Keycloak Admin REST API

The Keycloak Admin REST API allows you to manage your Keycloak deployment programmatically. You can automate user management, realm configurations, client setups, and much more.

Managed Keycloak Context

In Cloud-IAM managed Keycloak deployments, customers have unrestricted access to the full set of native Keycloak Admin REST API endpoints.

You can leverage the exact same API features available in on-premise installations, while benefiting from Cloud-IAM’s managed infrastructure, high availability, and expert support.

Key Features

Manage users: Create, update, delete users, and handle credentials.
Configure realms: Automate realm creation, updates, and settings.
Handle roles and groups: Assign and manage roles for users and clients.
Client management: Configure clients, scopes, and protocol mappers.
Events & sessions: Retrieve user and admin events, monitor active sessions.

Getting Started

Obtain an access token with admin privileges.
Use the API endpoints to perform management tasks.
Integrate with scripts, automation tools, or your CI/CD pipelines.

For a complete list of endpoints, parameters, and examples, refer to the official Keycloak API documentation:
Keycloak Admin REST API Reference

Using `curl` to get an Access Token from Keycloak

Here’s an example using curl and jq to obtain a short-lived access token (valid for 2 minutes):

shell


# === Keycloak Variables ===
DEPLOYMENT_NAME="{your-keycloak-name}"             # e.g. my-keycloak
REALM_NAME="{your-realm-name}"                     # e.g. acme
CLIENT_ID="{service-account-client-id}"            # e.g. service-account-events
CLIENT_SECRET="{service-account-client-secret}"    # e.g. client secret from the 'Credentials' tab
BASE_URL="https://${DEPLOYMENT_NAME}.cloud-iam.com"

# === Get the access token  ===

TOKEN=$(curl -sS -X POST "${BASE_URL}/realms/${REALM_NAME}/protocol/openid-connect/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  --data-urlencode "grant_type=client_credentials" \
  --data-urlencode "client_id=${CLIENT_ID}" \
  --data-urlencode "client_secret=${CLIENT_SECRET}" \
  --data-urlencode "scope=openid" \
| sed -n 's/.*"access_token":"\([^"]*\)".*/\1/p') && printf "%s\n" "$TOKEN"

Once you’ve retrieved the access token, include it in the Authorization header of your API requests as a Bearer token.

Using Postman to get an Access Token from Keycloak

Open Postman and create a new request.
Set the HTTP method to POST
Use the following URL as the request endpoint: https://{your-deployment-name}.cloud-iam.com/realms/{your-realm-name}/protocol/openid-connect/token
Go to the Body tab and select x-www-form-urlencoded
Add the following key-value pairs into Body :

Key	Value
grant_type	client_credentials
client_id	value of service account
client_secret	value of credential account.
scope	openid

Click Send to retrieve the access token.

Once received, this token can be used to authenticate calls to the Keycloak Admin APIs.

Reuse Your Access Token

To streamline your workflow, save the access token as a variable using Postman's Environment feature. This enables you to automatically include it as a Bearer Token in the Authorization tab for subsequent API requests, eliminating the need to copy and paste manually.

💡 Looking for a reliable Keycloak?

Keycloak Admin REST API ​

Managed Keycloak Context ​

Key Features ​

Getting Started ​

Using curl to get an Access Token from Keycloak ​

Using Postman to get an Access Token from Keycloak ​