type: array items: type: string required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/federated-identity: get: tags: - Users summary: Get social logins associated with the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/federated-identity/{provider}: post: tags: - Users summary: Add a social login provider to the user requestBody: content: application/json: schema: $ref: '#/components/schemas/FederatedIdentityRepresentation' required: true responses: 2XX: description: success delete: tags: - Users summary: Remove a social login provider from user responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: provider description: Social login provider id required: true schema: type: string style: simple /{realm}/users/{id}/groups: get: tags: - Users parameters: - in: query name: briefRepresentation schema: type: boolean style: form - in: query name: first schema: type: integer format: int32 style: form - in: query name: max schema: type: integer format: int32 style: form - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/groups/count: get: tags: - Users parameters: - in: query name: search schema: type: string style: form responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/groups/{groupId}: put: tags: - Users responses: 2XX: description: success delete: tags: - Users responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: groupId required: true schema: type: string style: simple /{realm}/users/{id}/impersonation: post: tags: - Users summary: Impersonate the user responses: 2XX: description: success content: application/json: schema: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/logout: post: tags: - Users summary: Remove all user sessions associated with the user Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user. responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/offline-sessions/{clientUuid}: get: tags: - Users summary: Get offline sessions associated with the user and client responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: clientUuid required: true schema: type: string style: simple /{realm}/users/{id}/reset-password: put: tags: - Users summary: Set up a new password for the user. requestBody: description: The representation must contain a rawPassword with the plain-text password content: application/json: schema: $ref: '#/components/schemas/CredentialRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/role-mappings: get: tags: - Role Mapper summary: Get role mappings responses: 2XX: description: success content: application/json: schema: $ref: '#/components/schemas/MappingsRepresentation' parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/role-mappings/clients/{client}: get: tags: - Client Role Mappings summary: Get client-level role mappings for the user, and the app responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Client Role Mappings summary: Add client-level roles to the user role mapping requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Client Role Mappings summary: Delete client-level roles from user role mapping requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/users/{id}/role-mappings/clients/{client}/available: get: tags: - Client Role Mappings summary: Get available client-level roles that can be mapped to the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/users/{id}/role-mappings/clients/{client}/composite: get: tags: - Client Role Mappings summary: Get effective client-level role mappings This recurses any composite roles parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple - in: path name: client required: true schema: type: string style: simple /{realm}/users/{id}/role-mappings/realm: get: tags: - Role Mapper summary: Get realm-level role mappings responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true post: tags: - Role Mapper summary: Add realm-level role mappings to the user requestBody: description: Roles to add content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success delete: tags: - Role Mapper summary: Delete realm-level role mappings requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleRepresentation' required: true responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/role-mappings/realm/available: get: tags: - Role Mapper summary: Get realm-level roles that can be mapped responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/role-mappings/realm/composite: get: tags: - Role Mapper summary: Get effective realm-level role mappings This will recurse all composite roles to get the result. parameters: - in: query name: briefRepresentation description: if false, return roles with their attributes schema: type: boolean style: form responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/send-verify-email: put: tags: - Users summary: Send an email-verification email to the user An email contains a link