{"files":{"SKILL.md":"---\nname: keycloak-admin-rest-api\ndescription: \"Keycloak Admin REST API skill. Use when working with Keycloak Admin REST for root, {id}, {realm}. Covers 281 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# Keycloak Admin REST API\nAPI version: 1\n\n## Auth\nBearer bearer\n\n## Base URL\nNot specified.\n\n## Setup\n1. Set Authorization header with Bearer token\n2. GET / -- get themes, social providers, auth providers, and event listeners available on this server\n3. POST / -- create first resource\n\n## Endpoints\n281 endpoints across 3 groups. See references/api-spec.lap for full details.\n\n### Root\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | / | Get themes, social providers, auth providers, and event listeners available on this server |\n| POST | / | Import a realm   Imports a realm from a full representation of that realm. |\n\n### {id}\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /{id}/name | Need this for admin console to display simple name of provider when displaying client detail   KEYCLOAK-4328 |\n\n### {realm}\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /{realm} | Get the top-level representation of the realm   It will not include nested information like User and Client representations. |\n| PUT | /{realm} | Update the top-level information of the realm   Any user, roles or client information in the representation  will be ignored. |\n| DELETE | /{realm} | Delete the realm |\n| GET | /{realm}/admin-events | Get admin events   Returns all admin events, or filters events based on URL query parameters listed here |\n| DELETE | /{realm}/admin-events | Delete all admin events |\n| DELETE | /{realm}/attack-detection/brute-force/users | Clear any user login failures for all users   This can release temporary disabled users |\n| GET | /{realm}/attack-detection/brute-force/users/{userId} | Get status of a username in brute force detection |\n| DELETE | /{realm}/attack-detection/brute-force/users/{userId} | Clear any user login failures for the user   This can release temporary disabled user |\n| GET | /{realm}/authentication/authenticator-providers | Get authenticator providers   Returns a list of authenticator providers. |\n| GET | /{realm}/authentication/client-authenticator-providers | Get client authenticator providers   Returns a list of client authenticator providers. |\n| GET | /{realm}/authentication/config-description/{providerId} | Get authenticator provider’s configuration description |\n| GET | /{realm}/authentication/config/{id} | Get authenticator configuration |\n| PUT | /{realm}/authentication/config/{id} | Update authenticator configuration |\n| DELETE | /{realm}/authentication/config/{id} | Delete authenticator configuration |\n| POST | /{realm}/authentication/executions | Add new authentication execution |\n| GET | /{realm}/authentication/executions/{executionId} | Get Single Execution |\n| DELETE | /{realm}/authentication/executions/{executionId} | Delete execution |\n| POST | /{realm}/authentication/executions/{executionId}/config | Update execution with new configuration |\n| POST | /{realm}/authentication/executions/{executionId}/lower-priority | Lower execution’s priority |\n| POST | /{realm}/authentication/executions/{executionId}/raise-priority | Raise execution’s priority |\n| GET | /{realm}/authentication/flows | Get authentication flows   Returns a list of authentication flows. |\n| POST | /{realm}/authentication/flows | Create a new authentication flow |\n| POST | /{realm}/authentication/flows/{flowAlias}/copy | Copy existing authentication flow under a new name   The new name is given as 'newName' attribute of the passed JSON object |\n| GET | /{realm}/authentication/flows/{flowAlias}/executions | Get authentication executions for a flow |\n| PUT | /{realm}/authentication/flows/{flowAlias}/executions | Update authentication executions of a flow |\n| POST | /{realm}/authentication/flows/{flowAlias}/executions/execution | Add new authentication execution to a flow |\n| POST | /{realm}/authentication/flows/{flowAlias}/executions/flow | Add new flow with new execution to existing flow |\n| GET | /{realm}/authentication/flows/{id} | Get authentication flow for id |\n| PUT | /{realm}/authentication/flows/{id} | Update an authentication flow |\n| DELETE | /{realm}/authentication/flows/{id} | Delete an authentication flow |\n| GET | /{realm}/authentication/form-action-providers | Get form action providers   Returns a list of form action providers. |\n| GET | /{realm}/authentication/form-providers | Get form providers   Returns a list of form providers. |\n| GET | /{realm}/authentication/per-client-config-description | Get configuration descriptions for all clients |\n| POST | /{realm}/authentication/register-required-action | Register a new required actions |\n| GET | /{realm}/authentication/required-actions | Get required actions   Returns a list of required actions. |\n| GET | /{realm}/authentication/required-actions/{alias} | Get required action for alias |\n| PUT | /{realm}/authentication/required-actions/{alias} | Update required action |\n| DELETE | /{realm}/authentication/required-actions/{alias} | Delete required action |\n| POST | /{realm}/authentication/required-actions/{alias}/lower-priority | Lower required action’s priority |\n| POST | /{realm}/authentication/required-actions/{alias}/raise-priority | Raise required action’s priority |\n| GET | /{realm}/authentication/unregistered-required-actions | Get unregistered required actions   Returns a list of unregistered required actions. |\n| POST | /{realm}/clear-keys-cache | Clear cache of external public keys (Public keys of clients or Identity providers) |\n| POST | /{realm}/clear-realm-cache | Clear realm cache |\n| POST | /{realm}/clear-user-cache | Clear user cache |\n| POST | /{realm}/client-description-converter | Base path for importing clients under this realm. |\n| GET | /{realm}/client-registration-policy/providers | Base path for retrieve providers with the configProperties properly filled |\n| GET | /{realm}/client-scopes | Get client scopes belonging to the realm   Returns a list of client scopes belonging to the realm |\n| POST | /{realm}/client-scopes | Create a new client scope   Client Scope’s name must be unique! |\n| GET | /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} | Get mapper by id |\n| PUT | /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} | Update the mapper |\n| DELETE | /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2} | Delete the mapper |\n| GET | /{realm}/client-scopes/{id} | Get representation of the client scope |\n| PUT | /{realm}/client-scopes/{id} | Update the client scope |\n| DELETE | /{realm}/client-scopes/{id} | Delete the client scope |\n| POST | /{realm}/client-scopes/{id}/protocol-mappers/add-models | Create multiple mappers |\n| GET | /{realm}/client-scopes/{id}/protocol-mappers/models | Get mappers |\n| POST | /{realm}/client-scopes/{id}/protocol-mappers/models | Create a mapper |\n| GET | /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol} | Get mappers by name for a specific protocol |\n| GET | /{realm}/client-scopes/{id}/scope-mappings | Get all scope mappings for the client |\n| GET | /{realm}/client-scopes/{id}/scope-mappings/clients/{client} | Get the roles associated with a client’s scope   Returns roles for the client. |\n| POST | /{realm}/client-scopes/{id}/scope-mappings/clients/{client} | Add client-level roles to the client’s scope |\n| DELETE | /{realm}/client-scopes/{id}/scope-mappings/clients/{client} | Remove client-level roles from the client’s scope. |\n| GET | /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available | The available client-level roles   Returns the roles for the client that can be associated with the client’s scope |\n| GET | /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite | Get effective client roles   Returns the roles for the client that are associated with the client’s scope. |\n| GET | /{realm}/client-scopes/{id}/scope-mappings/realm | Get realm-level roles associated with the client’s scope |\n| POST | /{realm}/client-scopes/{id}/scope-mappings/realm | Add a set of realm-level roles to the client’s scope |\n| DELETE | /{realm}/client-scopes/{id}/scope-mappings/realm | Remove a set of realm-level roles from the client’s scope |\n| GET | /{realm}/client-scopes/{id}/scope-mappings/realm/available | Get realm-level roles that are available to attach to this client’s scope |\n| GET | /{realm}/client-scopes/{id}/scope-mappings/realm/composite | Get effective realm-level roles associated with the client’s scope   What this does is recurse  any composite roles associated with the client’s scope and adds the roles to this lists. |\n| GET | /{realm}/client-session-stats | Get client session stats   Returns a JSON map. |\n| GET | /{realm}/clients | Get clients belonging to the realm   Returns a list of clients belonging to the realm |\n| POST | /{realm}/clients | Create a new client   Client’s client_id must be unique! |\n| GET | /{realm}/clients-initial-access |  |\n| POST | /{realm}/clients-initial-access | Create a new initial access token. |\n| DELETE | /{realm}/clients-initial-access/{id} |  |\n| GET | /{realm}/clients/{id1}/protocol-mappers/models/{id2} | Get mapper by id |\n| PUT | /{realm}/clients/{id1}/protocol-mappers/models/{id2} | Update the mapper |\n| DELETE | /{realm}/clients/{id1}/protocol-mappers/models/{id2} | Delete the mapper |\n| GET | /{realm}/clients/{id} | Get representation of the client |\n| PUT | /{realm}/clients/{id} | Update the client |\n| DELETE | /{realm}/clients/{id} | Delete the client |\n| GET | /{realm}/clients/{id}/certificates/{attr} | Get key info |\n| POST | /{realm}/clients/{id}/certificates/{attr}/download | Get a keystore file for the client, containing private key and public certificate |\n| POST | /{realm}/clients/{id}/certificates/{attr}/generate | Generate a new certificate with new key pair |\n| POST | /{realm}/clients/{id}/certificates/{attr}/generate-and-download | Generate a new keypair and certificate, and get the private key file   Generates a keypair and certificate and serves the private key in a specified keystore format. |\n| POST | /{realm}/clients/{id}/certificates/{attr}/upload | Upload certificate and eventually private key |\n| POST | /{realm}/clients/{id}/certificates/{attr}/upload-certificate | Upload only certificate, not private key |\n| GET | /{realm}/clients/{id}/client-secret | Get the client secret |\n| POST | /{realm}/clients/{id}/client-secret | Generate a new secret for the client |\n| GET | /{realm}/clients/{id}/default-client-scopes | Get default client scopes. |\n| PUT | /{realm}/clients/{id}/default-client-scopes/{clientScopeId} |  |\n| DELETE | /{realm}/clients/{id}/default-client-scopes/{clientScopeId} |  |\n| GET | /{realm}/clients/{id}/evaluate-scopes/generate-example-access-token | Create JSON with payload of example access token |\n| GET | /{realm}/clients/{id}/evaluate-scopes/protocol-mappers | Return list of all protocol mappers, which will be used when generating tokens issued for particular client. |\n| GET | /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted | Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him. |\n| GET | /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted | Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him. |\n| GET | /{realm}/clients/{id}/installation/providers/{providerId} |  |\n| GET | /{realm}/clients/{id}/management/permissions | Return object stating whether client Authorization permissions have been initialized or not and a reference |\n| PUT | /{realm}/clients/{id}/management/permissions | Return object stating whether client Authorization permissions have been initialized or not and a reference |\n| POST | /{realm}/clients/{id}/nodes | Register a cluster node with the client   Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle  by sending registration request to Keycloak |\n| DELETE | /{realm}/clients/{id}/nodes/{node} | Unregister a cluster node from the client |\n| GET | /{realm}/clients/{id}/offline-session-count | Get application offline session count   Returns a number of offline user sessions associated with this client   {      \"count\": number  } |\n| GET | /{realm}/clients/{id}/offline-sessions | Get offline sessions for client   Returns a list of offline user sessions associated with this client |\n| GET | /{realm}/clients/{id}/optional-client-scopes | Get optional client scopes. |\n| PUT | /{realm}/clients/{id}/optional-client-scopes/{clientScopeId} |  |\n| DELETE | /{realm}/clients/{id}/optional-client-scopes/{clientScopeId} |  |\n| POST | /{realm}/clients/{id}/protocol-mappers/add-models | Create multiple mappers |\n| GET | /{realm}/clients/{id}/protocol-mappers/models | Get mappers |\n| POST | /{realm}/clients/{id}/protocol-mappers/models | Create a mapper |\n| GET | /{realm}/clients/{id}/protocol-mappers/protocol/{protocol} | Get mappers by name for a specific protocol |\n| POST | /{realm}/clients/{id}/push-revocation | Push the client’s revocation policy to its admin URL   If the client has an admin URL, push revocation policy to it. |\n| POST | /{realm}/clients/{id}/registration-access-token | Generate a new registration access token for the client |\n| GET | /{realm}/clients/{id}/roles | Get all roles for the realm or client |\n| POST | /{realm}/clients/{id}/roles | Create a new role for the realm or client |\n| GET | /{realm}/clients/{id}/roles/{role-name} | Get a role by name |\n| PUT | /{realm}/clients/{id}/roles/{role-name} | Update a role by name |\n| DELETE | /{realm}/clients/{id}/roles/{role-name} | Delete a role by name |\n| GET | /{realm}/clients/{id}/roles/{role-name}/composites | Get composites of the role |\n| POST | /{realm}/clients/{id}/roles/{role-name}/composites | Add a composite to the role |\n| DELETE | /{realm}/clients/{id}/roles/{role-name}/composites | Remove roles from the role’s composite |\n| GET | /{realm}/clients/{id}/roles/{role-name}/composites/clients/{client} | An app-level roles for the specified app for the role’s composite |\n| GET | /{realm}/clients/{id}/roles/{role-name}/composites/realm | Get realm-level roles of the role’s composite |\n| GET | /{realm}/clients/{id}/roles/{role-name}/groups | Return List of Groups that have the specified role name |\n| GET | /{realm}/clients/{id}/roles/{role-name}/management/permissions | Return object stating whether role Authoirzation permissions have been initialized or not and a reference |\n| PUT | /{realm}/clients/{id}/roles/{role-name}/management/permissions | Return object stating whether role Authoirzation permissions have been initialized or not and a reference |\n| GET | /{realm}/clients/{id}/roles/{role-name}/users | Return List of Users that have the specified role name |\n| GET | /{realm}/clients/{id}/scope-mappings | Get all scope mappings for the client |\n| GET | /{realm}/clients/{id}/scope-mappings/clients/{client} | Get the roles associated with a client’s scope   Returns roles for the client. |\n| POST | /{realm}/clients/{id}/scope-mappings/clients/{client} | Add client-level roles to the client’s scope |\n| DELETE | /{realm}/clients/{id}/scope-mappings/clients/{client} | Remove client-level roles from the client’s scope. |\n| GET | /{realm}/clients/{id}/scope-mappings/clients/{client}/available | The available client-level roles   Returns the roles for the client that can be associated with the