Keycloak REST API Commands Cheat Sheet With Examples

Table of Contents

Keycloak provides  a  Admin REST API with all features provided by the Admin Console, like creating users, groups. In this article, I have consolidated all the common used REST API commands with examples

Get Admin Access Token

Admin access token will used as the authorisation for the REST API commands.

curl -k -g -d "client_id=admin-cli" -d "username=admin" -d "password=<admin-password>" -d "grant_type=password" -d "client_secret=" "http://<ip>:<por>/realms/master/protocol/openid-connect/token"

Example for Get Admin Access Token REST API

[root@3vcpu-2 NSS]# mastertoken=$(curl -k -g -d "client_id=admin-cli" -d "username=admin" -d "password=admin" -d "grant_type=password" -d "client_secret=" "http://10.39.251.173:8080/realms/master/protocol/openid-connect/token" | sed 's/.*access_token":"//g' | sed 's/".*//g')
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1958 100 1874 100 84 27495 1232 --:--:-- --:--:-- --:--:-- 27970
[root@3vcpu-2 NSS]# echo $mastertoken 
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICItMktSVUtnZVZfZWpNTWxKN1VrYmtHVnZVc3NfdjZDYzBNbFMzZnVITjNvIn0.eyJleHAiOjE2NjQwODUyMTMsImlhdCI6MTY2NDA4NTE1MywianRpIjoiYTI2YTg4MzEtYTZmMC00YWY3LWFiNTUtOWFmMWIxMzk1Y2IyIiwiaXNzIjoiaHR0cDovLzEwLjM5LjI1MS4xNzM6ODA4MC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoiYWRtaW4tY2xpIiwic3ViIjoiZmY5YTU4OWEtYmJhNS00N2E1LWE2ZmItZDRlOTIyN2YyN2Y3IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWRtaW4tY2xpIiwic2Vzc2lvbl9zdGF0ZSI6ImU4M2NmZjNhLTY2ZDctNGFkZC1iM2I1LTkwOTU1ZTJjMDFmZSIsImFjciI6IjEiLCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJzaWQiOiJlODNjZmYzYS02NmQ3LTRhZGQtYjNiNS05MDk1NWUyYzAxZmUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImdyb3VwcyI6W10sInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIn0.IiizvHgn7Xm0Ws6DGDlqiHt0e9jmT4RMCYnCAdldBOKmAekqpg1thdFYlMOs21ZARbJ6ZQ9eP_fnOEf1KktS3MJa2g5nHJpIqG1nLF7pNxnOvrfwY5Bo0C6ZgAkLgmzeYmXhPzVAJg-aX7HXXu1OoytV7j2TfWOzgxS7IvMS4SsOrQoMFmTezB8TwB8Lyib2ACYUQKYRB8B4kkLb7j7hZSc6Fg8KiROOOBGi2yUX-p2zh2rd0meWu8vvEESwm-BpFjFDXsG7kQb_qJQ-4yiL7eqwtCYnVneFr31CrwFLdaFbvW5hYypSfML4_8fBJGiV8gga2Yc3vd7pTwXz5EvSMw
[root@3vcpu-2 NSS]#

Get ID Token

ID token for a user from  keycloak can obtained using

curl -k -g -d "client_id=admin-cli" -d "username=admin" -d "password=<admin-password>" -d "grant_type=password" -d "client_secret=" "http://<ip>:<por>/realms/master/protocol/openid-connect/token" -d "scope=openid"