the user can click to verify their email address. parameters: - in: query name: client_id description: Client id schema: type: string style: form - in: query name: redirect_uri description: Redirect uri schema: type: string style: form responses: 2XX: description: success parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple /{realm}/users/{id}/sessions: get: tags: - Users summary: Get sessions associated with the user responses: 2XX: description: success content: application/json: schema: type: array items: type: object additionalProperties: true parameters: - in: path name: realm description: realm name (not id!) required: true schema: type: string style: simple - in: path name: id description: User id required: true schema: type: string style: simple components: securitySchemes: access_token: type: http scheme: bearer bearerFormat: string schemas: AccessToken: type: object properties: acr: type: string address: $ref: '#/components/schemas/AddressClaimSet' allowed-origins: type: array items: type: string at_hash: type: string auth_time: type: integer format: int64 authorization: $ref: '#/components/schemas/AccessToken-Authorization' azp: type: string birthdate: type: string c_hash: type: string category: type: string enum: - INTERNAL - ACCESS - ID - ADMIN - USERINFO - LOGOUT - AUTHORIZATION_RESPONSE claims_locales: type: string cnf: $ref: '#/components/schemas/AccessToken-CertConf' email: type: string email_verified: type: boolean exp: type: integer format: int64 family_name: type: string gender: type: string given_name: type: string iat: type: integer format: int64 iss: type: string jti: type: string locale: type: string middle_name: type: string name: type: string nbf: type: integer format: int64 nickname: type: string nonce: type: string otherClaims: type: object additionalProperties: true phone_number: type: string phone_number_verified: type: boolean picture: type: string preferred_username: type: string profile: type: string realm_access: $ref: '#/components/schemas/AccessToken-Access' s_hash: type: string scope: type: string session_state: type: string sid: type: string sub: type: string trusted-certs: type: array items: type: string typ: type: string updated_at: type: integer format: int64 website: type: string zoneinfo: type: string AccessToken-Access: type: object properties: roles: type: array items: type: string verify_caller: type: boolean AccessToken-Authorization: type: object properties: permissions: type: array items: $ref: '#/components/schemas/Permission' AccessToken-CertConf: type: object properties: x5t#S256: type: string AddressClaimSet: type: object properties: country: type: string formatted: type: string locality: type: string postal_code: type: string region: type: string street_address: type: string AuthenticationExecutionExportRepresentation: type: object properties: authenticator: type: string authenticatorConfig: type: string authenticatorFlow: type: boolean flowAlias: type: string priority: type: integer format: int32 requirement: type: string userSetupAllowed: type: boolean AuthenticationExecutionInfoRepresentation: type: object properties: alias: type: string authenticationConfig: type: string authenticationFlow: type: boolean configurable: type: boolean description: type: string displayName: type: string flowId: type: string id: type: string index: type: integer format: int32 level: type: integer format: int32 providerId: type: string requirement: type: string requirementChoices: type: array items: type: string AuthenticationExecutionRepresentation: type: object properties: authenticator: type: string authenticatorConfig: type: string authenticatorFlow: type: boolean flowId: type: string id: type: string parentFlow: type: string priority: type: integer format: int32 requirement: type: string AuthenticationFlowRepresentation: type: object properties: alias: type: string authenticationExecutions: type: array items: $ref: '#/components/schemas/AuthenticationExecutionExportRepresentation' builtIn: type: boolean description: type: string id: type: string providerId: type: string topLevel: type: boolean AuthenticatorConfigInfoRepresentation: type: object properties: helpText: type: string name: type: string properties: type: array items: $ref: '#/components/schemas/ConfigPropertyRepresentation' providerId: type: string AuthenticatorConfigRepresentation: type: object properties: alias: type: string config: type: object additionalProperties: true id: type: string CertificateRepresentation: type: object properties: certificate: type: string kid: type: string privateKey: type: string publicKey: type: string ClientInitialAccessCreatePresentation: type: object properties: count: type: integer format: int32 expiration: type: integer format: int32 ClientInitialAccessPresentation: type: object properties: count: type: integer format: int32 