client’s scope |\n| GET | /{realm}/clients/{id}/scope-mappings/clients/{client}/composite | Get effective client roles   Returns the roles for the client that are associated with the client’s scope. |\n| GET | /{realm}/clients/{id}/scope-mappings/realm | Get realm-level roles associated with the client’s scope |\n| POST | /{realm}/clients/{id}/scope-mappings/realm | Add a set of realm-level roles to the client’s scope |\n| DELETE | /{realm}/clients/{id}/scope-mappings/realm | Remove a set of realm-level roles from the client’s scope |\n| GET | /{realm}/clients/{id}/scope-mappings/realm/available | Get realm-level roles that are available to attach to this client’s scope |\n| GET | /{realm}/clients/{id}/scope-mappings/realm/composite | Get effective realm-level roles associated with the client’s scope   What this does is recurse  any composite roles associated with the client’s scope and adds the roles to this lists. |\n| GET | /{realm}/clients/{id}/service-account-user | Get a user dedicated to the service account |\n| GET | /{realm}/clients/{id}/session-count | Get application session count   Returns a number of user sessions associated with this client   {      \"count\": number  } |\n| GET | /{realm}/clients/{id}/test-nodes-available | Test if registered cluster nodes are available   Tests availability by sending 'ping' request to all cluster nodes. |\n| GET | /{realm}/clients/{id}/user-sessions | Get user sessions for client   Returns a list of user sessions associated with this client |\n| GET | /{realm}/components |  |\n| POST | /{realm}/components |  |\n| GET | /{realm}/components/{id} |  |\n| PUT | /{realm}/components/{id} |  |\n| DELETE | /{realm}/components/{id} |  |\n| GET | /{realm}/components/{id}/sub-component-types | List of subcomponent types that are available to configure for a particular parent component. |\n| GET | /{realm}/credential-registrators |  |\n| GET | /{realm}/default-default-client-scopes | Get realm default client scopes. |\n| PUT | /{realm}/default-default-client-scopes/{clientScopeId} |  |\n| DELETE | /{realm}/default-default-client-scopes/{clientScopeId} |  |\n| GET | /{realm}/default-groups | Get group hierarchy. |\n| PUT | /{realm}/default-groups/{groupId} |  |\n| DELETE | /{realm}/default-groups/{groupId} |  |\n| GET | /{realm}/default-optional-client-scopes | Get realm optional client scopes. |\n| PUT | /{realm}/default-optional-client-scopes/{clientScopeId} |  |\n| DELETE | /{realm}/default-optional-client-scopes/{clientScopeId} |  |\n| GET | /{realm}/events | Get events   Returns all events, or filters them based on URL query parameters listed here |\n| DELETE | /{realm}/events | Delete all events |\n| GET | /{realm}/events/config | Get the events provider configuration   Returns JSON object with events provider configuration |\n| PUT | /{realm}/events/config | Update the events provider   Change the events provider and/or its configuration |\n| GET | /{realm}/group-by-path/{path} |  |\n| GET | /{realm}/groups | Get group hierarchy. |\n| POST | /{realm}/groups | create or add a top level realm groupSet or create child. |\n| GET | /{realm}/groups/count | Returns the groups counts. |\n| GET | /{realm}/groups/{id} |  |\n| PUT | /{realm}/groups/{id} | Update group, ignores subgroups. |\n| DELETE | /{realm}/groups/{id} |  |\n| POST | /{realm}/groups/{id}/children | Set or create child. |\n| GET | /{realm}/groups/{id}/management/permissions | Return object stating whether client Authorization permissions have been initialized or not and a reference |\n| PUT | /{realm}/groups/{id}/management/permissions | Return object stating whether client Authorization permissions have been initialized or not and a reference |\n| GET | /{realm}/groups/{id}/members | Get users   Returns a list of users, filtered according to query parameters |\n| GET | /{realm}/groups/{id}/role-mappings | Get role mappings |\n| GET | /{realm}/groups/{id}/role-mappings/clients/{client} | Get client-level role mappings for the user, and the app |\n| POST | /{realm}/groups/{id}/role-mappings/clients/{client} | Add client-level roles to the user role mapping |\n| DELETE | /{realm}/groups/{id}/role-mappings/clients/{client} | Delete client-level roles from user role mapping |\n| GET | /{realm}/groups/{id}/role-mappings/clients/{client}/available | Get available client-level roles that can be mapped to the user |\n| GET | /{realm}/groups/{id}/role-mappings/clients/{client}/composite | Get effective client-level role mappings   This recurses any composite roles |\n| GET | /{realm}/groups/{id}/role-mappings/realm | Get realm-level role mappings |\n| POST | /{realm}/groups/{id}/role-mappings/realm | Add realm-level role mappings to the user |\n| DELETE | /{realm}/groups/{id}/role-mappings/realm | Delete realm-level role mappings |\n| GET | /{realm}/groups/{id}/role-mappings/realm/available | Get realm-level roles that can be mapped |\n| GET | /{realm}/groups/{id}/role-mappings/realm/composite | Get effective realm-level role mappings   This will recurse all composite roles to get the result. |\n| POST | /{realm}/identity-provider/import-config | Import identity provider from uploaded JSON file |\n| GET | /{realm}/identity-provider/instances | Get identity providers |\n| POST | /{realm}/identity-provider/instances | Create a new identity provider |\n| GET | /{realm}/identity-provider/instances/{alias} | Get the identity provider |\n| PUT | /{realm}/identity-provider/instances/{alias} | Update the identity provider |\n| DELETE | /{realm}/identity-provider/instances/{alias} | Delete the identity provider |\n| GET | /{realm}/identity-provider/instances/{alias}/export | Export public broker configuration for identity provider |\n| GET | /{realm}/identity-provider/instances/{alias}/management/permissions | Return object stating whether client Authorization permissions have been initialized or not and a reference |\n| PUT | /{realm}/identity-provider/instances/{alias}/management/permissions | Return object stating whether client Authorization permissions have been initialized or not and a reference |\n| GET | /{realm}/identity-provider/instances/{alias}/mapper-types | Get mapper types for identity provider |\n| GET | /{realm}/identity-provider/instances/{alias}/mappers | Get mappers for identity provider |\n| POST | /{realm}/identity-provider/instances/{alias}/mappers | Add a mapper to identity provider |\n| GET | /{realm}/identity-provider/instances/{alias}/mappers/{id} | Get mapper by id for the identity provider |\n| PUT | /{realm}/identity-provider/instances/{alias}/mappers/{id} | Update a mapper for the identity provider |\n| DELETE | /{realm}/identity-provider/instances/{alias}/mappers/{id} | Delete a mapper for the identity provider |\n| GET | /{realm}/identity-provider/providers/{provider_id} | Get identity providers |\n| GET | /{realm}/keys |  |\n| POST | /{realm}/logout-all | Removes all user sessions. |\n| POST | /{realm}/partial-export | Partial export of existing realm into a JSON file. |\n| POST | /{realm}/partialImport | Partial import from a JSON file to an existing realm. |\n| POST | /{realm}/push-revocation | Push the realm’s revocation policy to any client that has an admin url associated with it. |\n| GET | /{realm}/roles | Get all roles for the realm or client |\n| POST | /{realm}/roles | Create a new role for the realm or client |\n| GET | /{realm}/roles-by-id/{role-id} | Get a specific role’s representation |\n| PUT | /{realm}/roles-by-id/{role-id} | Update the role |\n| DELETE | /{realm}/roles-by-id/{role-id} | Delete the role |\n| GET | /{realm}/roles-by-id/{role-id}/composites | Get role’s children   Returns a set of role’s children provided the role is a composite. |\n| POST | /{realm}/roles-by-id/{role-id}/composites | Make the role a composite role by associating some child roles |\n| DELETE | /{realm}/roles-by-id/{role-id}/composites | Remove a set of roles from the role’s composite |\n| GET | /{realm}/roles-by-id/{role-id}/composites/clients/{client} | Get client-level roles for the client that are in the role’s composite |\n| GET | /{realm}/roles-by-id/{role-id}/composites/realm | Get realm-level roles that are in the role’s composite |\n| GET | /{realm}/roles-by-id/{role-id}/management/permissions | Return object stating whether role Authoirzation permissions have been initialized or not and a reference |\n| PUT | /{realm}/roles-by-id/{role-id}/management/permissions | Return object stating whether role Authoirzation permissions have been initialized or not and a reference |\n| GET | /{realm}/roles/{role-name} | Get a role by name |\n| PUT | /{realm}/roles/{role-name} | Update a role by name |\n| DELETE | /{realm}/roles/{role-name} | Delete a role by name |\n| GET | /{realm}/roles/{role-name}/composites | Get composites of the role |\n| POST | /{realm}/roles/{role-name}/composites | Add a composite to the role |\n| DELETE | /{realm}/roles/{role-name}/composites | Remove roles from the role’s composite |\n| GET | /{realm}/roles/{role-name}/composites/clients/{client} | An app-level roles for the specified app for the role’s composite |\n| GET | /{realm}/roles/{role-name}/composites/realm | Get realm-level roles of the role’s composite |\n| GET | /{realm}/roles/{role-name}/groups | Return List of Groups that have the specified role name |\n| GET | /{realm}/roles/{role-name}/management/permissions | Return object stating whether role Authoirzation permissions have been initialized or not and a reference |\n| PUT | /{realm}/roles/{role-name}/management/permissions | Return object stating whether role Authoirzation permissions have been initialized or not and a reference |\n| GET | /{realm}/roles/{role-name}/users | Return List of Users that have the specified role name |\n| DELETE | /{realm}/sessions/{session} | Remove a specific user session. |\n| POST | /{realm}/testLDAPConnection | Test LDAP connection |\n| POST | /{realm}/testSMTPConnection |  |\n| GET | /{realm}/user-storage/{id}/name | Need this for admin console to display simple name of provider when displaying user detail   KEYCLOAK-4328 |\n| POST | /{realm}/user-storage/{id}/remove-imported-users | Remove imported users |\n| POST | /{realm}/user-storage/{id}/sync | Trigger sync of users   Action can be \"triggerFullSync\" or \"triggerChangedUsersSync\" |\n| POST | /{realm}/user-storage/{id}/unlink-users | Unlink imported users from a storage provider |\n| POST | /{realm}/user-storage/{parentId}/mappers/{id}/sync | Trigger sync of mapper data related to ldap mapper (roles, groups, …​)   direction is \"fedToKeycloak\" or \"keycloakToFed\" |\n| GET | /{realm}/users | Get users   Returns a list of users, filtered according to query parameters |\n| POST | /{realm}/users | Create a new user   Username must be unique. |\n| GET | /{realm}/users-management-permissions |  |\n| PUT | /{realm}/users-management-permissions |  |\n| GET | /{realm}/users/count | Returns the number of users that match the given criteria. |\n| GET | /{realm}/users/{id} | Get representation of the user |\n| PUT | /{realm}/users/{id} | Update the user |\n| DELETE | /{realm}/users/{id} | Delete the user |\n| GET | /{realm}/users/{id}/configured-user-storage-credential-types | Return credential types, which are provided by the user storage where user is stored. |\n| GET | /{realm}/users/{id}/consents | Get consents granted by the user |\n| DELETE | /{realm}/users/{id}/consents/{client} | Revoke consent and offline tokens for particular client from user |\n| GET | /{realm}/users/{id}/credentials |  |\n| DELETE | /{realm}/users/{id}/credentials/{credentialId} | Remove a credential for a user |\n| POST | /{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId} | Move a credential to a position behind another credential |\n| POST | /{realm}/users/{id}/credentials/{credentialId}/moveToFirst | Move a credential to a first position in the credentials list of the user |\n| PUT | /{realm}/users/{id}/credentials/{credentialId}/userLabel | Update a credential label for a user |\n| PUT | /{realm}/users/{id}/disable-credential-types | Disable all credentials for a user of a specific type |\n| PUT | /{realm}/users/{id}/execute-actions-email | Send a update account email to the user   An email contains a link the user can click to perform a set of required actions. |\n| GET | /{realm}/users/{id}/federated-identity | Get social logins associated with the user |\n| POST | /{realm}/users/{id}/federated-identity/{provider} | Add a social login provider to the user |\n| DELETE | /{realm}/users/{id}/federated-identity/{provider} | Remove a social login provider from user |\n| GET | /{realm}/users/{id}/groups |  |\n| GET | /{realm}/users/{id}/groups/count |  |\n| PUT | /{realm}/users/{id}/groups/{groupId} |  |\n| DELETE | /{realm}/users/{id}/groups/{groupId} |  |\n| POST | /{realm}/users/{id}/impersonation | Impersonate the user |\n| POST | /{realm}/users/{id}/logout | Remove all user sessions associated with the user   Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user. |\n| GET | /{realm}/users/{id}/offline-sessions/{clientId} | Get offline sessions associated with the user and client |\n| PUT | /{realm}/users/{id}/reset-password | Set up a new password for the user. |\n| GET | /{realm}/users/{id}/role-mappings | Get role mappings |\n| GET | /{realm}/users/{id}/role-mappings/clients/{client} | Get client-level role mappings for the user, and the app |\n| POST | /{realm}/users/{id}/role-mappings/clients/{client} | Add client-level roles to the user role mapping |\n| DELETE | /{realm}/users/{id}/role-mappings/clients/{client} | Delete client-level roles from user role mapping |\n| GET | /{realm}/users/{id}/role-mappings/clients/{client}/available | Get available client-level roles that can be mapped to the user |\n| GET | /{realm}/users/{id}/role-mappings/clients/{client}/composite | Get effective client-level role mappings   This recurses any composite roles |\n| GET | /{realm}/users/{id}/role-mappings/realm | Get realm-level role mappings |\n| POST | /{realm}/users/{id}/role-mappings/realm | Add realm-level role mappings to the user |\n| DELETE | /{realm}/users/{id}/role-mappings/realm | Delete realm-level role mappings |\n| GET | /{realm}/users/{id}/role-mappings/realm/available | Get realm-level roles that can be mapped |\n| GET | /{realm}/users/{id}/role-mappings/realm/composite | Get effective realm-level role mappings   This will recurse all composite roles to get the result. |\n| PUT | /{realm}/users/{id}/send-verify-email | Send an email-verification email to the user   An email contains a link the user can click to verify their email address. |\n| GET | /{realm}/users/{id}/sessions | Get sessions associated with the user |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"List all resource?\" -> GET /\n- \"Create a resource?\" -> POST /\n- \"List all name?\" -> GET /{id}/name\n- \"Get {realm} details?\" -> GET /{realm}\n- \"Update a {realm}?\" -> PUT /{realm}\n- \"Delete a {realm}?\" -> DELETE /{realm}\n- \"List all admin-events?\" -> GET /{realm}/admin-events\n- \"Get user details?\" -> GET /{realm}/attack-detection/brute-force/users/{userId}\n- \"Delete a user?\" -> DELETE /{realm}/attack-detection/brute-force/users/{userId}\n- \"List all authenticator-providers?\" -> GET /{realm}/authentication/authenticator-providers\n- \"List all client-authenticator-providers?\" -> GET /{realm}/authentication/client-authenticator-providers\n- \"Get config-description details?