keycloak-admin-rest-api — quality + safety report

---
name: keycloak-admin-rest-api
description: "Keycloak Admin REST API skill. Use when working with Keycloak Admin REST for root, {id}, {realm}. Covers 281 endpoints."
version: 1.0.0
generator: lapsh
---

# Keycloak Admin REST API
API version: 1

## Auth
Bearer bearer

## Base URL
Not specified.

## Setup
1. Set Authorization header with your Bearer token
2. GET / -- verify access
3. POST / -- create first resource

## Endpoints

281 endpoints across 3 groups. See references/api-spec.lap for full details.

### root
| Method | Path | Description |
|--------|------|-------------|
| GET | / | Get themes, social providers, auth providers, and event listeners available on this server |
| POST | / | Import a realm   Imports a realm from a full representation of that realm. |

### {id}
| Method | Path | Description |
|--------|------|-------------|
| GET | /{id}/name | Need this for admin console to display simple name of provider when displaying client detail   KEYCLOAK-4328 |

### {realm}
| Method | Path | Description |
|--------|------|-------------|
| GET | /{realm} | Get the top-level representation of the realm   It will not include nested information like User and Client representations. |
| PUT | /{realm} | Update the top-level information of the realm   Any user, roles or client information in the representation  will be ignored. |
| DELETE | /{realm} | Delete the realm |
| GET | /{realm}/admin-events | Get admin events   Returns all admin events, or filters events based on URL query parameters listed here |
| DELETE | /{realm}/admin-events | Delete all admin events |
| DELETE | /{realm}/attack-detection/brute-force/users | Clear any user login failures for all users   This can release temporary disabled users |
| GET | /{realm}/attack-detection/brute-force/users/{userId} | Get status of a username in brute force detection |
| DELETE | /{realm}/attack-detection/brute-force/users/{userId} | Clear any user login failures for the user   This can release temporary disabled user |
| GET | /{realm}/authentication/authenticator-providers | Get authenticator providers   Returns a list of authenticator providers. |
| GET | /{realm}/authentication/client-authenticator-providers | Get client authenticator providers   Returns a list of client authenticator providers. |
| GET | /{realm}/authentication/config-description/{providerId} | Get authenticator provider’s configuration description |
| GET | /{realm}/authentication/config/{id} | Get authenticator configuration |
| PUT | /{realm}/authentication/config/{id} | Update authenticator configuration |
| DELETE | /{realm}/authentication/config/{id} | Delete authenticator configuration |
| POST | /{realm}/authentication/executions | Add new authentication execution |
| GET | /{realm}/authentication/executions/{executionId} | Get Single Execution |
| DELETE | /{realm}/authentication/executions/{executionId} | Delete execution |
| POST | /{realm}/authentication/executions/{executionId}/config | Update execution with new configuration |
| POST | /{realm}/authentication/executions/{executionId}/lower-priority | Lower execution’s priority |
| POST | /{realm}/authentication/executions/{executionId}/raise-priority | Raise execution’s priority |
| GET | /{realm}/authentication/flows | Get authentication flows   Returns a list of authentication flows. |
| POST | /{realm}/authentication/flows | Create a new authentication flow |
| POST | /{realm}/authentication/flows/{flowAlias}/copy | Copy existing authentication flow under a new name   The new name is given as 'newName' attribute of the passed JSON object |
| GET | /{realm}/authentication/flows/{flowAlias}/executions | Get authentication executions for a flow |
| PUT | /{realm}/authentication/flows/{flowAlias}/executions | Update authentication executions of a flow |
| POST | /{realm}/authentication/flows/{flowAlias}/executions/execution | Add new authentication execution to a flow |
| POST | /{realm}/authentication/flows/{flowAlias}/executions/flow | Add new flow with new execution to existing flow |
| GET | /{realm}/authentication/flows/{id} | Get authentication flow for id |
| PUT | /{realm}/authentication/flows/{id} | Update an authentication flow |
| DELETE | /{realm}/authentication/flows/{id} | Delete an authentication flow |
| GET | /{realm}/authentication/form-action-providers | Get form action providers   Returns a list of form action providers. |
| GET | /{realm}/authentication/form-providers | Get form providers   Returns a list of form providers. |
| GET | /{realm}/authentication/per-client-config-description | Get configuration descriptions for all clients |
| POST | /{realm}/authentication/register-required-action | Register a new required actions |
| GET | /{realm}/authentication/required-actions | Get required actions   Returns a list of required actions. |
| GET | /{realm}/authentication/required-actions/{alias} | Get required action for alias |
| PUT | /{realm}/authentication/required-actions/{alias} | Update required action |
| DELETE | /{realm}/authentication/required-actions/{alias} | Delete required action |
| POST | /{realm}/authentication/required-actions/{alias}/lower-priority | Lower required action’s priority |
| POST | /{realm}/authentication/required-actions/{alias}/raise-priority | Raise required action’s priority |
| GET | /{realm}/authentication/unregistered-required-actions | Get unregistered required actions   Returns a list of unregistered required actions. |
| POST | /{realm}/clear-keys-cache | Clear cache of external public keys (Public keys of clients or Identity providers) |
| POST | /{realm}/clear-realm-cache | Clear realm cache |
| POST | /{realm}/clear-user-cache | Clear user cache |
| POST | /{realm}/client-description-converter | Base path for importing clients under this realm. |