Example for Get IDAccess Token REST API

 [root@3vcpu-2 NSS]#curl -k -g -d "client_id=admin-cli" -d "username=admin" -d "password=admin" -d "grant_type=password" -d "client_secret=" "http://10.39.251.173:8080/realms/linux-data-hub/protocol/openid-connect/token" -d "scope=openid"
{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiYVZFVm45UEs2dExNaVJTU3pZMGdMdlRUaXBCSDAySjF6a0VKd2xWbUFnIn0.eyJleHAiOjE2NjU0ODMwMjEsImlhdCI6MTY2NTQ4MjcyMSwianRpIjoiYjRjNGRmY2MtYWY0OC00YjhkLTgxMTktY2FhNzllNzA3YjczIiwiaXNzIjoiaHR0cDovLzEwLjM5LjI1MS4xNzM6ODA4MC9yZWFsbXMvbGludXgtZGF0YS1odWIiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMjM2OWY5YjYtYjQ2Yy00YWU2LWJmMDMtYTdmOTkzNDc2MDBmIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibGRoLWNsaWVudCIsInNlc3Npb25fc3RhdGUiOiI5MGM0YzMxYy0yNjc0LTQ1NzgtOTQxNy0yNTQ0ZGI5NmQ0N2QiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly8xMC4zOS4yNTEuMTczOjMwMDAiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwiZGVmYXVsdC1yb2xlcy1saW51eC1kYXRhLWh1YiIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsibGRoLWNsaWVudCI6eyJyb2xlcyI6WyJtYW5hZ2VyIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwic2lkIjoiOTBjNGMzMWMtMjY3NC00NTc4LTk0MTctMjU0NGRiOTZkNDdkIiwicm9sZSI6ImFkbWluMSxhZG1pbjIiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJBYmhpbmFuZGggQiBHIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2FzeSIsImdpdmVuX25hbWUiOiJBYmhpbmFuZGgiLCJmYW1pbHlfbmFtZSI6IkIgRyIsImVtYWlsIjoibGludXhkYXRhaHViQGdtYWlsLmNvbSJ9.kLy86iJnHtRAKMgwl0RinHEg3oxSKlv9Nr75JDiJbkVH9C9oD5EW52EEgDbDdibMarA4qtCocl1ZIsylBcSZCna_SmcoN-LRszUkaP5lSWV7KhqDWhk3brlZ0hOViJByiIi0gCtC1URbY1H1_o7iv-ijUIfp_pDsRhZX_xUC-83byRBdnl4pK44iBiz2cF4ASWQ2-25EMGq1MIxqso8Lqd5QhOlnJPta4iRVTTNpkGFrAlBW6TypjH_QVyl7AT8q1laQPm-dOntwzqAEIj-44hoIxxxonkCkyulxnFQQya5xf4eJXRrc_cC2qVcxy5bJi8XHjZqF7w8OXEyKF37M-Q",
    "expires_in": 300,
    "refresh_expires_in": 1800,
    "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0ZjQzMTRiNi1mNzk4LTQ5OGUtYWVjZi0zODM2MjFlNGU4MWYifQ.eyJleHAiOjE2NjU0ODQ1MjEsImlhdCI6MTY2NTQ4MjcyMSwianRpIjoiNzNjZTgzMTctNWE1Mi00OWRlLWI2OGUtZTQ2OTIzZWYwMzQzIiwiaXNzIjoiaHR0cDovLzEwLjM5LjI1MS4xNzM6ODA4MC9yZWFsbXMvbGludXgtZGF0YS1odWIiLCJhdWQiOiJodHRwOi8vMTAuMzkuMjUxLjE3Mzo4MDgwL3JlYWxtcy9saW51eC1kYXRhLWh1YiIsInN1YiI6IjIzNjlmOWI2LWI0NmMtNGFlNi1iZjAzLWE3Zjk5MzQ3NjAwZiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJsZGgtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6IjkwYzRjMzFjLTI2NzQtNDU3OC05NDE3LTI1NDRkYjk2ZDQ3ZCIsInNjb3BlIjoib3BlbmlkIGVtYWlsIHByb2ZpbGUiLCJzaWQiOiI5MGM0YzMxYy0yNjc0LTQ1NzgtOTQxNy0yNTQ0ZGI5NmQ0N2QifQ.6KqE8kBgVHctlDy8hWYQr7qHQM3NJ-vZ5V7X0LCYnyI",
    "token_type": "Bearer",
    "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiYVZFVm45UEs2dExNaVJTU3pZMGdMdlRUaXBCSDAySjF6a0VKd2xWbUFnIn0.eyJleHAiOjE2NjU0ODMwMjEsImlhdCI6MTY2NTQ4MjcyMSwiYXV0aF90aW1lIjowLCJqdGkiOiJhNjM5NDJiNS0yYmM2LTQ3MTgtYjdkYS1lYmRkNzVjM2M2ZTEiLCJpc3MiOiJodHRwOi8vMTAuMzkuMjUxLjE3Mzo4MDgwL3JlYWxtcy9saW51eC1kYXRhLWh1YiIsImF1ZCI6ImxkaC1jbGllbnQiLCJzdWIiOiIyMzY5ZjliNi1iNDZjLTRhZTYtYmYwMy1hN2Y5OTM0NzYwMGYiLCJ0eXAiOiJJRCIsImF6cCI6ImxkaC1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiOTBjNGMzMWMtMjY3NC00NTc4LTk0MTctMjU0NGRiOTZkNDdkIiwiYXRfaGFzaCI6ImZJeTcwRkQxRjNRbFpBa1diNGp5OVEiLCJhY3IiOiIxIiwic2lkIjoiOTBjNGMzMWMtMjY3NC00NTc4LTk0MTctMjU0NGRiOTZkNDdkIiwicm9sZSI6ImFkbWluMSxhZG1pbjIiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJBYmhpbmFuZGggQiBHIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiY2FzeSIsImdpdmVuX25hbWUiOiJBYmhpbmFuZGgiLCJmYW1pbHlfbmFtZSI6IkIgRyIsImVtYWlsIjoibGludXhkYXRhaHViQGdtYWlsLmNvbSJ9.zTRdESOUaHXSGyPvZMTC_Ed0jjlThUDBVwraLRiJaIMXA3Aa0l3h1Zh7kkQIuiM2DSNnxAdHpcMK-E8XC4lFOiAnIDssRYBvyk4-6E7xkc6Zpqg7b8ivLSQMYyz1I07HfgoIRIMOpeM1sF-T2NmF7nIqsP4NRljwIwQzCWO8qc0UP6JFz_0XdU-93hIE7byTiBHl3aUBjodDNh6A4RONlVOJ5LgmxzT-FNW92A4IkU2djZpz9MaFb53jsu1bDYq6FPaP-lLaw9aJpXS8V_VcazJ4_0xFut1funjzAF3Ef8PlxhQSnAcuidlThu2BPcva7haLKzBcnGGMpb2QcMeztw",
    "not-before-policy": 1665247383,
    "session_state": "90c4c31c-2674-4578-9417-2544db96d47d",
    "scope": "openid email profile"
}