\" -> GET /{realm}/authentication/config-description/{providerId}\n- \"Get config details?\" -> GET /{realm}/authentication/config/{id}\n- \"Update a config?\" -> PUT /{realm}/authentication/config/{id}\n- \"Delete a config?\" -> DELETE /{realm}/authentication/config/{id}\n- \"Create a execution?\" -> POST /{realm}/authentication/executions\n- \"Get execution details?\" -> GET /{realm}/authentication/executions/{executionId}\n- \"Delete a execution?\" -> DELETE /{realm}/authentication/executions/{executionId}\n- \"Create a config?\" -> POST /{realm}/authentication/executions/{executionId}/config\n- \"Create a lower-priority?\" -> POST /{realm}/authentication/executions/{executionId}/lower-priority\n- \"Create a raise-priority?\" -> POST /{realm}/authentication/executions/{executionId}/raise-priority\n- \"List all flows?\" -> GET /{realm}/authentication/flows\n- \"Create a flow?\" -> POST /{realm}/authentication/flows\n- \"Create a copy?\" -> POST /{realm}/authentication/flows/{flowAlias}/copy\n- \"List all executions?\" -> GET /{realm}/authentication/flows/{flowAlias}/executions\n- \"Get flow details?\" -> GET /{realm}/authentication/flows/{id}\n- \"Update a flow?\" -> PUT /{realm}/authentication/flows/{id}\n- \"Delete a flow?\" -> DELETE /{realm}/authentication/flows/{id}\n- \"List all form-action-providers?\" -> GET /{realm}/authentication/form-action-providers\n- \"List all form-providers?\" -> GET /{realm}/authentication/form-providers\n- \"List all per-client-config-description?\" -> GET /{realm}/authentication/per-client-config-description\n- \"Create a register-required-action?\" -> POST /{realm}/authentication/register-required-action\n- \"List all required-actions?\" -> GET /{realm}/authentication/required-actions\n- \"Get required-action details?\" -> GET /{realm}/authentication/required-actions/{alias}\n- \"Update a required-action?\" -> PUT /{realm}/authentication/required-actions/{alias}\n- \"Delete a required-action?\" -> DELETE /{realm}/authentication/required-actions/{alias}\n- \"List all unregistered-required-actions?\" -> GET /{realm}/authentication/unregistered-required-actions\n- \"Create a clear-keys-cache?\" -> POST /{realm}/clear-keys-cache\n- \"Create a clear-realm-cache?\" -> POST /{realm}/clear-realm-cache\n- \"Create a clear-user-cache?\" -> POST /{realm}/clear-user-cache\n- \"Create a client-description-converter?\" -> POST /{realm}/client-description-converter\n- \"List all providers?\" -> GET /{realm}/client-registration-policy/providers\n- \"List all client-scopes?\" -> GET /{realm}/client-scopes\n- \"Create a client-scope?\" -> POST /{realm}/client-scopes\n- \"Get model details?\" -> GET /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2}\n- \"Update a model?\" -> PUT /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2}\n- \"Delete a model?\" -> DELETE /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2}\n- \"Get client-scope details?\" -> GET /{realm}/client-scopes/{id}\n- \"Update a client-scope?\" -> PUT /{realm}/client-scopes/{id}\n- \"Delete a client-scope?\" -> DELETE /{realm}/client-scopes/{id}\n- \"Create a add-model?\" -> POST /{realm}/client-scopes/{id}/protocol-mappers/add-models\n- \"List all models?\" -> GET /{realm}/client-scopes/{id}/protocol-mappers/models\n- \"Create a model?\" -> POST /{realm}/client-scopes/{id}/protocol-mappers/models\n- \"Get protocol details?\" -> GET /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol}\n- \"List all scope-mappings?\" -> GET /{realm}/client-scopes/{id}/scope-mappings\n- \"Get client details?\" -> GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}\n- \"Delete a client?\" -> DELETE /{realm}/client-scopes/{id}/scope-mappings/clients/{client}\n- \"List all available?\" -> GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available\n- \"List all composite?\" -> GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite\n- \"List all realm?\" -> GET /{realm}/client-scopes/{id}/scope-mappings/realm\n- \"Create a realm?\" -> POST /{realm}/client-scopes/{id}/scope-mappings/realm\n- \"List all client-session-stats?\" -> GET /{realm}/client-session-stats\n- \"Search clients?\" -> GET /{realm}/clients\n- \"Create a client?\" -> POST /{realm}/clients\n- \"List all clients-initial-access?\" -> GET /{realm}/clients-initial-access\n- \"Create a clients-initial-access?\" -> POST /{realm}/clients-initial-access\n- \"Delete a clients-initial-access?\" -> DELETE /{realm}/clients-initial-access/{id}\n- \"Update a client?\" -> PUT /{realm}/clients/{id}\n- \"Get certificate details?\" -> GET /{realm}/clients/{id}/certificates/{attr}\n- \"Create a download?\" -> POST /{realm}/clients/{id}/certificates/{attr}/download\n- \"Create a generate?\" -> POST /{realm}/clients/{id}/certificates/{attr}/generate\n- \"Create a generate-and-download?\" -> POST /{realm}/clients/{id}/certificates/{attr}/generate-and-download\n- \"Create a upload?\" -> POST /{realm}/clients/{id}/certificates/{attr}/upload\n- \"Create a upload-certificate?\" -> POST /{realm}/clients/{id}/certificates/{attr}/upload-certificate\n- \"List all client-secret?\" -> GET /{realm}/clients/{id}/client-secret\n- \"Create a client-secret?\" -> POST /{realm}/clients/{id}/client-secret\n- \"List all default-client-scopes?\" -> GET /{realm}/clients/{id}/default-client-scopes\n- \"Update a default-client-scope?\" -> PUT /{realm}/clients/{id}/default-client-scopes/{clientScopeId}\n- \"Delete a default-client-scope?\" -> DELETE /{realm}/clients/{id}/default-client-scopes/{clientScopeId}\n- \"List all generate-example-access-token?\" -> GET /{realm}/clients/{id}/evaluate-scopes/generate-example-access-token\n- \"List all protocol-mappers?\" -> GET /{realm}/clients/{id}/evaluate-scopes/protocol-mappers\n- \"List all granted?\" -> GET /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted\n- \"List all not-granted?\" -> GET /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted\n- \"Get provider details?\" -> GET /{realm}/clients/{id}/installation/providers/{providerId}\n- \"List all permissions?\" -> GET /{realm}/clients/{id}/management/permissions\n- \"Create a node?\" -> POST /{realm}/clients/{id}/nodes\n- \"Delete a node?\" -> DELETE /{realm}/clients/{id}/nodes/{node}\n- \"List all offline-session-count?\" -> GET /{realm}/clients/{id}/offline-session-count\n- \"List all offline-sessions?\" -> GET /{realm}/clients/{id}/offline-sessions\n- \"List all optional-client-scopes?\" -> GET /{realm}/clients/{id}/optional-client-scopes\n- \"Update a optional-client-scope?\" -> PUT /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}\n- \"Delete a optional-client-scope?\" -> DELETE /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}\n- \"Create a push-revocation?\" -> POST /{realm}/clients/{id}/push-revocation\n- \"Create a registration-access-token?\" -> POST /{realm}/clients/{id}/registration-access-token\n- \"Search roles?\" -> GET /{realm}/clients/{id}/roles\n- \"Create a role?\" -> POST /{realm}/clients/{id}/roles\n- \"Get role details?\" -> GET /{realm}/clients/{id}/roles/{role-name}\n- \"Update a role?\" -> PUT /{realm}/clients/{id}/roles/{role-name}\n- \"Delete a role?\" -> DELETE /{realm}/clients/{id}/roles/{role-name}\n- \"List all composites?\" -> GET /{realm}/clients/{id}/roles/{role-name}/composites\n- \"Create a composite?\" -> POST /{realm}/clients/{id}/roles/{role-name}/composites\n- \"List all groups?\" -> GET /{realm}/clients/{id}/roles/{role-name}/groups\n- \"List all users?\" -> GET /{realm}/clients/{id}/roles/{role-name}/users\n- \"List all service-account-user?\" -> GET /{realm}/clients/{id}/service-account-user\n- \"List all session-count?\" -> GET /{realm}/clients/{id}/session-count\n- \"List all test-nodes-available?\" -> GET /{realm}/clients/{id}/test-nodes-available\n- \"List all user-sessions?\" -> GET /{realm}/clients/{id}/user-sessions\n- \"List all components?\" -> GET /{realm}/components\n- \"Create a component?\" -> POST /{realm}/components\n- \"Get component details?\" -> GET /{realm}/components/{id}\n- \"Update a component?\" -> PUT /{realm}/components/{id}\n- \"Delete a component?\" -> DELETE /{realm}/components/{id}\n- \"List all sub-component-types?\" -> GET /{realm}/components/{id}/sub-component-types\n- \"List all credential-registrators?\" -> GET /{realm}/credential-registrators\n- \"List all default-default-client-scopes?\" -> GET /{realm}/default-default-client-scopes\n- \"Update a default-default-client-scope?\" -> PUT /{realm}/default-default-client-scopes/{clientScopeId}\n- \"Delete a default-default-client-scope?\" -> DELETE /{realm}/default-default-client-scopes/{clientScopeId}\n- \"List all default-groups?\" -> GET /{realm}/default-groups\n- \"Update a default-group?\" -> PUT /{realm}/default-groups/{groupId}\n- \"Delete a default-group?\" -> DELETE /{realm}/default-groups/{groupId}\n- \"List all default-optional-client-scopes?\" -> GET /{realm}/default-optional-client-scopes\n- \"Update a default-optional-client-scope?\" -> PUT /{realm}/default-optional-client-scopes/{clientScopeId}\n- \"Delete a default-optional-client-scope?\" -> DELETE /{realm}/default-optional-client-scopes/{clientScopeId}\n- \"List all events?\" -> GET /{realm}/events\n- \"List all config?\" -> GET /{realm}/events/config\n- \"Get group-by-path details?\" -> GET /{realm}/group-by-path/{path}\n- \"Search groups?\" -> GET /{realm}/groups\n- \"Create a group?\" -> POST /{realm}/groups\n- \"Search count?\" -> GET /{realm}/groups/count\n- \"Get group details?\" -> GET /{realm}/groups/{id}\n- \"Update a group?\" -> PUT /{realm}/groups/{id}\n- \"Delete a group?\" -> DELETE /{realm}/groups/{id}\n- \"Create a children?\" -> POST /{realm}/groups/{id}/children\n- \"List all members?\" -> GET /{realm}/groups/{id}/members\n- \"List all role-mappings?\" -> GET /{realm}/groups/{id}/role-mappings\n- \"Create a import-config?\" -> POST /{realm}/identity-provider/import-config\n- \"List all instances?\" -> GET /{realm}/identity-provider/instances\n- \"Create a instance?\" -> POST /{realm}/identity-provider/instances\n- \"Get instance details?\" -> GET /{realm}/identity-provider/instances/{alias}\n- \"Update a instance?\" -> PUT /{realm}/identity-provider/instances/{alias}\n- \"Delete a instance?\" -> DELETE /{realm}/identity-provider/instances/{alias}\n- \"List all export?\" -> GET /{realm}/identity-provider/instances/{alias}/export\n- \"List all mapper-types?\" -> GET /{realm}/identity-provider/instances/{alias}/mapper-types\n- \"List all mappers?\" -> GET /{realm}/identity-provider/instances/{alias}/mappers\n- \"Create a mapper?\" -> POST /{realm}/identity-provider/instances/{alias}/mappers\n- \"Get mapper details?\" -> GET /{realm}/identity-provider/instances/{alias}/mappers/{id}\n- \"Update a mapper?\" -> PUT /{realm}/identity-provider/instances/{alias}/mappers/{id}\n- \"Delete a mapper?\" -> DELETE /{realm}/identity-provider/instances/{alias}/mappers/{id}\n- \"List all keys?\" -> GET /{realm}/keys\n- \"Create a logout-all?\" -> POST /{realm}/logout-all\n- \"Create a partial-export?\" -> POST /{realm}/partial-export\n- \"Create a partialImport?\" -> POST /{realm}/partialImport\n- \"Get roles-by-id details?\" -> GET /{realm}/roles-by-id/{role-id}\n- \"Update a roles-by-id?\" -> PUT /{realm}/roles-by-id/{role-id}\n- \"Delete a roles-by-id?\" -> DELETE /{realm}/roles-by-id/{role-id}\n- \"Delete a session?\" -> DELETE /{realm}/sessions/{session}\n- \"Create a testLDAPConnection?\" -> POST /{realm}/testLDAPConnection\n- \"Create a testSMTPConnection?\" -> POST /{realm}/testSMTPConnection\n- \"Create a remove-imported-user?\" -> POST /{realm}/user-storage/{id}/remove-imported-users\n- \"Create a sync?\" -> POST /{realm}/user-storage/{id}/sync\n- \"Create a unlink-user?\" -> POST /{realm}/user-storage/{id}/unlink-users\n- \"Search users?\" -> GET /{realm}/users\n- \"Create a user?\" -> POST /{realm}/users\n- \"List all users-management-permissions?\" -> GET /{realm}/users-management-permissions\n- \"Update a user?\" -> PUT /{realm}/users/{id}\n- \"List all configured-user-storage-credential-types?\" -> GET /{realm}/users/{id}/configured-user-storage-credential-types\n- \"List all consents?\" -> GET /{realm}/users/{id}/consents\n- \"Delete a consent?\" -> DELETE /{realm}/users/{id}/consents/{client}\n- \"List all credentials?\" -> GET /{realm}/users/{id}/credentials\n- \"Delete a credential?\" -> DELETE /{realm}/users/{id}/credentials/{credentialId}\n- \"Create a moveToFirst?\" -> POST /{realm}/users/{id}/credentials/{credentialId}/moveToFirst\n- \"List all federated-identity?\" -> GET /{realm}/users/{id}/federated-identity\n- \"Delete a federated-identity?\" -> DELETE /{realm}/users/{id}/federated-identity/{provider}\n- \"Create a impersonation?\" -> POST /{realm}/users/{id}/impersonation\n- \"Create a logout?\" -> POST /{realm}/users/{id}/logout\n- \"Get offline-session details?\" -> GET /{realm}/users/{id}/offline-sessions/{clientId}\n- \"List all sessions?\" -> GET /{realm}/users/{id}/sessions\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api Keycloak Admin REST API\n@version 1\n@auth Bearer bearer\n@endpoints 281\n@hint download_for_search\n@toc root(2), {id}(1), {realm}(278)\n\n@group root\n@endpoint GET /\n@desc Get themes, social providers, auth providers, and event listeners available on this server\n@returns(2XX) {builtinProtocolMappers: map, clientImporters: [map], clientInstallations: map, componentTypes: map, enums: map, identityProviders: [map], memoryInfo: map{free: int(int64), freeFormated: str, freePercentage: int(int64), total: int(int64), totalFormated: str, used: int(int64), usedFormated: str}, passwordPolicies: [map], profileInfo: map{disabledFeatures: [str], experimentalFeatures: [str], name: str, previewFeatures: [str]}, protocolMapperTypes: map, providers: map, socialProviders: [map], systemInfo: map{fileEncoding: str, javaHome: str, javaRuntime: str, javaVendor: str, javaVersion: str, javaVm: str, javaVmVersion: str, osArchitecture: str, osName: str, osVersion: str, serverTime: str, uptime: str, uptimeMillis: int(int64), userDir: str, userLocale: str, userName: str, userTimezone: str, version: str}, themes: map} # success\n\n@endpoint POST /\n@desc Import a realm   Imports a realm from a full representation of that realm.