expiration: type: integer format: int32 id: type: string remainingCount: type: integer format: int32 timestamp: type: integer format: int32 token: type: string ClientMappingsRepresentation: type: object properties: client: type: string id: type: string mappings: type: array items: $ref: '#/components/schemas/RoleRepresentation' ClientPoliciesRepresentation: type: object properties: policies: type: array items: $ref: '#/components/schemas/ClientPolicyRepresentation' ClientPolicyConditionRepresentation: type: object properties: condition: type: string configuration: $ref: '#/components/schemas/JsonNode' ClientPolicyExecutorRepresentation: type: object properties: configuration: $ref: '#/components/schemas/JsonNode' executor: type: string ClientPolicyRepresentation: type: object properties: conditions: type: array items: $ref: '#/components/schemas/ClientPolicyConditionRepresentation' description: type: string enabled: type: boolean name: type: string profiles: type: array items: type: string ClientProfileRepresentation: type: object properties: description: type: string executors: type: array items: $ref: '#/components/schemas/ClientPolicyExecutorRepresentation' name: type: string ClientProfilesRepresentation: type: object properties: globalProfiles: type: array items: $ref: '#/components/schemas/ClientProfileRepresentation' profiles: type: array items: $ref: '#/components/schemas/ClientProfileRepresentation' ClientRepresentation: type: object properties: access: type: object additionalProperties: true adminUrl: type: string alwaysDisplayInConsole: type: boolean attributes: type: object additionalProperties: true authenticationFlowBindingOverrides: type: object additionalProperties: true authorizationServicesEnabled: type: boolean authorizationSettings: $ref: '#/components/schemas/ResourceServerRepresentation' baseUrl: type: string bearerOnly: type: boolean clientAuthenticatorType: type: string clientId: type: string consentRequired: type: boolean defaultClientScopes: type: array items: type: string description: type: string directAccessGrantsEnabled: type: boolean enabled: type: boolean frontchannelLogout: type: boolean fullScopeAllowed: type: boolean id: type: string implicitFlowEnabled: type: boolean name: type: string nodeReRegistrationTimeout: type: integer format: int32 notBefore: type: integer format: int32 oauth2DeviceAuthorizationGrantEnabled: type: boolean optionalClientScopes: type: array items: type: string origin: type: string protocol: type: string protocolMappers: type: array items: $ref: '#/components/schemas/ProtocolMapperRepresentation' publicClient: type: boolean redirectUris: type: array items: type: string registeredNodes: type: object additionalProperties: true registrationAccessToken: type: string rootUrl: type: string secret: type: string serviceAccountsEnabled: type: boolean standardFlowEnabled: type: boolean surrogateAuthRequired: type: boolean webOrigins: type: array items: type: string ClientScopeEvaluateResource-ProtocolMapperEvaluationRepresentation: type: object properties: containerId: type: string containerName: type: string containerType: type: string mapperId: type: string mapperName: type: string protocolMapper: type: string ClientScopeRepresentation: type: object properties: attributes: type: object additionalProperties: true description: type: string id: type: string name: type: string protocol: type: string protocolMappers: type: array items: $ref: '#/components/schemas/ProtocolMapperRepresentation' ComponentExportRepresentation: type: object properties: config: $ref: '#/components/schemas/MultivaluedHashMap' id: type: string name: type: string providerId: type: string subComponents: $ref: '#/components/schemas/MultivaluedHashMap' subType: type: string ComponentRepresentation: type: object properties: config: $ref: '#/components/schemas/MultivaluedHashMap' id: type: string name: type: string parentId: type: string providerId: type: string providerType: type: string subType: type: string ConfigPropertyRepresentation: type: object properties: defaultValue: type: object helpText: type: string label: type: string name: type: string options: type: array items: type: string readOnly: type: boolean secret: type: boolean type: type: string CredentialRepresentation: type: object properties: createdDate: type: integer format: int64 credentialData: type: string id: type: string priority: type: integer format: int32 secretData: type: string temporary: type: boolean type: type: string userLabel: type: string value: type: string FederatedIdentityRepresentation: type: object properties: identityProvider: type: string userId: type: string userName: type: string GlobalRequestResult: type: object properties: failedRequests: type: array items: type: string successRequests: type: array items: type: string GroupRepresentation: type: object properties: access: type: object additionalProperties: true attributes: type: object additionalProperties: true clientRoles: type: object additionalProperties: true id: type: string name: type: string path: type: string realmRoles: type: array items: type: string subGroups: type: array items: $ref: '#/components/schemas/GroupRepresentation' IDToken: type: object properties: acr: type: string address: $ref: '#/components/schemas/AddressClaimSet' at_hash: type: string auth_time: type: integer format: int64 azp: type: string birthdate: type: string c_hash: type: string category: type: string enum: - INTERNAL - ACCESS - ID - ADMIN - USERINFO - LOGOUT - AUTHORIZATION_RESPONSE claims_locales: type: string email: type: string email_verified: type: boolean exp: type: integer format: int64 family_name: type: string gender: type: string given_name: type: string iat: type: integer format: int64 iss: type: string jti: type: string locale: type: string middle_name: type: string name: type: string nbf: type: integer format: int64 nickname: type: string nonce: type: string otherClaims: type: object additionalProperties: true phone_number: type: string phone_number_verified: type: boolean picture: type: string preferred_username: type: string profile: type: string s_hash: type: string session_state: type: string sid: type: string sub: type: string typ: type: string updated_at: type: integer format: int64 website: type: string zoneinfo: type: string IdentityProviderMapperRepresentation: type: object properties: config: type: object additionalProperties: true id: type: string identityProviderAlias: type: string identityProviderMapper: type: string name: type: string IdentityProviderRepresentation: type: object properties: addReadTokenRoleOnCreate: type: boolean alias: type: string config: type: object additionalProperties: true displayName: type: string enabled: type: boolean firstBrokerLoginFlowAlias: type: string internalId: type: string linkOnly: type: boolean postBrokerLoginFlowAlias: type: string providerId: type: string storeToken: type: boolean trustEmail: type: boolean JsonNode: type: object properties: array: type: boolean bigDecimal: type: boolean bigInteger: type: boolean binary: type: boolean boolean: type: boolean containerNode: type: boolean double: type: boolean empty: type: boolean float: type: boolean floatingPointNumber: type: boolean int: type: boolean integralNumber: type: boolean long: type: boolean missingNode: type: boolean nodeType: type: string enum: - ARRAY - BINARY - BOOLEAN - MISSING - 'NULL' - NUMBER - OBJECT - POJO - STRING 'null': type: boolean number: type: boolean object: type: boolean pojo: type: boolean short: type: boolean textual: type: boolean valueNode: type: boolean KeyStoreConfig: type: object properties: format: type: string keyAlias: type: string keyPassword: type: string realmAlias: type: string realmCertificate: type: boolean storePassword: type: string KeysMetadataRepresentation: type: object properties: active: type: object additionalProperties: true keys: type: array items: $ref: '#/components/schemas/KeysMetadataRepresentation-KeyMetadataRepresentation' KeysMetadataRepresentation-KeyMetadataRepresentation: type: object properties: algorithm: type: string certificate: type: string kid: type: string providerId: type: string providerPriority: type: integer format: int64 publicKey: type: string status: type: string type: type: string use: type: string enum: - SIG - ENC ManagementPermissionReference: type: object properties: enabled: type: boolean resource: type: string scopePermissions: type: object additionalProperties: true MappingsRepresentation: type: object properties: clientMappings: type: object additionalProperties: true realmMappings: type: array items: $ref: '#/components/schemas/RoleRepresentation' MemoryInfoRepresentation: type: object properties: free: type: integer format: int64 freeFormated: type: string freePercentage: type: integer format: int64 total: type: integer format: int64 totalFormated: type: string used: type: integer format: int64 usedFormated: type: string MultivaluedHashMap: type: object properties: empty: type: boolean loadFactor: type: number format: float threshold: type: integer format: int32 PartialImportRepresentation: type: object properties: clients: type: array items: $ref: '#/components/schemas/ClientRepresentation' groups: type: array items: $ref: '#/components/schemas/GroupRepresentation' identityProviders: type: array items: $ref: '#/components/schemas/IdentityProviderRepresentation' ifResourceExists: type: string policy: type: string enum: - SKIP - OVERWRITE - FAIL roles: $ref: '#/components/schemas/RolesRepresentation' users: type: array items: $ref: '#/components/schemas/UserRepresentation' PasswordPolicyTypeRepresentation: type: object properties: configType: type: string defaultValue: type: string