How to activate the REST API of keycloak?

Question

I have installed keycloack server 4.3.4. How to activate the REST API of keycloak (Add a user, enabled user, disabled a user ...) ?

Regards

Answer 1

First step to do that is create an admin account (which you would have been prompted to do as soon as you would have opened {keycloak-url}/auth ).

Next steps depend on how you want to create config. Through Admin console GUI or through Rest API.

Steps to do this through Admin Rest API.

1. First , you will have to get a token from {keycloak-url}/auth/realms/master/protocol/openid-connect/token like this:

Note that only change you have to do in below call is your keycloak server address and value of admin username and password.

2. Once you obtain a token from above call, you can use it on other Admin Rest API calls by setting Authorization header, with Bearer token_value. (replace token_value with one obtained in step 1 above)

(Sharing an example below of sample rest call which gets list of users - https://www.keycloak.org/docs-api/10.0/rest-api/index.html#_users_resource )

{{SERVER}}/auth/admin/realms/myRealm/users

---

---

EDIT:

As pointed out by @Shane : as of Keycloak version 19.0.1 the /auth part of the urls have been removed.

Answer 2

In complement to the answer above, even with your access token, you might not have access to certain endpoints if you do not have permissions for that. To do so, you need to be assigned to specifics realm roles. For instance:

Available in the Roles>Composite Roles>Client roles. Or you can set it up in user role-mapping tab.

It happened to me once ago. Without these assigned roles, I could get the access token, but empty clients list, for example.