\n@optional {accessCodeLifespan: int(int32), accessCodeLifespanLogin: int(int32), accessCodeLifespanUserAction: int(int32), accessTokenLifespan: int(int32), accessTokenLifespanForImplicitFlow: int(int32), accountTheme: str, actionTokenGeneratedByAdminLifespan: int(int32), actionTokenGeneratedByUserLifespan: int(int32), adminEventsDetailsEnabled: bool, adminEventsEnabled: bool, adminTheme: str, attributes: map, authenticationFlows: [map{alias: str, authenticationExecutions: [map], builtIn: bool, description: str, id: str, providerId: str, topLevel: bool}], authenticatorConfig: [map{alias: str, config: map, id: str}], browserFlow: str, browserSecurityHeaders: map, bruteForceProtected: bool, clientAuthenticationFlow: str, clientScopeMappings: map, clientScopes: [map{attributes: map, description: str, id: str, name: str, protocol: str, protocolMappers: [map]}], clientSessionIdleTimeout: int(int32), clientSessionMaxLifespan: int(int32), clients: [map{access: map, adminUrl: str, alwaysDisplayInConsole: bool, attributes: map, authenticationFlowBindingOverrides: map, authorizationServicesEnabled: bool, authorizationSettings: map, baseUrl: str, bearerOnly: bool, clientAuthenticatorType: str, clientId: str, consentRequired: bool, defaultClientScopes: [str], defaultRoles: [str], description: str, directAccessGrantsEnabled: bool, enabled: bool, frontchannelLogout: bool, fullScopeAllowed: bool, id: str, implicitFlowEnabled: bool, name: str, nodeReRegistrationTimeout: int(int32), notBefore: int(int32), optionalClientScopes: [str], origin: str, protocol: str, protocolMappers: [map], publicClient: bool, redirectUris: [str], registeredNodes: map, registrationAccessToken: str, rootUrl: str, secret: str, serviceAccountsEnabled: bool, standardFlowEnabled: bool, surrogateAuthRequired: bool, webOrigins: [str]}], components: map{empty: bool, loadFactor: num(float), threshold: int(int32)}, defaultDefaultClientScopes: [str], defaultGroups: [str], defaultLocale: str, defaultOptionalClientScopes: [str], defaultRoles: [str], defaultSignatureAlgorithm: str, directGrantFlow: str, displayName: str, displayNameHtml: str, dockerAuthenticationFlow: str, duplicateEmailsAllowed: bool, editUsernameAllowed: bool, emailTheme: str, enabled: bool, enabledEventTypes: [str], eventsEnabled: bool, eventsExpiration: int(int64), eventsListeners: [str], failureFactor: int(int32), federatedUsers: [map{access: map, attributes: map, clientConsents: [map], clientRoles: map, createdTimestamp: int(int64), credentials: [map], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str}], groups: [map{access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map]}], id: str, identityProviderMappers: [map{config: map, id: str, identityProviderAlias: str, identityProviderMapper: str, name: str}], identityProviders: [map{addReadTokenRoleOnCreate: bool, alias: str, config: map, displayName: str, enabled: bool, firstBrokerLoginFlowAlias: str, internalId: str, linkOnly: bool, postBrokerLoginFlowAlias: str, providerId: str, storeToken: bool, trustEmail: bool}], internationalizationEnabled: bool, keycloakVersion: str, loginTheme: str, loginWithEmailAllowed: bool, maxDeltaTimeSeconds: int(int32), maxFailureWaitSeconds: int(int32), minimumQuickLoginWaitSeconds: int(int32), notBefore: int(int32), offlineSessionIdleTimeout: int(int32), offlineSessionMaxLifespan: int(int32), offlineSessionMaxLifespanEnabled: bool, otpPolicyAlgorithm: str, otpPolicyDigits: int(int32), otpPolicyInitialCounter: int(int32), otpPolicyLookAheadWindow: int(int32), otpPolicyPeriod: int(int32), otpPolicyType: str, otpSupportedApplications: [str], passwordPolicy: str, permanentLockout: bool, protocolMappers: [map{config: map, id: str, name: str, protocol: str, protocolMapper: str}], quickLoginCheckMilliSeconds: int(int64), realm: str, refreshTokenMaxReuse: int(int32), registrationAllowed: bool, registrationEmailAsUsername: bool, registrationFlow: str, rememberMe: bool, requiredActions: [map{alias: str, config: map, defaultAction: bool, enabled: bool, name: str, priority: int(int32), providerId: str}], resetCredentialsFlow: str, resetPasswordAllowed: bool, revokeRefreshToken: bool, roles: map{client: map, realm: [map]}, scopeMappings: [map{client: str, clientScope: str, roles: [str], self: str}], smtpServer: map, sslRequired: str, ssoSessionIdleTimeout: int(int32), ssoSessionIdleTimeoutRememberMe: int(int32), ssoSessionMaxLifespan: int(int32), ssoSessionMaxLifespanRememberMe: int(int32), supportedLocales: [str], userFederationMappers: [map{config: map, federationMapperType: str, federationProviderDisplayName: str, id: str, name: str}], userFederationProviders: [map{changedSyncPeriod: int(int32), config: map, displayName: str, fullSyncPeriod: int(int32), id: str, lastSync: int(int32), priority: int(int32), providerName: str}], userManagedAccessAllowed: bool, users: [map{access: map, attributes: map, clientConsents: [map], clientRoles: map, createdTimestamp: int(int64), credentials: [map], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str}], verifyEmail: bool, waitIncrementSeconds: int(int32), webAuthnPolicyAcceptableAaguids: [str], webAuthnPolicyAttestationConveyancePreference: str, webAuthnPolicyAuthenticatorAttachment: str, webAuthnPolicyAvoidSameAuthenticatorRegister: bool, webAuthnPolicyCreateTimeout: int(int32), webAuthnPolicyPasswordlessAcceptableAaguids: [str], webAuthnPolicyPasswordlessAttestationConveyancePreference: str, webAuthnPolicyPasswordlessAuthenticatorAttachment: str, webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: bool, webAuthnPolicyPasswordlessCreateTimeout: int(int32), webAuthnPolicyPasswordlessRequireResidentKey: str, webAuthnPolicyPasswordlessRpEntityName: str, webAuthnPolicyPasswordlessRpId: str, webAuthnPolicyPasswordlessSignatureAlgorithms: [str], webAuthnPolicyPasswordlessUserVerificationRequirement: str, webAuthnPolicyRequireResidentKey: str, webAuthnPolicyRpEntityName: str, webAuthnPolicyRpId: str, webAuthnPolicySignatureAlgorithms: [str], webAuthnPolicyUserVerificationRequirement: str}\n@returns(2XX) success\n\n@endgroup\n\n@group {id}\n@endpoint GET /{id}/name\n@desc Need this for admin console to display simple name of provider when displaying client detail   KEYCLOAK-4328\n@returns(2XX) success\n\n@endgroup\n\n@group {realm}\n@endpoint GET /{realm}\n@desc Get the top-level representation of the realm   It will not include nested information like User and Client representations.\n@returns(2XX) {accessCodeLifespan: int(int32), accessCodeLifespanLogin: int(int32), accessCodeLifespanUserAction: int(int32), accessTokenLifespan: int(int32), accessTokenLifespanForImplicitFlow: int(int32), accountTheme: str, actionTokenGeneratedByAdminLifespan: int(int32), actionTokenGeneratedByUserLifespan: int(int32), adminEventsDetailsEnabled: bool, adminEventsEnabled: bool, adminTheme: str, attributes: map, authenticationFlows: [map], authenticatorConfig: [map], browserFlow: str, browserSecurityHeaders: map, bruteForceProtected: bool, clientAuthenticationFlow: str, clientScopeMappings: map, clientScopes: [map], clientSessionIdleTimeout: int(int32), clientSessionMaxLifespan: int(int32), clients: [map], components: map{empty: bool, loadFactor: num(float), threshold: int(int32)}, defaultDefaultClientScopes: [str], defaultGroups: [str], defaultLocale: str, defaultOptionalClientScopes: [str], defaultRoles: [str], defaultSignatureAlgorithm: str, directGrantFlow: str, displayName: str, displayNameHtml: str, dockerAuthenticationFlow: str, duplicateEmailsAllowed: bool, editUsernameAllowed: bool, emailTheme: str, enabled: bool, enabledEventTypes: [str], eventsEnabled: bool, eventsExpiration: int(int64), eventsListeners: [str], failureFactor: int(int32), federatedUsers: [map], groups: [map], id: str, identityProviderMappers: [map], identityProviders: [map], internationalizationEnabled: bool, keycloakVersion: str, loginTheme: str, loginWithEmailAllowed: bool, maxDeltaTimeSeconds: int(int32), maxFailureWaitSeconds: int(int32), minimumQuickLoginWaitSeconds: int(int32), notBefore: int(int32), offlineSessionIdleTimeout: int(int32), offlineSessionMaxLifespan: int(int32), offlineSessionMaxLifespanEnabled: bool, otpPolicyAlgorithm: str, otpPolicyDigits: int(int32), otpPolicyInitialCounter: int(int32), otpPolicyLookAheadWindow: int(int32), otpPolicyPeriod: int(int32), otpPolicyType: str, otpSupportedApplications: [str], passwordPolicy: str, permanentLockout: bool, protocolMappers: [map], quickLoginCheckMilliSeconds: int(int64), realm: str, refreshTokenMaxReuse: int(int32), registrationAllowed: bool, registrationEmailAsUsername: bool, registrationFlow: str, rememberMe: bool, requiredActions: [map], resetCredentialsFlow: str, resetPasswordAllowed: bool, revokeRefreshToken: bool, roles: map{client: map, realm: [map]}, scopeMappings: [map], smtpServer: map, sslRequired: str, ssoSessionIdleTimeout: int(int32), ssoSessionIdleTimeoutRememberMe: int(int32), ssoSessionMaxLifespan: int(int32), ssoSessionMaxLifespanRememberMe: int(int32), supportedLocales: [str], userFederationMappers: [map], userFederationProviders: [map], userManagedAccessAllowed: bool, users: [map], verifyEmail: bool, waitIncrementSeconds: int(int32), webAuthnPolicyAcceptableAaguids: [str], webAuthnPolicyAttestationConveyancePreference: str, webAuthnPolicyAuthenticatorAttachment: str, webAuthnPolicyAvoidSameAuthenticatorRegister: bool, webAuthnPolicyCreateTimeout: int(int32), webAuthnPolicyPasswordlessAcceptableAaguids: [str], webAuthnPolicyPasswordlessAttestationConveyancePreference: str, webAuthnPolicyPasswordlessAuthenticatorAttachment: str, webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: bool, webAuthnPolicyPasswordlessCreateTimeout: int(int32), webAuthnPolicyPasswordlessRequireResidentKey: str, webAuthnPolicyPasswordlessRpEntityName: str, webAuthnPolicyPasswordlessRpId: str, webAuthnPolicyPasswordlessSignatureAlgorithms: [str], webAuthnPolicyPasswordlessUserVerificationRequirement: str, webAuthnPolicyRequireResidentKey: str, webAuthnPolicyRpEntityName: str, webAuthnPolicyRpId: str, webAuthnPolicySignatureAlgorithms: [str], webAuthnPolicyUserVerificationRequirement: str} # success\n\n@endpoint PUT /{realm}\n@desc Update the top-level information of the realm   Any user, roles or client information in the representation  will be ignored.\n@optional {accessCodeLifespan: int(int32), accessCodeLifespanLogin: int(int32), accessCodeLifespanUserAction: int(int32), accessTokenLifespan: int(int32), accessTokenLifespanForImplicitFlow: int(int32), accountTheme: str, actionTokenGeneratedByAdminLifespan: int(int32), actionTokenGeneratedByUserLifespan: int(int32), adminEventsDetailsEnabled: bool, adminEventsEnabled: bool, adminTheme: str, attributes: map, authenticationFlows: [map{alias: str, authenticationExecutions: [map], builtIn: bool, description: str, id: str, providerId: str, topLevel: bool}], authenticatorConfig: [map{alias: str, config: map, id: str}], browserFlow: str, browserSecurityHeaders: map, bruteForceProtected: bool, clientAuthenticationFlow: str, clientScopeMappings: map, clientScopes: [map{attributes: map, description: str, id: str, name: str, protocol: str, protocolMappers: [map]}], clientSessionIdleTimeout: int(int32), clientSessionMaxLifespan: int(int32), clients: [map{access: map, adminUrl: str, alwaysDisplayInConsole: bool, attributes: map, authenticationFlowBindingOverrides: map, authorizationServicesEnabled: bool, authorizationSettings: map, baseUrl: str, bearerOnly: bool, clientAuthenticatorType: str, clientId: str, consentRequired: bool, defaultClientScopes: [str], defaultRoles: [str], description: str, directAccessGrantsEnabled: bool, enabled: bool, frontchannelLogout: bool, fullScopeAllowed: bool, id: str, implicitFlowEnabled: bool, name: str, nodeReRegistrationTimeout: int(int32), notBefore: int(int32), optionalClientScopes: [str], origin: str, protocol: str, protocolMappers: [map], publicClient: bool, redirectUris: [str], registeredNodes: map, registrationAccessToken: str, rootUrl: str, secret: str, serviceAccountsEnabled: bool, standardFlowEnabled: bool, surrogateAuthRequired: bool, webOrigins: [str]}], components: map{empty: bool, loadFactor: num(float), threshold: int(int32)}, defaultDefaultClientScopes: [str], defaultGroups: [str], defaultLocale: str, defaultOptionalClientScopes: [str], defaultRoles: [str], defaultSignatureAlgorithm: str, directGrantFlow: str, displayName: str, displayNameHtml: str, dockerAuthenticationFlow: str, duplicateEmailsAllowed: bool, editUsernameAllowed: bool, emailTheme: str, enabled: bool, enabledEventTypes: [str], eventsEnabled: bool, eventsExpiration: int(int64), eventsListeners: [str], failureFactor: int(int32), federatedUsers: [map{access: map, attributes: map, clientConsents: [map], clientRoles: map, createdTimestamp: int(int64), credentials: [map], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str}], groups: [map{access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map]}], id: str, identityProviderMappers: [map{config: map, id: str, identityProviderAlias: str, identityProviderMapper: str, name: str}], identityProviders: [map{addReadTokenRoleOnCreate: bool, alias: str, config: map, displayName: str, enabled: bool, firstBrokerLoginFlowAlias: str, internalId: str, linkOnly: bool, postBrokerLoginFlowAlias: str, providerId: str, storeToken: bool, trustEmail: bool}], internationalizationEnabled: bool, keycloakVersion: str, loginTheme: str, loginWithEmailAllowed: bool, maxDeltaTimeSeconds: int(int32), maxFailureWaitSeconds: int(int32), minimumQuickLoginWaitSeconds: int(int32), notBefore: int(int32), offlineSessionIdleTimeout: int(int32), offlineSessionMaxLifespan: int(int32), offlineSessionMaxLifespanEnabled: bool, otpPolicyAlgorithm: str, otpPolicyDigits: int(int32), otpPolicyInitialCounter: int(int32), otpPolicyLookAheadWindow: int(int32), otpPolicyPeriod: int(int32), otpPolicyType: str, otpSupportedApplications: [str], passwordPolicy: str, permanentLockout: bool, protocolMappers: [map{config: map, id: str, name: str, protocol: str, protocolMapper: str}], quickLoginCheckMilliSeconds: int(int64), realm: str, refreshTokenMaxReuse: int(int32), registrationAllowed: bool, registrationEmailAsUsername: bool, registrationFlow: str, rememberMe: bool, requiredActions: [map{alias: str, config: map, defaultAction: bool, enabled: bool, name: str, priority: int(int32), providerId: str}], resetCredentialsFlow: str, resetPasswordAllowed: bool, revokeRefreshToken: bool, roles: map{client: map, realm: [map]}, scopeMappings: [map{client: str, clientScope: str, roles: [str], self: str}], smtpServer: map, sslRequired: str, ssoSessionIdleTimeout: int(int32), ssoSessionIdleTimeoutRememberMe: int(int32), ssoSessionMaxLifespan: int(int32), ssoSessionMaxLifespanRememberMe: int(int32), supportedLocales: [str], userFederationMappers: [map{config: map, federationMapperType: str, federationProviderDisplayName: str, id: str, name: str}], userFederationProviders: [map{changedSyncPeriod: int(int32), config: map, displayName: str, fullSyncPeriod: int(int32), id: str, lastSync: int(int32), priority: int(int32), providerName: str}], userManagedAccessAllowed: bool, users: [map{access: map, attributes: map, clientConsents: [map], clientRoles: map, createdTimestamp: int(int64), credentials: [map], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str}], verifyEmail: bool, waitIncrementSeconds: int(int32), webAuthnPolicyAcceptableAaguids: [str], webAuthnPolicyAttestationConveyancePreference: str, webAuthnPolicyAuthenticatorAttachment: str, webAuthnPolicyAvoidSameAuthenticatorRegister: bool, webAuthnPolicyCreateTimeout: int(int32), webAuthnPolicyPasswordlessAcceptableAaguids: [str], webAuthnPolicyPasswordlessAttestationConveyancePreference: str, webAuthnPolicyPasswordlessAuthenticatorAttachment: str, webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: bool, webAuthnPolicyPasswordlessCreateTimeout: int(int32), webAuthnPolicyPasswordlessRequireResidentKey: str, webAuthnPolicyPasswordlessRpEntityName: str, webAuthnPolicyPasswordlessRpId: str, webAuthnPolicyPasswordlessSignatureAlgorithms: [str], webAuthnPolicyPasswordlessUserVerificationRequirement: str, webAuthnPolicyRequireResidentKey: str, webAuthnPolicyRpEntityName: str, webAuthnPolicyRpId: str, webAuthnPolicySignatureAlgorithms: [str], webAuthnPolicyUserVerificationRequirement: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}\n@desc Delete the realm\n@returns(2XX) success\n\n@endpoint GET /{realm}/admin-events\n@desc Get admin events   Returns all admin events, or filters events based on URL query parameters listed here\n@optional {authClient: str, authIpAddress: str, authRealm: str, authUser: str # user id, dateFrom: str, dateTo: str, first: int(int32), max: int(int32) # Maximum results size (defaults to 100), operationTypes: [str], resourcePath: str, resourceTypes: [str]}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/admin-events\n@desc Delete all admin events\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/attack-detection/brute-force/users\n@desc Clear any user login failures for all users   This can release temporary disabled users\n@returns(2XX) success\n\n@endpoint GET /{realm}/attack-detection/brute-force/users/{userId}\n@desc Get status of a username in brute force detection\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/attack-detection/brute-force/users/{userId}\n@desc Clear any user login failures for the user   This can release temporary disabled user\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/authenticator-providers\n@desc Get authenticator providers   Returns a list of authenticator providers.