displayName: type: string id: type: string multipleSupported: type: boolean Permission: type: object properties: claims: type: object additionalProperties: true rsid: type: string rsname: type: string scopes: type: array items: type: string PolicyRepresentation: type: object properties: config: type: object additionalProperties: true decisionStrategy: type: string enum: - AFFIRMATIVE - UNANIMOUS - CONSENSUS description: type: string id: type: string logic: type: string enum: - POSITIVE - NEGATIVE name: type: string owner: type: string policies: type: array items: type: string resources: type: array items: type: string resourcesData: type: array items: $ref: '#/components/schemas/ResourceRepresentation' scopes: type: array items: type: string scopesData: type: array items: $ref: '#/components/schemas/ScopeRepresentation' type: type: string ProfileInfoRepresentation: type: object properties: disabledFeatures: type: array items: type: string experimentalFeatures: type: array items: type: string name: type: string previewFeatures: type: array items: type: string ProtocolMapperRepresentation: type: object properties: config: type: object additionalProperties: true id: type: string name: type: string protocol: type: string protocolMapper: type: string ProviderRepresentation: type: object properties: operationalInfo: type: object additionalProperties: true order: type: integer format: int32 RealmEventsConfigRepresentation: type: object properties: adminEventsDetailsEnabled: type: boolean adminEventsEnabled: type: boolean enabledEventTypes: type: array items: type: string eventsEnabled: type: boolean eventsExpiration: type: integer format: int64 eventsListeners: type: array items: type: string RealmRepresentation: type: object properties: accessCodeLifespan: type: integer format: int32 accessCodeLifespanLogin: type: integer format: int32 accessCodeLifespanUserAction: type: integer format: int32 accessTokenLifespan: type: integer format: int32 accessTokenLifespanForImplicitFlow: type: integer format: int32 accountTheme: type: string actionTokenGeneratedByAdminLifespan: type: integer format: int32 actionTokenGeneratedByUserLifespan: type: integer format: int32 adminEventsDetailsEnabled: type: boolean adminEventsEnabled: type: boolean adminTheme: type: string attributes: type: object additionalProperties: true authenticationFlows: type: array items: $ref: '#/components/schemas/AuthenticationFlowRepresentation' authenticatorConfig: type: array items: $ref: '#/components/schemas/AuthenticatorConfigRepresentation' browserFlow: type: string browserSecurityHeaders: type: object additionalProperties: true bruteForceProtected: type: boolean clientAuthenticationFlow: type: string clientOfflineSessionIdleTimeout: type: integer format: int32 clientOfflineSessionMaxLifespan: type: integer format: int32 clientPolicies: $ref: '#/components/schemas/JsonNode' clientProfiles: $ref: '#/components/schemas/JsonNode' clientScopeMappings: type: object additionalProperties: true clientScopes: type: array items: $ref: '#/components/schemas/ClientScopeRepresentation' clientSessionIdleTimeout: type: integer format: int32 clientSessionMaxLifespan: type: integer format: int32 clients: type: array items: $ref: '#/components/schemas/ClientRepresentation' components: $ref: '#/components/schemas/MultivaluedHashMap' defaultDefaultClientScopes: type: array items: type: string defaultGroups: type: array items: type: string defaultLocale: type: string defaultOptionalClientScopes: type: array items: type: string defaultRole: $ref: '#/components/schemas/RoleRepresentation' defaultSignatureAlgorithm: type: string directGrantFlow: type: string displayName: type: string displayNameHtml: type: string dockerAuthenticationFlow: type: string duplicateEmailsAllowed: type: boolean editUsernameAllowed: type: boolean emailTheme: type: string enabled: type: boolean enabledEventTypes: type: array items: type: string eventsEnabled: type: boolean eventsExpiration: type: integer format: int64 eventsListeners: type: array items: type: string failureFactor: type: integer format: int32 federatedUsers: type: array items: $ref: '#/components/schemas/UserRepresentation' groups: type: array items: $ref: '#/components/schemas/GroupRepresentation' id: type: string identityProviderMappers: type: array items: $ref: '#/components/schemas/IdentityProviderMapperRepresentation' identityProviders: type: array items: $ref: '#/components/schemas/IdentityProviderRepresentation' internationalizationEnabled: type: boolean keycloakVersion: type: string loginTheme: type: string loginWithEmailAllowed: type: boolean maxDeltaTimeSeconds: type: integer format: int32 maxFailureWaitSeconds: type: integer format: int32 minimumQuickLoginWaitSeconds: type: integer format: int32 notBefore: type: integer format: int32 oAuth2DeviceCodeLifespan: type: integer format: int32 oAuth2DevicePollingInterval: type: integer format: int32 oauth2DeviceCodeLifespan: type: integer format: int32 oauth2DevicePollingInterval: type: integer format: int32 offlineSessionIdleTimeout: type: integer format: int32 offlineSessionMaxLifespan: type: integer format: int32 offlineSessionMaxLifespanEnabled: type: boolean otpPolicyAlgorithm: type: string otpPolicyDigits: type: integer format: int32 otpPolicyInitialCounter: type: integer format: int32 otpPolicyLookAheadWindow: type: integer format: int32 otpPolicyPeriod: type: integer format: int32 otpPolicyType: type: string otpSupportedApplications: type: array items: type: string passwordPolicy: type: string permanentLockout: type: boolean protocolMappers: type: array items: $ref: '#/components/schemas/ProtocolMapperRepresentation' quickLoginCheckMilliSeconds: type: integer format: int64 realm: type: string refreshTokenMaxReuse: type: integer format: int32 registrationAllowed: type: boolean registrationEmailAsUsername: type: boolean registrationFlow: type: string rememberMe: type: boolean requiredActions: type: array items: $ref: '#/components/schemas/RequiredActionProviderRepresentation' resetCredentialsFlow: type: string resetPasswordAllowed: type: boolean revokeRefreshToken: type: boolean roles: $ref: '#/components/schemas/RolesRepresentation' scopeMappings: type: array items: $ref: '#/components/schemas/ScopeMappingRepresentation' smtpServer: type: object additionalProperties: true sslRequired: type: string ssoSessionIdleTimeout: type: integer format: int32 ssoSessionIdleTimeoutRememberMe: type: integer format: int32 ssoSessionMaxLifespan: type: integer format: int32 ssoSessionMaxLifespanRememberMe: type: integer format: int32 supportedLocales: type: array items: type: string userFederationMappers: type: array items: $ref: '#/components/schemas/UserFederationMapperRepresentation' userFederationProviders: type: array items: $ref: '#/components/schemas/UserFederationProviderRepresentation' userManagedAccessAllowed: type: boolean users: type: array items: $ref: '#/components/schemas/UserRepresentation' verifyEmail: type: boolean waitIncrementSeconds: type: integer format: int32 webAuthnPolicyAcceptableAaguids: type: array items: type: string webAuthnPolicyAttestationConveyancePreference: type: string webAuthnPolicyAuthenticatorAttachment: type: string webAuthnPolicyAvoidSameAuthenticatorRegister: type: boolean webAuthnPolicyCreateTimeout: type: integer format: int32 webAuthnPolicyPasswordlessAcceptableAaguids: type: array items: type: string webAuthnPolicyPasswordlessAttestationConveyancePreference: type: string webAuthnPolicyPasswordlessAuthenticatorAttachment: type: string webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: type: boolean webAuthnPolicyPasswordlessCreateTimeout: type: integer format: int32 webAuthnPolicyPasswordlessRequireResidentKey: type: string webAuthnPolicyPasswordlessRpEntityName: type: string webAuthnPolicyPasswordlessRpId: type: string webAuthnPolicyPasswordlessSignatureAlgorithms: type: array items: type: string webAuthnPolicyPasswordlessUserVerificationRequirement: type: string webAuthnPolicyRequireResidentKey: type: string webAuthnPolicyRpEntityName: type: string webAuthnPolicyRpId: type: string webAuthnPolicySignatureAlgorithms: type: array items: type: string webAuthnPolicyUserVerificationRequirement: type: string RequiredActionProviderRepresentation: type: object properties: alias: type: string config: type: object additionalProperties: true defaultAction: type: boolean enabled: type: boolean name: type: string priority: type: integer format: int32 providerId: type: string ResourceRepresentation: type: object properties: id: type: string attributes: type: object additionalProperties: true displayName: type: string icon_uri: type: string name: type: string ownerManagedAccess: type: boolean scopes: type: array items: $ref: '#/components/schemas/ScopeRepresentation' type: type: string uris: type: array items: type: string ResourceServerRepresentation: type: object properties: allowRemoteResourceManagement: type: boolean clientId: type: string decisionStrategy: type: string enum: - AFFIRMATIVE - UNANIMOUS - CONSENSUS id: type: string name: type: string policies: type: array items: $ref: '#/components/schemas/PolicyRepresentation' policyEnforcementMode: type: string enum: - ENFORCING - PERMISSIVE - DISABLED resources: type: array items: $ref: '#/components/schemas/ResourceRepresentation' scopes: type: array items: $ref: '#/components/schemas/ScopeRepresentation' RoleRepresentation: type: object properties: attributes: type: object additionalProperties: true clientRole: type: boolean composite: type: boolean composites: $ref: '#/components/schemas/RoleRepresentation-Composites' containerId: type: string description: type: string id: type: string name: type: string