| /admin/realms | Returns a list of realms. | GET, POST, POST |
| /admin/realms/{realm} | Get the top-level representation of the realm. | GET, PUT, DELETE |
| /admin/realms/{realm}/admin-events | Query admin events. | GET, DELETE |
| /admin/realms/{realm}/attack-detection/brute-force/usernames | Clear any user login failures for all users. | DELETE |
| /admin/realms/{realm}/attack-detection/brute-force/usernames/{username} | Get status of a username in brute force detection | GET, DELETE |
| /admin/realms/{realm}/authentication/authenticator-providers | | GET |
| /admin/realms/{realm}/authentication/client-authenticator-providers | | GET |
| /admin/realms/{realm}/authentication/config | | POST |
| /admin/realms/{realm}/authentication/config/{id} | | GET, DELETE, PUT |
| /admin/realms/{realm}/authentication/config-description/{providerId} | | GET |
| /admin/realms/{realm}/authentication/executions | | POST |
| /admin/realms/{realm}/authentication/executions/{executionId} | | DELETE |
| /admin/realms/{realm}/authentication/executions/{executionId}/config | | POST |
| /admin/realms/{realm}/authentication/executions/{executionId}/config/{id} | | GET |
| /admin/realms/{realm}/authentication/executions/{executionId}/lower-priority | | POST |
| /admin/realms/{realm}/authentication/executions/{executionId}/raise-priority | | POST |
| /admin/realms/{realm}/authentication/flows | | GET, POST |
| /admin/realms/{realm}/authentication/flows/{flowAlias}/copy | | POST |
| /admin/realms/{realm}/authentication/flows/{flowAlias}/executions | | GET, PUT |
| /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/execution | | POST |
| /admin/realms/{realm}/authentication/flows/{flowAlias}/executions/flow | | POST |
| /admin/realms/{realm}/authentication/flows/{id} | | GET, DELETE |
| /admin/realms/{realm}/authentication/form-action-providers | | GET |
| /admin/realms/{realm}/authentication/form-providers | | GET |
| /admin/realms/{realm}/authentication/per-client-config-description | | GET |
| /admin/realms/{realm}/authentication/register-required-action | | POST |
| /admin/realms/{realm}/authentication/required-actions | | GET |
| /admin/realms/{realm}/authentication/required-actions/{alias} | | GET, PUT, DELETE |
| /admin/realms/{realm}/authentication/unregistered-required-actions | | GET |
| /admin/realms/{realm}/client-session-stats | Returns a JSON map. | GET |
| /admin/realms/{realm}/clients | List of clients belonging to this realm. | GET, POST |
| /admin/realms/{realm}/clients/{id} | Get representation of the client. | PUT, GET, DELETE |
| /admin/realms/{realm}/clients/{id}/allowed-origins | Returns set of allowed origin. | GET, PUT, DELETE |
| /admin/realms/{realm}/clients/{id}/certificates/{attr} | | GET |
| /admin/realms/{realm}/clients/{id}/certificates/{attr}/download | | POST |
| /admin/realms/{realm}/clients/{id}/certificates/{attr}/generate | | POST |
| /admin/realms/{realm}/clients/{id}/certificates/{attr}/generate-and-download | Generate new keypair and certificate and downloads private key into specified keystore format. | POST |
| /admin/realms/{realm}/clients/{id}/certificates/{attr}/upload | Upload certificate and eventually private key | POST |
| /admin/realms/{realm}/clients/{id}/certificates/{attr}/upload-certificate | Upload only certificate, not private key | POST |
| /admin/realms/{realm}/clients/{id}/client-secret | Get the secret of this client | POST, GET |
| /admin/realms/{realm}/clients/{id}/installation/jboss | Return XML that can be included in the JBoss/Wildfly Keycloak subsystem to configure the adapter of that client. | GET |
| /admin/realms/{realm}/clients/{id}/installation/json | Return keycloak.json file for this client to be used to configure the adapter of that client. | GET |
| /admin/realms/{realm}/clients/{id}/logout-all | If the client has an admin URL, invalidate all sessions associated with that client directly. | POST |
| /admin/realms/{realm}/clients/{id}/logout-user/{username} | If the client has an admin URL, invalidate the sessions for a particular user directly. | POST |
| /admin/realms/{realm}/clients/{id}/nodes | Manually register cluster node to this client - usually it's not needed to call this directly as adapter should handle