\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/client-authenticator-providers\n@desc Get client authenticator providers   Returns a list of client authenticator providers.\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/config-description/{providerId}\n@desc Get authenticator provider’s configuration description\n@returns(2XX) {helpText: str, name: str, properties: [map], providerId: str} # success\n\n@endpoint GET /{realm}/authentication/config/{id}\n@desc Get authenticator configuration\n@returns(2XX) {alias: str, config: map, id: str} # success\n\n@endpoint PUT /{realm}/authentication/config/{id}\n@desc Update authenticator configuration\n@optional {alias: str, config: map, id: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/authentication/config/{id}\n@desc Delete authenticator configuration\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/executions\n@desc Add new authentication execution\n@optional {authenticator: str, authenticatorConfig: str, authenticatorFlow: bool, autheticatorFlow: bool, flowId: str, id: str, parentFlow: str, priority: int(int32), requirement: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/executions/{executionId}\n@desc Get Single Execution\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/authentication/executions/{executionId}\n@desc Delete execution\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/executions/{executionId}/config\n@desc Update execution with new configuration\n@optional {alias: str, config: map, id: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/executions/{executionId}/lower-priority\n@desc Lower execution’s priority\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/executions/{executionId}/raise-priority\n@desc Raise execution’s priority\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/flows\n@desc Get authentication flows   Returns a list of authentication flows.\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/flows\n@desc Create a new authentication flow\n@optional {alias: str, authenticationExecutions: [map{authenticator: str, authenticatorConfig: str, authenticatorFlow: bool, autheticatorFlow: bool, flowAlias: str, priority: int(int32), requirement: str, userSetupAllowed: bool}], builtIn: bool, description: str, id: str, providerId: str, topLevel: bool}\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/flows/{flowAlias}/copy\n@desc Copy existing authentication flow under a new name   The new name is given as 'newName' attribute of the passed JSON object\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/flows/{flowAlias}/executions\n@desc Get authentication executions for a flow\n@returns(2XX) success\n\n@endpoint PUT /{realm}/authentication/flows/{flowAlias}/executions\n@desc Update authentication executions of a flow\n@optional {alias: str, authenticationConfig: str, authenticationFlow: bool, configurable: bool, displayName: str, flowId: str, id: str, index: int(int32), level: int(int32), providerId: str, requirement: str, requirementChoices: [str]}\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/flows/{flowAlias}/executions/execution\n@desc Add new authentication execution to a flow\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/flows/{flowAlias}/executions/flow\n@desc Add new flow with new execution to existing flow\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/flows/{id}\n@desc Get authentication flow for id\n@returns(2XX) {alias: str, authenticationExecutions: [map], builtIn: bool, description: str, id: str, providerId: str, topLevel: bool} # success\n\n@endpoint PUT /{realm}/authentication/flows/{id}\n@desc Update an authentication flow\n@optional {alias: str, authenticationExecutions: [map{authenticator: str, authenticatorConfig: str, authenticatorFlow: bool, autheticatorFlow: bool, flowAlias: str, priority: int(int32), requirement: str, userSetupAllowed: bool}], builtIn: bool, description: str, id: str, providerId: str, topLevel: bool}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/authentication/flows/{id}\n@desc Delete an authentication flow\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/form-action-providers\n@desc Get form action providers   Returns a list of form action providers.\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/form-providers\n@desc Get form providers   Returns a list of form providers.\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/per-client-config-description\n@desc Get configuration descriptions for all clients\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/register-required-action\n@desc Register a new required actions\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/required-actions\n@desc Get required actions   Returns a list of required actions.\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/required-actions/{alias}\n@desc Get required action for alias\n@returns(2XX) {alias: str, config: map, defaultAction: bool, enabled: bool, name: str, priority: int(int32), providerId: str} # success\n\n@endpoint PUT /{realm}/authentication/required-actions/{alias}\n@desc Update required action\n@optional {alias: str, config: map, defaultAction: bool, enabled: bool, name: str, priority: int(int32), providerId: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/authentication/required-actions/{alias}\n@desc Delete required action\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/required-actions/{alias}/lower-priority\n@desc Lower required action’s priority\n@returns(2XX) success\n\n@endpoint POST /{realm}/authentication/required-actions/{alias}/raise-priority\n@desc Raise required action’s priority\n@returns(2XX) success\n\n@endpoint GET /{realm}/authentication/unregistered-required-actions\n@desc Get unregistered required actions   Returns a list of unregistered required actions.\n@returns(2XX) success\n\n@endpoint POST /{realm}/clear-keys-cache\n@desc Clear cache of external public keys (Public keys of clients or Identity providers)\n@returns(2XX) success\n\n@endpoint POST /{realm}/clear-realm-cache\n@desc Clear realm cache\n@returns(2XX) success\n\n@endpoint POST /{realm}/clear-user-cache\n@desc Clear user cache\n@returns(2XX) success\n\n@endpoint POST /{realm}/client-description-converter\n@desc Base path for importing clients under this realm.\n@returns(2XX) {access: map, adminUrl: str, alwaysDisplayInConsole: bool, attributes: map, authenticationFlowBindingOverrides: map, authorizationServicesEnabled: bool, authorizationSettings: map{allowRemoteResourceManagement: bool, clientId: str, decisionStrategy: str, id: str, name: str, policies: [map], policyEnforcementMode: str, resources: [map], scopes: [map]}, baseUrl: str, bearerOnly: bool, clientAuthenticatorType: str, clientId: str, consentRequired: bool, defaultClientScopes: [str], defaultRoles: [str], description: str, directAccessGrantsEnabled: bool, enabled: bool, frontchannelLogout: bool, fullScopeAllowed: bool, id: str, implicitFlowEnabled: bool, name: str, nodeReRegistrationTimeout: int(int32), notBefore: int(int32), optionalClientScopes: [str], origin: str, protocol: str, protocolMappers: [map], publicClient: bool, redirectUris: [str], registeredNodes: map, registrationAccessToken: str, rootUrl: str, secret: str, serviceAccountsEnabled: bool, standardFlowEnabled: bool, surrogateAuthRequired: bool, webOrigins: [str]} # success\n\n@endpoint GET /{realm}/client-registration-policy/providers\n@desc Base path for retrieve providers with the configProperties properly filled\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes\n@desc Get client scopes belonging to the realm   Returns a list of client scopes belonging to the realm\n@returns(2XX) success\n\n@endpoint POST /{realm}/client-scopes\n@desc Create a new client scope   Client Scope’s name must be unique!\n@optional {attributes: map, description: str, id: str, name: str, protocol: str, protocolMappers: [map{config: map, id: str, name: str, protocol: str, protocolMapper: str}]}\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2}\n@desc Get mapper by id\n@returns(2XX) {config: map, id: str, name: str, protocol: str, protocolMapper: str} # success\n\n@endpoint PUT /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2}\n@desc Update the mapper\n@optional {config: map, id: str, name: str, protocol: str, protocolMapper: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/client-scopes/{id1}/protocol-mappers/models/{id2}\n@desc Delete the mapper\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}\n@desc Get representation of the client scope\n@returns(2XX) {attributes: map, description: str, id: str, name: str, protocol: str, protocolMappers: [map]} # success\n\n@endpoint PUT /{realm}/client-scopes/{id}\n@desc Update the client scope\n@optional {attributes: map, description: str, id: str, name: str, protocol: str, protocolMappers: [map{config: map, id: str, name: str, protocol: str, protocolMapper: str}]}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/client-scopes/{id}\n@desc Delete the client scope\n@returns(2XX) success\n\n@endpoint POST /{realm}/client-scopes/{id}/protocol-mappers/add-models\n@desc Create multiple mappers\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}/protocol-mappers/models\n@desc Get mappers\n@returns(2XX) success\n\n@endpoint POST /{realm}/client-scopes/{id}/protocol-mappers/models\n@desc Create a mapper\n@optional {config: map, id: str, name: str, protocol: str, protocolMapper: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}/protocol-mappers/protocol/{protocol}\n@desc Get mappers by name for a specific protocol\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}/scope-mappings\n@desc Get all scope mappings for the client\n@returns(2XX) {clientMappings: map, realmMappings: [map]} # success\n\n@endpoint GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}\n@desc Get the roles associated with a client’s scope   Returns roles for the client.\n@returns(2XX) success\n\n@endpoint POST /{realm}/client-scopes/{id}/scope-mappings/clients/{client}\n@desc Add client-level roles to the client’s scope\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/client-scopes/{id}/scope-mappings/clients/{client}\n@desc Remove client-level roles from the client’s scope.\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/available\n@desc The available client-level roles   Returns the roles for the client that can be associated with the client’s scope\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}/scope-mappings/clients/{client}/composite\n@desc Get effective client roles   Returns the roles for the client that are associated with the client’s scope.\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}/scope-mappings/realm\n@desc Get realm-level roles associated with the client’s scope\n@returns(2XX) success\n\n@endpoint POST /{realm}/client-scopes/{id}/scope-mappings/realm\n@desc Add a set of realm-level roles to the client’s scope\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/client-scopes/{id}/scope-mappings/realm\n@desc Remove a set of realm-level roles from the client’s scope\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}/scope-mappings/realm/available\n@desc Get realm-level roles that are available to attach to this client’s scope\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-scopes/{id}/scope-mappings/realm/composite\n@desc Get effective realm-level roles associated with the client’s scope   What this does is recurse  any composite roles associated with the client’s scope and adds the roles to this lists.\n@returns(2XX) success\n\n@endpoint GET /{realm}/client-session-stats\n@desc Get client session stats   Returns a JSON map.\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients\n@desc Get clients belonging to the realm   Returns a list of clients belonging to the realm\n@optional {clientId: str # filter by clientId, first: int(int32) # the first result, max: int(int32) # the max results to return, search: bool # whether this is a search query or a getClientById query, viewableOnly: bool # filter clients that cannot be viewed in full by admin}\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients\n@desc Create a new client   Client’s client_id must be unique!\n@optional {access: map, adminUrl: str, alwaysDisplayInConsole: bool, attributes: map, authenticationFlowBindingOverrides: map, authorizationServicesEnabled: bool, authorizationSettings: map{allowRemoteResourceManagement: bool, clientId: str, decisionStrategy: str, id: str, name: str, policies: [map], policyEnforcementMode: str, resources: [map], scopes: [map]}, baseUrl: str, bearerOnly: bool, clientAuthenticatorType: str, clientId: str, consentRequired: bool, defaultClientScopes: [str], defaultRoles: [str], description: str, directAccessGrantsEnabled: bool, enabled: bool, frontchannelLogout: bool, fullScopeAllowed: bool, id: str, implicitFlowEnabled: bool, name: str, nodeReRegistrationTimeout: int(int32), notBefore: int(int32), optionalClientScopes: [str], origin: str, protocol: str, protocolMappers: [map{config: map, id: str, name: str, protocol: str, protocolMapper: str}], publicClient: bool, redirectUris: [str], registeredNodes: map, registrationAccessToken: str, rootUrl: str, secret: str, serviceAccountsEnabled: bool, standardFlowEnabled: bool, surrogateAuthRequired: bool, webOrigins: [str]}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients-initial-access\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients-initial-access\n@desc Create a new initial access token.