| GET | /{realm}/client-registration-policy/providers | Base path for retrieve providers with the configProperties properly filled |
| GET | /{realm}/client-scopes | Get client scopes belonging to the realm   Returns a list of client scopes belonging to the realm |
| POST | /{realm}/client-scopes | Create a new client scope   Client Scope’s name must be unique! |
| GET | /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} | Get mapper by id |
| PUT | /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} | Update the mapper |
| DELETE | /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} | Delete the mapper |
| GET | /{realm}/client-scopes/{id} | Get representation of the client scope |
| PUT | /{realm}/client-scopes/{id} | Update the client scope |
| DELETE | /{realm}/client-scopes/{id} | Delete the client scope |
| POST | /{realm}/client-scopes/{id}/protocol-mappers/add-models | Create multiple mappers |
| GET | /{realm}/client-scopes/{id}/protocol-mappers/models | Get mappers |
| POST | /{realm}/client-scopes/{id}/protocol-mappers/models | Create a mapper |
| GET | /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol} | Get mappers by name for a specific protocol |
| GET | /{realm}/client-scopes/{id}/scope-mappings | Get all scope mappings for the client |
| GET | /{realm}/client-scopes/{id}/scope-mappings/clients/{client} | Get the roles associated with a client’s scope   Returns roles for the client. |
| POST | /{realm}/client-scopes/{id}/scope-mappings/clients/{client} | Add client-level roles to the client’s scope |
| DELETE | /{realm}/client-scopes/{id}/scope-mappings/clients/{client} | Remove client-level roles from the client’s scope. |
| GET | /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available | The available client-level roles   Returns the roles for the client that can be associated with the client’s scope |
| GET | /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite | Get effective client roles   Returns the roles for the client that are associated with the client’s scope. |
| GET | /{realm}/client-scopes/{id}/scope-mappings/realm | Get realm-level roles associated with the client’s scope |
| POST | /{realm}/client-scopes/{id}/scope-mappings/realm | Add a set of realm-level roles to the client’s scope |
| DELETE | /{realm}/client-scopes/{id}/scope-mappings/realm | Remove a set of realm-level roles from the client’s scope |
| GET | /{realm}/client-scopes/{id}/scope-mappings/realm/available | Get realm-level roles that are available to attach to this client’s scope |
| GET | /{realm}/client-scopes/{id}/scope-mappings/realm/composite | Get effective realm-level roles associated with the client’s scope   What this does is recurse  any composite roles associated with the client’s scope and adds the roles to this lists. |
| GET | /{realm}/client-session-stats | Get client session stats   Returns a JSON map. |
| GET | /{realm}/clients | Get clients belonging to the realm   Returns a list of clients belonging to the realm |
| POST | /{realm}/clients | Create a new client   Client’s client_id must be unique! |
| GET | /{realm}/clients-initial-access |  |
| POST | /{realm}/clients-initial-access | Create a new initial access token. |
| DELETE | /{realm}/clients-initial-access/{id} |  |
| GET | /{realm}/clients/{id1}/protocol-mappers/models/{id2} | Get mapper by id |
| PUT | /{realm}/clients/{id1}/protocol-mappers/models/{id2} | Update the mapper |
| DELETE | /{realm}/clients/{id1}/protocol-mappers/models/{id2} | Delete the mapper |
| GET | /{realm}/clients/{id} | Get representation of the client |
| PUT | /{realm}/clients/{id} | Update the client |
| DELETE | /{realm}/clients/{id} | Delete the client |
| GET | /{realm}/clients/{id}/certificates/{attr} | Get key info |
| POST | /{realm}/clients/{id}/certificates/{attr}/download | Get a keystore file for the client, containing private key and public certificate |
| POST | /{realm}/clients/{id}/certificates/{attr}/generate | Generate a new certificate with new key pair |
| POST | /{realm}/clients/{id}/certificates/{attr}/generate-and-download | Generate a new keypair and certificate, and get the private key file   Generates a keypair and certificate and serves the private key in a specified keystore format. |
| POST | /{realm}/clients/{id}/certificates/{attr}/upload | Upload certificate and eventually private key |
| POST | /{realm}/clients/{id}/certificates/{attr}/upload-certificate | Upload only certificate, not private key |
| GET | /{realm}/clients/{id}/client-secret | Get the client secret |
| POST | /{realm}/clients/{id}/client-secret | Generate a new secret for the client |
| GET | /{realm}/clients/{id}/default-client-scopes | Get default client scopes. |
| PUT | /{realm}/clients/{id}/default-client-scopes/{clientScopeId} |  |
| DELETE | /{realm}/clients/{id}/default-client-scopes/{clientScopeId} |  |
| GET | /{realm}/clients/{id}/evaluate-scopes/generate-example-access-token | Create JSON with payload of example access token |
| GET | /{realm}/clients/{id}/evaluate-scopes/protocol-mappers | Return list of all protocol mappers, which will be used when generating tokens issued for particular client. |
| GET | /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted | Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him. |
| GET | /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted | Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him. |
| GET | /{realm}/clients/{id}/installation/providers/{providerId} |  |
| GET | /{realm}/clients/{id}/management/permissions | Return object stating whether client Authorization permissions have been initialized or not and a reference |
| PUT | /{realm}/clients/{id}/management/permissions | Return object stating whether client Authorization permissions have been initialized or not and a reference |
| POST | /{realm}/clients/{id}/nodes | Register a cluster node with the client   Manually register cluster node to this c

… (truncated)