by sending registration request to Keycloak | POST |
| /admin/realms/{realm}/clients/{id}/nodes/{node} | Unregister cluster node from this client | DELETE |
| /admin/realms/{realm}/clients/{id}/protocol-mappers/add-models | creates multiple mapper | POST |
| /admin/realms/{realm}/clients/{id}/protocol-mappers/models | creates mapper | POST, GET |
| /admin/realms/{realm}/clients/{id}/protocol-mappers/models/{id} | | GET, PUT, DELETE |
| /admin/realms/{realm}/clients/{id}/protocol-mappers/protocol/{protocol} | Map of mappers by name for a specific protocol | GET |
| /admin/realms/{realm}/clients/{id}/push-revocation | If the client has an admin URL, push the client's revocation policy to it. | POST |
| /admin/realms/{realm}/clients/{id}/roles | List all roles for this realm or client | GET, POST |
| /admin/realms/{realm}/clients/{id}/roles/{role-name} | Get a role by name | GET, DELETE, PUT |
| /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites | List composites of this role | POST, GET, DELETE |
| /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites/clients/{client} | An app-level roles for a specific app for this role's composite | GET |
| /admin/realms/{realm}/clients/{id}/roles/{role-name}/composites/realm | Get realm-level roles of this role's composite | GET |
| /admin/realms/{realm}/clients/{id}/scope-mappings | Get all scope mappings for this client | GET |
| /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client} | Get the roles associated with a client's scope for a specific client. | GET, POST, DELETE |
| /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}/available | The available client-level roles that can be associated with the client's scope | GET |
| /admin/realms/{realm}/clients/{id}/scope-mappings/clients/{client}/composite | Get effective client roles that are associated with the client's scope for a specific client. | GET |
| /admin/realms/{realm}/clients/{id}/scope-mappings/realm | Get list of realm-level roles associated with this client's scope. | GET, POST, DELETE |
| /admin/realms/{realm}/clients/{id}/scope-mappings/realm/available | Get list of realm-level roles that are available to attach to this client's scope. | GET |
| /admin/realms/{realm}/clients/{id}/scope-mappings/realm/composite | Get all effective realm-level roles that are associated with this client's scope. | GET |
| /admin/realms/{realm}/clients/{id}/service-account-user | Returns user dedicated to this service account | GET |
| /admin/realms/{realm}/clients/{id}/session-count | Number of user sessions associated with this client
{
"count": number
} | GET |
| /admin/realms/{realm}/clients/{id}/test-nodes-available | Test if registered cluster nodes are available by sending 'ping' request to all of them | GET |
| /admin/realms/{realm}/clients/{id}/user-sessions | Return a list of user sessions associated with this client | GET |
| /admin/realms/{realm}/events | Query events. | GET, DELETE |
| /admin/realms/{realm}/events/config | View the events provider and how it is configured. | GET, PUT |
| /admin/realms/{realm}/identity-provider/import-config | | POST, POST |
| /admin/realms/{realm}/identity-provider/instances | | GET, POST |
| /admin/realms/{realm}/identity-provider/instances/{alias} | | GET, DELETE, PUT |
| /admin/realms/{realm}/identity-provider/instances/{alias}/export | | GET |
| /admin/realms/{realm}/identity-provider/instances/{alias}/mapper-types | | GET |
| /admin/realms/{realm}/identity-provider/instances/{alias}/mappers | | GET, POST |
| /admin/realms/{realm}/identity-provider/instances/{alias}/mappers/{id} | | GET, PUT, DELETE |
| /admin/realms/{realm}/identity-provider/providers/{provider_id} | | GET |
| /admin/realms/{realm}/logout-all | Removes all user sessions. | POST |
| /admin/realms/{realm}/push-revocation | Push the realm's revocation policy to any client that has an admin url associated with it. | POST |
| /admin/realms/{realm}/roles | List all roles for this realm or client | GET, POST |
| /admin/realms/{realm}/roles/{role-name} | Get a role by name | GET, DELETE, PUT |