RoleRepresentation-Composites: type: object properties: client: type: object additionalProperties: true realm: type: array items: type: string RolesRepresentation: type: object properties: client: type: object additionalProperties: true realm: type: array items: $ref: '#/components/schemas/RoleRepresentation' ScopeMappingRepresentation: type: object properties: client: type: string clientScope: type: string roles: type: array items: type: string self: type: string ScopeRepresentation: type: object properties: displayName: type: string iconUri: type: string id: type: string name: type: string policies: type: array items: $ref: '#/components/schemas/PolicyRepresentation' resources: type: array items: $ref: '#/components/schemas/ResourceRepresentation' ServerInfoRepresentation: type: object properties: builtinProtocolMappers: type: object additionalProperties: true clientImporters: type: array items: type: object additionalProperties: true clientInstallations: type: object additionalProperties: true componentTypes: type: object additionalProperties: true enums: type: object additionalProperties: true identityProviders: type: array items: type: object additionalProperties: true memoryInfo: $ref: '#/components/schemas/MemoryInfoRepresentation' passwordPolicies: type: array items: $ref: '#/components/schemas/PasswordPolicyTypeRepresentation' profileInfo: $ref: '#/components/schemas/ProfileInfoRepresentation' protocolMapperTypes: type: object additionalProperties: true providers: type: object additionalProperties: true socialProviders: type: array items: type: object additionalProperties: true systemInfo: $ref: '#/components/schemas/SystemInfoRepresentation' themes: type: object additionalProperties: true SpiInfoRepresentation: type: object properties: internal: type: boolean providers: type: object additionalProperties: true SynchronizationResult: type: object properties: added: type: integer format: int32 failed: type: integer format: int32 ignored: type: boolean removed: type: integer format: int32 status: type: string updated: type: integer format: int32 SystemInfoRepresentation: type: object properties: fileEncoding: type: string javaHome: type: string javaRuntime: type: string javaVendor: type: string javaVersion: type: string javaVm: type: string javaVmVersion: type: string osArchitecture: type: string osName: type: string osVersion: type: string serverTime: type: string uptime: type: string uptimeMillis: type: integer format: int64 userDir: type: string userLocale: type: string userName: type: string userTimezone: type: string version: type: string TestLdapConnectionRepresentation: type: object properties: action: type: string authType: type: string bindCredential: type: string bindDn: type: string componentId: type: string connectionTimeout: type: string connectionUrl: type: string startTls: type: string useTruststoreSpi: type: string UserConsentRepresentation: type: object properties: clientId: type: string createdDate: type: integer format: int64 grantedClientScopes: type: array items: type: string lastUpdatedDate: type: integer format: int64 UserFederationMapperRepresentation: type: object properties: config: type: object additionalProperties: true federationMapperType: type: string federationProviderDisplayName: type: string id: type: string name: type: string UserFederationProviderRepresentation: type: object properties: changedSyncPeriod: type: integer format: int32 config: type: object additionalProperties: true displayName: type: string fullSyncPeriod: type: integer format: int32 id: type: string lastSync: type: integer format: int32 priority: type: integer format: int32 providerName: type: string UserRepresentation: type: object properties: access: type: object additionalProperties: true attributes: type: object additionalProperties: true clientConsents: type: array items: $ref: '#/components/schemas/UserConsentRepresentation' clientRoles: type: object additionalProperties: true createdTimestamp: type: integer format: int64 credentials: type: array items: $ref: '#/components/schemas/CredentialRepresentation' disableableCredentialTypes: type: array items: type: string email: type: string emailVerified: type: boolean enabled: type: boolean federatedIdentities: type: array items: $ref: '#/components/schemas/FederatedIdentityRepresentation' federationLink: type: string firstName: type: string groups: type: array items: type: string id: type: string lastName: type: string notBefore: type: integer format: int32 origin: type: string realmRoles: type: array items: type: string requiredActions: type: array items: type: string self: type: string serviceAccountClientId: type: string username: type: string security: - access_token: [] externalDocs: description: Schema source code url: https://github.com/keycloak/keycloak/tree/6.0.1/core/src/main/java/org/keycloak/representations