\n@optional {count: int(int32), expiration: int(int32)}\n@returns(2XX) {count: int(int32), expiration: int(int32), id: str, remainingCount: int(int32), timestamp: int(int32), token: str} # success\n\n@endpoint DELETE /{realm}/clients-initial-access/{id}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id1}/protocol-mappers/models/{id2}\n@desc Get mapper by id\n@returns(2XX) {config: map, id: str, name: str, protocol: str, protocolMapper: str} # success\n\n@endpoint PUT /{realm}/clients/{id1}/protocol-mappers/models/{id2}\n@desc Update the mapper\n@optional {config: map, id: str, name: str, protocol: str, protocolMapper: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id1}/protocol-mappers/models/{id2}\n@desc Delete the mapper\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}\n@desc Get representation of the client\n@returns(2XX) {access: map, adminUrl: str, alwaysDisplayInConsole: bool, attributes: map, authenticationFlowBindingOverrides: map, authorizationServicesEnabled: bool, authorizationSettings: map{allowRemoteResourceManagement: bool, clientId: str, decisionStrategy: str, id: str, name: str, policies: [map], policyEnforcementMode: str, resources: [map], scopes: [map]}, baseUrl: str, bearerOnly: bool, clientAuthenticatorType: str, clientId: str, consentRequired: bool, defaultClientScopes: [str], defaultRoles: [str], description: str, directAccessGrantsEnabled: bool, enabled: bool, frontchannelLogout: bool, fullScopeAllowed: bool, id: str, implicitFlowEnabled: bool, name: str, nodeReRegistrationTimeout: int(int32), notBefore: int(int32), optionalClientScopes: [str], origin: str, protocol: str, protocolMappers: [map], publicClient: bool, redirectUris: [str], registeredNodes: map, registrationAccessToken: str, rootUrl: str, secret: str, serviceAccountsEnabled: bool, standardFlowEnabled: bool, surrogateAuthRequired: bool, webOrigins: [str]} # success\n\n@endpoint PUT /{realm}/clients/{id}\n@desc Update the client\n@optional {access: map, adminUrl: str, alwaysDisplayInConsole: bool, attributes: map, authenticationFlowBindingOverrides: map, authorizationServicesEnabled: bool, authorizationSettings: map{allowRemoteResourceManagement: bool, clientId: str, decisionStrategy: str, id: str, name: str, policies: [map], policyEnforcementMode: str, resources: [map], scopes: [map]}, baseUrl: str, bearerOnly: bool, clientAuthenticatorType: str, clientId: str, consentRequired: bool, defaultClientScopes: [str], defaultRoles: [str], description: str, directAccessGrantsEnabled: bool, enabled: bool, frontchannelLogout: bool, fullScopeAllowed: bool, id: str, implicitFlowEnabled: bool, name: str, nodeReRegistrationTimeout: int(int32), notBefore: int(int32), optionalClientScopes: [str], origin: str, protocol: str, protocolMappers: [map{config: map, id: str, name: str, protocol: str, protocolMapper: str}], publicClient: bool, redirectUris: [str], registeredNodes: map, registrationAccessToken: str, rootUrl: str, secret: str, serviceAccountsEnabled: bool, standardFlowEnabled: bool, surrogateAuthRequired: bool, webOrigins: [str]}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id}\n@desc Delete the client\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/certificates/{attr}\n@desc Get key info\n@returns(2XX) {certificate: str, kid: str, privateKey: str, publicKey: str} # success\n\n@endpoint POST /{realm}/clients/{id}/certificates/{attr}/download\n@desc Get a keystore file for the client, containing private key and public certificate\n@optional {format: str, keyAlias: str, keyPassword: str, realmAlias: str, realmCertificate: bool, storePassword: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/certificates/{attr}/generate\n@desc Generate a new certificate with new key pair\n@returns(2XX) {certificate: str, kid: str, privateKey: str, publicKey: str} # success\n\n@endpoint POST /{realm}/clients/{id}/certificates/{attr}/generate-and-download\n@desc Generate a new keypair and certificate, and get the private key file   Generates a keypair and certificate and serves the private key in a specified keystore format.\n@optional {format: str, keyAlias: str, keyPassword: str, realmAlias: str, realmCertificate: bool, storePassword: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/certificates/{attr}/upload\n@desc Upload certificate and eventually private key\n@returns(2XX) {certificate: str, kid: str, privateKey: str, publicKey: str} # success\n\n@endpoint POST /{realm}/clients/{id}/certificates/{attr}/upload-certificate\n@desc Upload only certificate, not private key\n@returns(2XX) {certificate: str, kid: str, privateKey: str, publicKey: str} # success\n\n@endpoint GET /{realm}/clients/{id}/client-secret\n@desc Get the client secret\n@returns(2XX) {createdDate: int(int64), credentialData: str, id: str, priority: int(int32), secretData: str, temporary: bool, type: str, userLabel: str, value: str} # success\n\n@endpoint POST /{realm}/clients/{id}/client-secret\n@desc Generate a new secret for the client\n@returns(2XX) {createdDate: int(int64), credentialData: str, id: str, priority: int(int32), secretData: str, temporary: bool, type: str, userLabel: str, value: str} # success\n\n@endpoint GET /{realm}/clients/{id}/default-client-scopes\n@desc Get default client scopes.\n@returns(2XX) success\n\n@endpoint PUT /{realm}/clients/{id}/default-client-scopes/{clientScopeId}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id}/default-client-scopes/{clientScopeId}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/evaluate-scopes/generate-example-access-token\n@desc Create JSON with payload of example access token\n@optional {scope: str, userId: str}\n@returns(2XX) {acr: str, address: map{country: str, formatted: str, locality: str, postal_code: str, region: str, street_address: str}, allowed-origins: [str], at_hash: str, auth_time: int(int64), authorization: map{permissions: [map]}, azp: str, birthdate: str, c_hash: str, category: str, claims_locales: str, cnf: map{x5t#S256: str}, email: str, email_verified: bool, exp: int(int64), family_name: str, gender: str, given_name: str, iat: int(int64), iss: str, jti: str, locale: str, middle_name: str, name: str, nbf: int(int64), nickname: str, nonce: str, otherClaims: map, phone_number: str, phone_number_verified: bool, picture: str, preferred_username: str, profile: str, realm_access: map{roles: [str], verify_caller: bool}, s_hash: str, scope: str, session_state: str, sub: str, trusted-certs: [str], typ: str, updated_at: int(int64), website: str, zoneinfo: str} # success\n\n@endpoint GET /{realm}/clients/{id}/evaluate-scopes/protocol-mappers\n@desc Return list of all protocol mappers, which will be used when generating tokens issued for particular client.\n@optional {scope: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/granted\n@desc Get effective scope mapping of all roles of particular role container, which this client is defacto allowed to have in the accessToken issued for him.\n@optional {scope: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/evaluate-scopes/scope-mappings/{roleContainerId}/not-granted\n@desc Get roles, which this client doesn’t have scope for and can’t have them in the accessToken issued for him.\n@optional {scope: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/installation/providers/{providerId}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/management/permissions\n@desc Return object stating whether client Authorization permissions have been initialized or not and a reference\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint PUT /{realm}/clients/{id}/management/permissions\n@desc Return object stating whether client Authorization permissions have been initialized or not and a reference\n@optional {enabled: bool, resource: str, scopePermissions: map}\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint POST /{realm}/clients/{id}/nodes\n@desc Register a cluster node with the client   Manually register cluster node to this client - usually it’s not needed to call this directly as adapter should handle  by sending registration request to Keycloak\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id}/nodes/{node}\n@desc Unregister a cluster node from the client\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/offline-session-count\n@desc Get application offline session count   Returns a number of offline user sessions associated with this client   {      \"count\": number  }\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/offline-sessions\n@desc Get offline sessions for client   Returns a list of offline user sessions associated with this client\n@optional {first: int(int32) # Paging offset, max: int(int32) # Maximum results size (defaults to 100)}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/optional-client-scopes\n@desc Get optional client scopes.\n@returns(2XX) success\n\n@endpoint PUT /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id}/optional-client-scopes/{clientScopeId}\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/protocol-mappers/add-models\n@desc Create multiple mappers\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/protocol-mappers/models\n@desc Get mappers\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/protocol-mappers/models\n@desc Create a mapper\n@optional {config: map, id: str, name: str, protocol: str, protocolMapper: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/protocol-mappers/protocol/{protocol}\n@desc Get mappers by name for a specific protocol\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/push-revocation\n@desc Push the client’s revocation policy to its admin URL   If the client has an admin URL, push revocation policy to it.\n@returns(2XX) {failedRequests: [str], successRequests: [str]} # success\n\n@endpoint POST /{realm}/clients/{id}/registration-access-token\n@desc Generate a new registration access token for the client\n@returns(2XX) {access: map, adminUrl: str, alwaysDisplayInConsole: bool, attributes: map, authenticationFlowBindingOverrides: map, authorizationServicesEnabled: bool, authorizationSettings: map{allowRemoteResourceManagement: bool, clientId: str, decisionStrategy: str, id: str, name: str, policies: [map], policyEnforcementMode: str, resources: [map], scopes: [map]}, baseUrl: str, bearerOnly: bool, clientAuthenticatorType: str, clientId: str, consentRequired: bool, defaultClientScopes: [str], defaultRoles: [str], description: str, directAccessGrantsEnabled: bool, enabled: bool, frontchannelLogout: bool, fullScopeAllowed: bool, id: str, implicitFlowEnabled: bool, name: str, nodeReRegistrationTimeout: int(int32), notBefore: int(int32), optionalClientScopes: [str], origin: str, protocol: str, protocolMappers: [map], publicClient: bool, redirectUris: [str], registeredNodes: map, registrationAccessToken: str, rootUrl: str, secret: str, serviceAccountsEnabled: bool, standardFlowEnabled: bool, surrogateAuthRequired: bool, webOrigins: [str]} # success\n\n@endpoint GET /{realm}/clients/{id}/roles\n@desc Get all roles for the realm or client\n@optional {briefRepresentation: bool, first: int(int32), max: int(int32), search: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/roles\n@desc Create a new role for the realm or client\n@optional {attributes: map, clientRole: bool, composite: bool, composites: map{client: map, realm: [str]}, containerId: str, description: str, id: str, name: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/roles/{role-name}\n@desc Get a role by name\n@returns(2XX) {attributes: map, clientRole: bool, composite: bool, composites: map{client: map, realm: [str]}, containerId: str, description: str, id: str, name: str} # success\n\n@endpoint PUT /{realm}/clients/{id}/roles/{role-name}\n@desc Update a role by name\n@optional {attributes: map, clientRole: bool, composite: bool, composites: map{client: map, realm: [str]}, containerId: str, description: str, id: str, name: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id}/roles/{role-name}\n@desc Delete a role by name\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/roles/{role-name}/composites\n@desc Get composites of the role\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/roles/{role-name}/composites\n@desc Add a composite to the role\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id}/roles/{role-name}/composites\n@desc Remove roles from the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/roles/{role-name}/composites/clients/{client}\n@desc An app-level roles for the specified app for the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/roles/{role-name}/composites/realm\n@desc Get realm-level roles of the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/roles/{role-name}/groups\n@desc Return List of Groups that have the specified role name\n@optional {briefRepresentation: bool # if false, return a full representation of the GroupRepresentation objects, first: int(int32), max: int(int32)}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/roles/{role-name}/management/permissions\n@desc Return object stating whether role Authoirzation permissions have been initialized or not and a reference\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint PUT /{realm}/clients/{id}/roles/{role-name}/management/permissions\n@desc Return object stating whether role Authoirzation permissions have been initialized or not and a reference\n@optional {enabled: bool, resource: str, scopePermissions: map}\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint GET /{realm}/clients/{id}/roles/{role-name}/users\n@desc Return List of Users that have the specified role name\n@optional {first: int(int32), max: int(int32)}\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/scope-mappings\n@desc Get all scope mappings for the client\n@returns(2XX) {clientMappings: map, realmMappings: [map]} # success\n\n@endpoint GET /{realm}/clients/{id}/scope-mappings/clients/{client}\n@desc Get the roles associated with a client’s scope   Returns roles for the client.\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/scope-mappings/clients/{client}\n@desc Add client-level roles to the client’s scope\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id}/scope-mappings/clients/{client}\n@desc Remove client-level roles from the client’s scope.\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/scope-mappings/clients/{client}/available\n@desc The available client-level roles   Returns the roles for the client that can be associated with the client’s scope\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/scope-mappings/clients/{client}/composite\n@desc Get effective client roles   Returns the roles for the client that are associated with the client’s scope.\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/scope-mappings/realm\n@desc Get realm-level roles associated with the client’s scope\n@returns(2XX) success\n\n@endpoint POST /{realm}/clients/{id}/scope-mappings/realm\n@desc Add a set of realm-level roles to the client’s scope\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/clients/{id}/scope-mappings/realm\n@desc Remove a set of realm-level roles from the client’s scope\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/scope-mappings/realm/available\n@desc Get realm-level roles that are available to attach to this client’s scope\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/scope-mappings/realm/composite\n@desc Get effective realm-level roles associated with the client’s scope   What this does is recurse  any composite roles associated with the client’s scope and adds the roles to this lists.\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/service-account-user\n@desc Get a user dedicated to the service account\n@returns(2XX) {access: map, attributes: map, clientConsents: [map], clientRoles: map, createdTimestamp: int(int64), credentials: [map], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str} # success\n\n@endpoint GET /{realm}/clients/{id}/session-count\n@desc Get application session count   Returns a number of user sessions associated with this client   {      \"count\": number  }\n@returns(2XX) success\n\n@endpoint GET /{realm}/clients/{id}/test-nodes-available\n@desc Test if registered cluster nodes are available   Tests availability by sending 'ping' request to all cluster nodes.