2016-05-11 07:26:03 -04:00
== Admin REST API
2016-04-18 17:02:18 -04:00
2017-08-28 08:50:14 -04:00
{project_name} comes with a fully functional Admin REST API with all features provided by the Admin Console.
2016-04-18 17:02:18 -04:00
2023-09-15 08:43:29 -04:00
To invoke the API you need to obtain an access token with the appropriate permissions. The required permissions are described in the link:{adminguide_link}[{adminguide_name}].
2016-04-18 17:02:18 -04:00
2022-03-23 10:34:07 -04:00
You can obtain a token by enabling authentication for your application using {project_name}; see the Securing Applications and Services Guide. You can also use direct access grant to obtain an access token.
2016-05-11 07:26:03 -04:00
2021-06-23 14:10:41 -04:00
=== Examples of using CURL
2019-11-13 13:25:30 -05:00
2022-03-23 10:34:07 -04:00
==== Authenticating with a username and password
2016-05-11 07:26:03 -04:00
2023-03-22 16:19:09 -04:00
NOTE: The following example assumes that you created the user `admin` with the password `password` in the `master` realm as shown in the link:{gettingstarted_link}[{gettingstarted_name}] tutorial.
2021-06-23 14:10:41 -04:00
.Procedure
2022-03-23 10:34:07 -04:00
. Obtain an access token for the user in the realm `master` with username `admin` and password `password`:
2021-06-23 14:10:41 -04:00
+
2022-03-23 10:34:07 -04:00
[source,bash,subs=+attributes]
2016-05-13 04:28:41 -04:00
----
curl \
-d "client_id=admin-cli" \
-d "username=admin" \
2016-05-31 14:39:12 -04:00
-d "password=password" \
2016-05-13 04:28:41 -04:00
-d "grant_type=password" \
2022-02-08 08:07:16 -05:00
"http://localhost:8080{kc_realms_path}/master/protocol/openid-connect/token"
2016-05-13 04:28:41 -04:00
----
2021-06-23 14:10:41 -04:00
+
2016-05-13 04:28:41 -04:00
NOTE: By default this token expires in 1 minute
2021-06-23 14:10:41 -04:00
+
The result will be a JSON document.
2016-05-11 07:26:03 -04:00
2021-06-23 14:10:41 -04:00
. Invoke the API you need by extracting the value of the `access_token` property.
2016-04-18 17:02:18 -04:00
2021-06-23 14:10:41 -04:00
. Invoke the API by including the value in the `Authorization` header of requests to the API.
+
2016-05-13 04:28:41 -04:00
The following example shows how to get the details of the master realm:
2021-06-23 14:10:41 -04:00
+
2022-02-08 08:07:16 -05:00
[source,bash,subs="attributes+"]
2016-05-13 04:28:41 -04:00
----
curl \
-H "Authorization: bearer eyJhbGciOiJSUz..." \
2022-02-08 08:07:16 -05:00
"http://localhost:8080{kc_admins_path}/realms/master"
2016-05-13 04:28:41 -04:00
----
2016-05-11 07:26:03 -04:00
2022-03-23 10:34:07 -04:00
==== Authenticating with a service account
To authenticate against the Admin REST API using a `client_id` and a `client_secret`, perform this procedure.
2019-11-13 13:25:30 -05:00
2022-03-23 10:34:07 -04:00
.Procedure
. Make sure the client is configured as follows:
2019-11-13 13:25:30 -05:00
2025-10-14 05:02:20 -04:00
* `client_id` belongs to the realm *master*
* `client_id` has *Client authentication* set to *On*
* `client_id` has the *Service account roles* option enabled
* Assign `client_id` the `admin` realm role in the *Service accounts roles* tab.
2019-11-13 13:25:30 -05:00
2025-10-14 05:02:20 -04:00
. Use the *Client Secret* from the *Credentials* tab to verify the service account access:
2019-11-13 13:25:30 -05:00
2022-02-08 08:07:16 -05:00
[source,bash,subs="attributes+"]
2019-11-13 13:25:30 -05:00
----
curl \
-d "client_id=<YOUR_CLIENT_ID>" \
-d "client_secret=<YOUR_CLIENT_SECRET>" \
-d "grant_type=client_credentials" \
2022-02-08 08:07:16 -05:00
"http://localhost:8080{kc_realms_path}/master/protocol/openid-connect/token"
2019-11-13 13:25:30 -05:00
----
2022-03-23 10:34:07 -04:00
=== Additional resources
[role="_additional-resources"]
* {adminguide_link}[{adminguide_name}]
* {apidocs_link}[{apidocs_name}]