| /admin/realms/{realm}/roles/{role-name}/composites | List composites of this role | POST, GET, DELETE |
| /admin/realms/{realm}/roles/{role-name}/composites/clients/{client} | An app-level roles for a specific app for this role's composite | GET |
| /admin/realms/{realm}/roles/{role-name}/composites/realm | Get realm-level roles of this role's composite | GET |
| /admin/realms/{realm}/roles-by-id/{role-id} | Get a specific role's representation | GET, DELETE, PUT |
| /admin/realms/{realm}/roles-by-id/{role-id}/composites | If this role is a composite, return a set of its children | POST, GET, DELETE |
| /admin/realms/{realm}/roles-by-id/{role-id}/composites/clients/{client} | Return a set of client-level roles for a specific client that are in the role's composite | GET, GET |
| /admin/realms/{realm}/roles-by-id/{role-id}/composites/realm | Return a set of realm-level roles that are in the role's composite | GET |
| /admin/realms/{realm}/sessions/{session} | Remove a specific user session. | DELETE |
| /admin/realms/{realm}/testLDAPConnection | | GET |
| /admin/realms/{realm}/user-federation/instances | list configured providers | POST, GET |
| /admin/realms/{realm}/user-federation/instances/{id} | get a provider | PUT, GET, DELETE |
| /admin/realms/{realm}/user-federation/instances/{id}/mapper-types | List of available User Federation mapper types | GET |
| /admin/realms/{realm}/user-federation/instances/{id}/mappers | Get mappers configured for this provider | GET, POST |
| /admin/realms/{realm}/user-federation/instances/{id}/mappers/{id} | Get mapper | GET, PUT, DELETE |
| /admin/realms/{realm}/user-federation/instances/{id}/sync | trigger sync of users | POST |
| /admin/realms/{realm}/user-federation/providers | Get List of available provider factories | GET |
| /admin/realms/{realm}/user-federation/providers/{id} | Get factory with given ID | GET |
| /admin/realms/{realm}/users | Query list of users. | POST, GET |
| /admin/realms/{realm}/users/{id} | Get represenation of the user | PUT, GET, DELETE |
| /admin/realms/{realm}/users/{id}/consents | List set of consents granted by this user. | GET |
| /admin/realms/{realm}/users/{id}/consents/{client} | Revoke consent for particular client | DELETE |
| /admin/realms/{realm}/users/{id}/execute-actions-email | Send an email to the user with a link they can click to reset their password. | PUT |
| /admin/realms/{realm}/users/{id}/federated-identity | List set of social logins associated with this user. | GET |
| /admin/realms/{realm}/users/{id}/federated-identity/{provider} | | POST, DELETE |
| /admin/realms/{realm}/users/{id}/impersonation | | POST |
| /admin/realms/{realm}/users/{id}/logout | Remove all user sessions associated with this user. | POST |
| /admin/realms/{realm}/users/{id}/remove-totp | | PUT |
| /admin/realms/{realm}/users/{id}/reset-password | Set up a temporary password for this user. | PUT |
| /admin/realms/{realm}/users/{id}/role-mappings | Get role mappings for this user | GET |
| /admin/realms/{realm}/users/{id}/role-mappings/clients/{client} | Get client-level role mappings for this user for a specific app | GET, POST, DELETE |
| /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}/available | Get available client-level roles that can be mapped to the user | GET |
| /admin/realms/{realm}/users/{id}/role-mappings/clients/{client}/composite | Get effective client-level role mappings. | GET |
| /admin/realms/{realm}/users/{id}/role-mappings/realm | Get realm-level role mappings for this user | GET, POST, DELETE |
| /admin/realms/{realm}/users/{id}/role-mappings/realm/available | Realm-level roles that can be mapped to this user | GET |
| /admin/realms/{realm}/users/{id}/role-mappings/realm/composite | Effective realm-level role mappings for this user. | GET |
| /admin/realms/{realm}/users/{id}/send-verify-email | Send an email to the user with a link they can click to verify their email address. | PUT |
| /admin/realms/{realm}/users/{id}/sessions | List set of sessions associated with this user. | GET |
| /admin/serverinfo | Returns a list of themes, social providers, auth providers, and event listeners available on this server | GET |