\n@returns(2XX) {failedRequests: [str], successRequests: [str]} # success\n\n@endpoint GET /{realm}/clients/{id}/user-sessions\n@desc Get user sessions for client   Returns a list of user sessions associated with this client\n@optional {first: int(int32) # Paging offset, max: int(int32) # Maximum results size (defaults to 100)}\n@returns(2XX) success\n\n@endpoint GET /{realm}/components\n@optional {name: str, parent: str, type: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/components\n@optional {config: map{empty: bool, loadFactor: num(float), threshold: int(int32)}, id: str, name: str, parentId: str, providerId: str, providerType: str, subType: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/components/{id}\n@returns(2XX) {config: map{empty: bool, loadFactor: num(float), threshold: int(int32)}, id: str, name: str, parentId: str, providerId: str, providerType: str, subType: str} # success\n\n@endpoint PUT /{realm}/components/{id}\n@optional {config: map{empty: bool, loadFactor: num(float), threshold: int(int32)}, id: str, name: str, parentId: str, providerId: str, providerType: str, subType: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/components/{id}\n@returns(2XX) success\n\n@endpoint GET /{realm}/components/{id}/sub-component-types\n@desc List of subcomponent types that are available to configure for a particular parent component.\n@optional {type: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/credential-registrators\n@returns(2XX) success\n\n@endpoint GET /{realm}/default-default-client-scopes\n@desc Get realm default client scopes.\n@returns(2XX) success\n\n@endpoint PUT /{realm}/default-default-client-scopes/{clientScopeId}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/default-default-client-scopes/{clientScopeId}\n@returns(2XX) success\n\n@endpoint GET /{realm}/default-groups\n@desc Get group hierarchy.\n@returns(2XX) success\n\n@endpoint PUT /{realm}/default-groups/{groupId}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/default-groups/{groupId}\n@returns(2XX) success\n\n@endpoint GET /{realm}/default-optional-client-scopes\n@desc Get realm optional client scopes.\n@returns(2XX) success\n\n@endpoint PUT /{realm}/default-optional-client-scopes/{clientScopeId}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/default-optional-client-scopes/{clientScopeId}\n@returns(2XX) success\n\n@endpoint GET /{realm}/events\n@desc Get events   Returns all events, or filters them based on URL query parameters listed here\n@optional {client: str # App or oauth client name, dateFrom: str # From date, dateTo: str # To date, first: int(int32) # Paging offset, ipAddress: str # IP address, max: int(int32) # Maximum results size (defaults to 100), type: [str] # The types of events to return, user: str # User id}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/events\n@desc Delete all events\n@returns(2XX) success\n\n@endpoint GET /{realm}/events/config\n@desc Get the events provider configuration   Returns JSON object with events provider configuration\n@returns(2XX) {adminEventsDetailsEnabled: bool, adminEventsEnabled: bool, enabledEventTypes: [str], eventsEnabled: bool, eventsExpiration: int(int64), eventsListeners: [str]} # success\n\n@endpoint PUT /{realm}/events/config\n@desc Update the events provider   Change the events provider and/or its configuration\n@optional {adminEventsDetailsEnabled: bool, adminEventsEnabled: bool, enabledEventTypes: [str], eventsEnabled: bool, eventsExpiration: int(int64), eventsListeners: [str]}\n@returns(2XX) success\n\n@endpoint GET /{realm}/group-by-path/{path}\n@returns(2XX) {access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map]} # success\n\n@endpoint GET /{realm}/groups\n@desc Get group hierarchy.\n@optional {briefRepresentation: bool, first: int(int32), max: int(int32), search: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/groups\n@desc create or add a top level realm groupSet or create child.\n@optional {access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map{access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map]}]}\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/count\n@desc Returns the groups counts.\n@optional {search: str, top: bool}\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/{id}\n@returns(2XX) {access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map]} # success\n\n@endpoint PUT /{realm}/groups/{id}\n@desc Update group, ignores subgroups.\n@optional {access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map{access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map]}]}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/groups/{id}\n@returns(2XX) success\n\n@endpoint POST /{realm}/groups/{id}/children\n@desc Set or create child.\n@optional {access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map{access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map]}]}\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/{id}/management/permissions\n@desc Return object stating whether client Authorization permissions have been initialized or not and a reference\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint PUT /{realm}/groups/{id}/management/permissions\n@desc Return object stating whether client Authorization permissions have been initialized or not and a reference\n@optional {enabled: bool, resource: str, scopePermissions: map}\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint GET /{realm}/groups/{id}/members\n@desc Get users   Returns a list of users, filtered according to query parameters\n@optional {briefRepresentation: bool # Only return basic information (only guaranteed to return id, username, created, first and last name,  email, enabled state, email verification state, federation link, and access.  Note that it means that namely user attributes, required actions, and not before are not returned.), first: int(int32) # Pagination offset, max: int(int32) # Maximum results size (defaults to 100)}\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/{id}/role-mappings\n@desc Get role mappings\n@returns(2XX) {clientMappings: map, realmMappings: [map]} # success\n\n@endpoint GET /{realm}/groups/{id}/role-mappings/clients/{client}\n@desc Get client-level role mappings for the user, and the app\n@returns(2XX) success\n\n@endpoint POST /{realm}/groups/{id}/role-mappings/clients/{client}\n@desc Add client-level roles to the user role mapping\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/groups/{id}/role-mappings/clients/{client}\n@desc Delete client-level roles from user role mapping\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/{id}/role-mappings/clients/{client}/available\n@desc Get available client-level roles that can be mapped to the user\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/{id}/role-mappings/clients/{client}/composite\n@desc Get effective client-level role mappings   This recurses any composite roles\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/{id}/role-mappings/realm\n@desc Get realm-level role mappings\n@returns(2XX) success\n\n@endpoint POST /{realm}/groups/{id}/role-mappings/realm\n@desc Add realm-level role mappings to the user\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/groups/{id}/role-mappings/realm\n@desc Delete realm-level role mappings\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/{id}/role-mappings/realm/available\n@desc Get realm-level roles that can be mapped\n@returns(2XX) success\n\n@endpoint GET /{realm}/groups/{id}/role-mappings/realm/composite\n@desc Get effective realm-level role mappings   This will recurse all composite roles to get the result.\n@returns(2XX) success\n\n@endpoint POST /{realm}/identity-provider/import-config\n@desc Import identity provider from uploaded JSON file\n@returns(2XX) success\n\n@endpoint GET /{realm}/identity-provider/instances\n@desc Get identity providers\n@returns(2XX) success\n\n@endpoint POST /{realm}/identity-provider/instances\n@desc Create a new identity provider\n@optional {addReadTokenRoleOnCreate: bool, alias: str, config: map, displayName: str, enabled: bool, firstBrokerLoginFlowAlias: str, internalId: str, linkOnly: bool, postBrokerLoginFlowAlias: str, providerId: str, storeToken: bool, trustEmail: bool}\n@returns(2XX) success\n\n@endpoint GET /{realm}/identity-provider/instances/{alias}\n@desc Get the identity provider\n@returns(2XX) {addReadTokenRoleOnCreate: bool, alias: str, config: map, displayName: str, enabled: bool, firstBrokerLoginFlowAlias: str, internalId: str, linkOnly: bool, postBrokerLoginFlowAlias: str, providerId: str, storeToken: bool, trustEmail: bool} # success\n\n@endpoint PUT /{realm}/identity-provider/instances/{alias}\n@desc Update the identity provider\n@optional {addReadTokenRoleOnCreate: bool, alias: str, config: map, displayName: str, enabled: bool, firstBrokerLoginFlowAlias: str, internalId: str, linkOnly: bool, postBrokerLoginFlowAlias: str, providerId: str, storeToken: bool, trustEmail: bool}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/identity-provider/instances/{alias}\n@desc Delete the identity provider\n@returns(2XX) success\n\n@endpoint GET /{realm}/identity-provider/instances/{alias}/export\n@desc Export public broker configuration for identity provider\n@optional {format: str # Format to use}\n@returns(2XX) success\n\n@endpoint GET /{realm}/identity-provider/instances/{alias}/management/permissions\n@desc Return object stating whether client Authorization permissions have been initialized or not and a reference\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint PUT /{realm}/identity-provider/instances/{alias}/management/permissions\n@desc Return object stating whether client Authorization permissions have been initialized or not and a reference\n@optional {enabled: bool, resource: str, scopePermissions: map}\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint GET /{realm}/identity-provider/instances/{alias}/mapper-types\n@desc Get mapper types for identity provider\n@returns(2XX) success\n\n@endpoint GET /{realm}/identity-provider/instances/{alias}/mappers\n@desc Get mappers for identity provider\n@returns(2XX) success\n\n@endpoint POST /{realm}/identity-provider/instances/{alias}/mappers\n@desc Add a mapper to identity provider\n@optional {config: map, id: str, identityProviderAlias: str, identityProviderMapper: str, name: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/identity-provider/instances/{alias}/mappers/{id}\n@desc Get mapper by id for the identity provider\n@returns(2XX) {config: map, id: str, identityProviderAlias: str, identityProviderMapper: str, name: str} # success\n\n@endpoint PUT /{realm}/identity-provider/instances/{alias}/mappers/{id}\n@desc Update a mapper for the identity provider\n@optional {config: map, id: str, identityProviderAlias: str, identityProviderMapper: str, name: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/identity-provider/instances/{alias}/mappers/{id}\n@desc Delete a mapper for the identity provider\n@returns(2XX) success\n\n@endpoint GET /{realm}/identity-provider/providers/{provider_id}\n@desc Get identity providers\n@returns(2XX) success\n\n@endpoint GET /{realm}/keys\n@returns(2XX) {active: map, keys: [map]} # success\n\n@endpoint POST /{realm}/logout-all\n@desc Removes all user sessions.\n@returns(2XX) success\n\n@endpoint POST /{realm}/partial-export\n@desc Partial export of existing realm into a JSON file.\n@optional {exportClients: bool, exportGroupsAndRoles: bool}\n@returns(2XX) {accessCodeLifespan: int(int32), accessCodeLifespanLogin: int(int32), accessCodeLifespanUserAction: int(int32), accessTokenLifespan: int(int32), accessTokenLifespanForImplicitFlow: int(int32), accountTheme: str, actionTokenGeneratedByAdminLifespan: int(int32), actionTokenGeneratedByUserLifespan: int(int32), adminEventsDetailsEnabled: bool, adminEventsEnabled: bool, adminTheme: str, attributes: map, authenticationFlows: [map], authenticatorConfig: [map], browserFlow: str, browserSecurityHeaders: map, bruteForceProtected: bool, clientAuthenticationFlow: str, clientScopeMappings: map, clientScopes: [map], clientSessionIdleTimeout: int(int32), clientSessionMaxLifespan: int(int32), clients: [map], components: map{empty: bool, loadFactor: num(float), threshold: int(int32)}, defaultDefaultClientScopes: [str], defaultGroups: [str], defaultLocale: str, defaultOptionalClientScopes: [str], defaultRoles: [str], defaultSignatureAlgorithm: str, directGrantFlow: str, displayName: str, displayNameHtml: str, dockerAuthenticationFlow: str, duplicateEmailsAllowed: bool, editUsernameAllowed: bool, emailTheme: str, enabled: bool, enabledEventTypes: [str], eventsEnabled: bool, eventsExpiration: int(int64), eventsListeners: [str], failureFactor: int(int32), federatedUsers: [map], groups: [map], id: str, identityProviderMappers: [map], identityProviders: [map], internationalizationEnabled: bool, keycloakVersion: str, loginTheme: str, loginWithEmailAllowed: bool, maxDeltaTimeSeconds: int(int32), maxFailureWaitSeconds: int(int32), minimumQuickLoginWaitSeconds: int(int32), notBefore: int(int32), offlineSessionIdleTimeout: int(int32), offlineSessionMaxLifespan: int(int32), offlineSessionMaxLifespanEnabled: bool, otpPolicyAlgorithm: str, otpPolicyDigits: int(int32), otpPolicyInitialCounter: int(int32), otpPolicyLookAheadWindow: int(int32), otpPolicyPeriod: int(int32), otpPolicyType: str, otpSupportedApplications: [str], passwordPolicy: str, permanentLockout: bool, protocolMappers: [map], quickLoginCheckMilliSeconds: int(int64), realm: str, refreshTokenMaxReuse: int(int32), registrationAllowed: bool, registrationEmailAsUsername: bool, registrationFlow: str, rememberMe: bool, requiredActions: [map], resetCredentialsFlow: str, resetPasswordAllowed: bool, revokeRefreshToken: bool, roles: map{client: map, realm: [map]}, scopeMappings: [map], smtpServer: map, sslRequired: str, ssoSessionIdleTimeout: int(int32), ssoSessionIdleTimeoutRememberMe: int(int32), ssoSessionMaxLifespan: int(int32), ssoSessionMaxLifespanRememberMe: int(int32), supportedLocales: [str], userFederationMappers: [map], userFederationProviders: [map], userManagedAccessAllowed: bool, users: [map], verifyEmail: bool, waitIncrementSeconds: int(int32), webAuthnPolicyAcceptableAaguids: [str], webAuthnPolicyAttestationConveyancePreference: str, webAuthnPolicyAuthenticatorAttachment: str, webAuthnPolicyAvoidSameAuthenticatorRegister: bool, webAuthnPolicyCreateTimeout: int(int32), webAuthnPolicyPasswordlessAcceptableAaguids: [str], webAuthnPolicyPasswordlessAttestationConveyancePreference: str, webAuthnPolicyPasswordlessAuthenticatorAttachment: str, webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister: bool, webAuthnPolicyPasswordlessCreateTimeout: int(int32), webAuthnPolicyPasswordlessRequireResidentKey: str, webAuthnPolicyPasswordlessRpEntityName: str, webAuthnPolicyPasswordlessRpId: str, webAuthnPolicyPasswordlessSignatureAlgorithms: [str], webAuthnPolicyPasswordlessUserVerificationRequirement: str, webAuthnPolicyRequireResidentKey: str, webAuthnPolicyRpEntityName: str, webAuthnPolicyRpId: str, webAuthnPolicySignatureAlgorithms: [str], webAuthnPolicyUserVerificationRequirement: str} # success\n\n@endpoint POST /{realm}/partialImport\n@desc Partial import from a JSON file to an existing realm.\n@optional {clients: [map{access: map, adminUrl: str, alwaysDisplayInConsole: bool, attributes: map, authenticationFlowBindingOverrides: map, authorizationServicesEnabled: bool, authorizationSettings: map, baseUrl: str, bearerOnly: bool, clientAuthenticatorType: str, clientId: str, consentRequired: bool, defaultClientScopes: [str], defaultRoles: [str], description: str, directAccessGrantsEnabled: bool, enabled: bool, frontchannelLogout: bool, fullScopeAllowed: bool, id: str, implicitFlowEnabled: bool, name: str, nodeReRegistrationTimeout: int(int32), notBefore: int(int32), optionalClientScopes: [str], origin: str, protocol: str, protocolMappers: [map], publicClient: bool, redirectUris: [str], registeredNodes: map, registrationAccessToken: str, rootUrl: str, secret: str, serviceAccountsEnabled: bool, standardFlowEnabled: bool, surrogateAuthRequired: bool, webOrigins: [str]}], groups: [map{access: map, attributes: map, clientRoles: map, id: str, name: str, path: str, realmRoles: [str], subGroups: [map]}], identityProviders: [map{addReadTokenRoleOnCreate: bool, alias: str, config: map, displayName: str, enabled: bool, firstBrokerLoginFlowAlias: str, internalId: str, linkOnly: bool, postBrokerLoginFlowAlias: str, providerId: str, storeToken: bool, trustEmail: bool}], ifResourceExists: str, policy: str(SKIP/OVERWRITE/FAIL), roles: map{client: map, realm: [map]}, users: [map{access: map, attributes: map, clientConsents: [map], clientRoles: map, createdTimestamp: int(int64), credentials: [map], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str}]}\n@returns(2XX) success\n\n@endpoint POST /{realm}/push-revocation\n@desc Push the realm’s revocation policy to any client that has an admin url associated with it.\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles\n@desc Get all roles for the realm or client\n@optional {briefRepresentation: bool, first: int(int32), max: int(int32), search: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/roles\n@desc Create a new role for the realm or client\n@optional {attributes: map, clientRole: bool, composite: bool, composites: map{client: map, realm: [str]}, containerId: str, description: str, id: str, name: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles-by-id/{role-id}\n@desc Get a specific role’s representation\n@returns(2XX) {attributes: map, clientRole: bool, composite: bool, composites: map{client: map, realm: [str]}, containerId: str, description: str, id: str, name: str} # success\n\n@endpoint PUT /{realm}/roles-by-id/{role-id}\n@desc Update the role\n@optional {attributes: map, clientRole: bool, composite: bool, composites: map{client: map, realm: [str]}, containerId: str, description: str, id: str, name: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/roles-by-id/{role-id}\n@desc Delete the role\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles-by-id/{role-id}/composites\n@desc Get role’s children   Returns a set of role’s children provided the role is a composite.\n@returns(2XX) success\n\n@endpoint POST /{realm}/roles-by-id/{role-id}/composites\n@desc Make the role a composite role by associating some child roles\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/roles-by-id/{role-id}/composites\n@desc Remove a set of roles from the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles-by-id/{role-id}/composites/clients/{client}\n@desc Get client-level roles for the client that are in the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles-by-id/{role-id}/composites/realm\n@desc Get realm-level roles that are in the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles-by-id/{role-id}/management/permissions\n@desc Return object stating whether role Authoirzation permissions have been initialized or not and a reference\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint PUT /{realm}/roles-by-id/{role-id}/management/permissions\n@desc Return object stating whether role Authoirzation permissions have been initialized or not and a reference\n@optional {enabled: bool, resource: str, scopePermissions: map}\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint GET /{realm}/roles/{role-name}\n@desc Get a role by name\n@returns(2XX) {attributes: map, clientRole: bool, composite: bool, composites: map{client: map, realm: [str]}, containerId: str, description: str, id: str, name: str} # success\n\n@endpoint PUT /{realm}/roles/{role-name}\n@desc Update a role by name\n@optional {attributes: map, clientRole: bool, composite: bool, composites: map{client: map, realm: [str]}, containerId: str, description: str, id: str, name: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/roles/{role-name}\n@desc Delete a role by name\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles/{role-name}/composites\n@desc Get composites of the role\n@returns(2XX) success\n\n@endpoint POST /{realm}/roles/{role-name}/composites\n@desc Add a composite to the role\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/roles/{role-name}/composites\n@desc Remove roles from the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles/{role-name}/composites/clients/{client}\n@desc An app-level roles for the specified app for the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles/{role-name}/composites/realm\n@desc Get realm-level roles of the role’s composite\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles/{role-name}/groups\n@desc Return List of Groups that have the specified role name\n@optional {briefRepresentation: bool # if false, return a full representation of the GroupRepresentation objects, first: int(int32), max: int(int32)}\n@returns(2XX) success\n\n@endpoint GET /{realm}/roles/{role-name}/management/permissions\n@desc Return object stating whether role Authoirzation permissions have been initialized or not and a reference\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint PUT /{realm}/roles/{role-name}/management/permissions\n@desc Return object stating whether role Authoirzation permissions have been initialized or not and a reference\n@optional {enabled: bool, resource: str, scopePermissions: map}\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint GET /{realm}/roles/{role-name}/users\n@desc Return List of Users that have the specified role name\n@optional {first: int(int32), max: int(int32)}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/sessions/{session}\n@desc Remove a specific user session.\n@returns(2XX) success\n\n@endpoint POST /{realm}/testLDAPConnection\n@desc Test LDAP connection\n@optional {action: str, bindCredential: str, bindDn: str, componentId: str, connectionTimeout: str, connectionUrl: str, startTls: str, useTruststoreSpi: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/testSMTPConnection\n@returns(2XX) success\n\n@endpoint GET /{realm}/user-storage/{id}/name\n@desc Need this for admin console to display simple name of provider when displaying user detail   KEYCLOAK-4328\n@returns(2XX) success\n\n@endpoint POST /{realm}/user-storage/{id}/remove-imported-users\n@desc Remove imported users\n@returns(2XX) success\n\n@endpoint POST /{realm}/user-storage/{id}/sync\n@desc Trigger sync of users   Action can be \"triggerFullSync\" or \"triggerChangedUsersSync\"\n@optional {action: str}\n@returns(2XX) {added: int(int32), failed: int(int32), ignored: bool, removed: int(int32), status: str, updated: int(int32)} # success\n\n@endpoint POST /{realm}/user-storage/{id}/unlink-users\n@desc Unlink imported users from a storage provider\n@returns(2XX) success\n\n@endpoint POST /{realm}/user-storage/{parentId}/mappers/{id}/sync\n@desc Trigger sync of mapper data related to ldap mapper (roles, groups, …​)   direction is \"fedToKeycloak\" or \"keycloakToFed\"\n@optional {direction: str}\n@returns(2XX) {added: int(int32), failed: int(int32), ignored: bool, removed: int(int32), status: str, updated: int(int32)} # success\n\n@endpoint GET /{realm}/users\n@desc Get users   Returns a list of users, filtered according to query parameters\n@optional {briefRepresentation: bool, email: str, first: int(int32), firstName: str, lastName: str, max: int(int32) # Maximum results size (defaults to 100), search: str # A String contained in username, first or last name, or email, username: str}\n@returns(2XX) success\n\n@endpoint POST /{realm}/users\n@desc Create a new user   Username must be unique.\n@optional {access: map, attributes: map, clientConsents: [map{clientId: str, createdDate: int(int64), grantedClientScopes: [str], lastUpdatedDate: int(int64)}], clientRoles: map, createdTimestamp: int(int64), credentials: [map{createdDate: int(int64), credentialData: str, id: str, priority: int(int32), secretData: str, temporary: bool, type: str, userLabel: str, value: str}], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map{identityProvider: str, userId: str, userName: str}], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/users-management-permissions\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint PUT /{realm}/users-management-permissions\n@optional {enabled: bool, resource: str, scopePermissions: map}\n@returns(2XX) {enabled: bool, resource: str, scopePermissions: map} # success\n\n@endpoint GET /{realm}/users/count\n@desc Returns the number of users that match the given criteria.\n@optional {email: str # email filter, firstName: str # first name filter, lastName: str # last name filter, search: str # arbitrary search string for all the fields below, username: str # username filter}\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}\n@desc Get representation of the user\n@returns(2XX) {access: map, attributes: map, clientConsents: [map], clientRoles: map, createdTimestamp: int(int64), credentials: [map], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str} # success\n\n@endpoint PUT /{realm}/users/{id}\n@desc Update the user\n@optional {access: map, attributes: map, clientConsents: [map{clientId: str, createdDate: int(int64), grantedClientScopes: [str], lastUpdatedDate: int(int64)}], clientRoles: map, createdTimestamp: int(int64), credentials: [map{createdDate: int(int64), credentialData: str, id: str, priority: int(int32), secretData: str, temporary: bool, type: str, userLabel: str, value: str}], disableableCredentialTypes: [str], email: str, emailVerified: bool, enabled: bool, federatedIdentities: [map{identityProvider: str, userId: str, userName: str}], federationLink: str, firstName: str, groups: [str], id: str, lastName: str, notBefore: int(int32), origin: str, realmRoles: [str], requiredActions: [str], self: str, serviceAccountClientId: str, username: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/users/{id}\n@desc Delete the user\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/configured-user-storage-credential-types\n@desc Return credential types, which are provided by the user storage where user is stored.\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/consents\n@desc Get consents granted by the user\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/users/{id}/consents/{client}\n@desc Revoke consent and offline tokens for particular client from user\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/credentials\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/users/{id}/credentials/{credentialId}\n@desc Remove a credential for a user\n@returns(2XX) success\n\n@endpoint POST /{realm}/users/{id}/credentials/{credentialId}/moveAfter/{newPreviousCredentialId}\n@desc Move a credential to a position behind another credential\n@returns(2XX) success\n\n@endpoint POST /{realm}/users/{id}/credentials/{credentialId}/moveToFirst\n@desc Move a credential to a first position in the credentials list of the user\n@returns(2XX) success\n\n@endpoint PUT /{realm}/users/{id}/credentials/{credentialId}/userLabel\n@desc Update a credential label for a user\n@returns(2XX) success\n\n@endpoint PUT /{realm}/users/{id}/disable-credential-types\n@desc Disable all credentials for a user of a specific type\n@returns(2XX) success\n\n@endpoint PUT /{realm}/users/{id}/execute-actions-email\n@desc Send a update account email to the user   An email contains a link the user can click to perform a set of required actions.\n@optional {client_id: str # Client id, lifespan: int(int32) # Number of seconds after which the generated token expires, redirect_uri: str # Redirect uri}\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/federated-identity\n@desc Get social logins associated with the user\n@returns(2XX) success\n\n@endpoint POST /{realm}/users/{id}/federated-identity/{provider}\n@desc Add a social login provider to the user\n@optional {identityProvider: str, userId: str, userName: str}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/users/{id}/federated-identity/{provider}\n@desc Remove a social login provider from user\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/groups\n@optional {briefRepresentation: bool, first: int(int32), max: int(int32), search: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/groups/count\n@optional {search: str}\n@returns(2XX) success\n\n@endpoint PUT /{realm}/users/{id}/groups/{groupId}\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/users/{id}/groups/{groupId}\n@returns(2XX) success\n\n@endpoint POST /{realm}/users/{id}/impersonation\n@desc Impersonate the user\n@returns(2XX) success\n\n@endpoint POST /{realm}/users/{id}/logout\n@desc Remove all user sessions associated with the user   Also send notification to all clients that have an admin URL to invalidate the sessions for the particular user.\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/offline-sessions/{clientId}\n@desc Get offline sessions associated with the user and client\n@returns(2XX) success\n\n@endpoint PUT /{realm}/users/{id}/reset-password\n@desc Set up a new password for the user.\n@optional {createdDate: int(int64), credentialData: str, id: str, priority: int(int32), secretData: str, temporary: bool, type: str, userLabel: str, value: str}\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/role-mappings\n@desc Get role mappings\n@returns(2XX) {clientMappings: map, realmMappings: [map]} # success\n\n@endpoint GET /{realm}/users/{id}/role-mappings/clients/{client}\n@desc Get client-level role mappings for the user, and the app\n@returns(2XX) success\n\n@endpoint POST /{realm}/users/{id}/role-mappings/clients/{client}\n@desc Add client-level roles to the user role mapping\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/users/{id}/role-mappings/clients/{client}\n@desc Delete client-level roles from user role mapping\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/role-mappings/clients/{client}/available\n@desc Get available client-level roles that can be mapped to the user\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/role-mappings/clients/{client}/composite\n@desc Get effective client-level role mappings   This recurses any composite roles\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/role-mappings/realm\n@desc Get realm-level role mappings\n@returns(2XX) success\n\n@endpoint POST /{realm}/users/{id}/role-mappings/realm\n@desc Add realm-level role mappings to the user\n@returns(2XX) success\n\n@endpoint DELETE /{realm}/users/{id}/role-mappings/realm\n@desc Delete realm-level role mappings\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/role-mappings/realm/available\n@desc Get realm-level roles that can be mapped\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/role-mappings/realm/composite\n@desc Get effective realm-level role mappings   This will recurse all composite roles to get the result.\n@returns(2XX) success\n\n@endpoint PUT /{realm}/users/{id}/send-verify-email\n@desc Send an email-verification email to the user   An email contains a link the user can click to verify their email address.\n@optional {client_id: str # Client id, redirect_uri: str # Redirect uri}\n@returns(2XX) success\n\n@endpoint GET /{realm}/users/{id}/sessions\n@desc Get sessions associated with the user\n@returns(2XX) success\n\n@endgroup\n\n@end\n"}}