Create Realm

Realm can be created with the necessary parameters, using the admin access token

curl -X POST -k -g -H "Authorization: Bearer $mastertoken" "http://<ip>:<port>/admin/realms" -H "Content-Type: application/json" --data <data-json>

Example for Create Realm REST API

[root@3vcpu-2 NSS]# curl -X POST -k -g -H "Authorization: Bearer $mastertoken" "http://10.39.251.173:8080/admin/realms" -H "Content-Type: application/json" --data '{"id": "linuxdatahub","realm": "linuxdatahub","accessTokenLifespan": 600,"enabled": true,"sslRequired": "all","bruteForceProtected": true,"loginTheme": "keycloak","eventsEnabled": false,"adminEventsEnabled": false}'
[root@3vcpu-2 NSS]# echo $?
0

Create User

Users can be created with necessary attributes, in any realm

curl -k -v http://<ip>:<port>/admin/realms/<realm>/users -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" --data <json-data>

Example for Create User REST API

[root@3vcpu-2 NSS]# curl -k http://10.39.251.173:8080/admin/realms/linuxdatahub/users -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" --data '{ "username": "sample_user", "enabled": true, "realmRoles": [ "user", "offline_access" ], "attributes": { "uid": ["4010"], "homedir": ["/home/sample_user"], "shell": ["/sbin/nologin"] } }'
[root@3vcpu-2 NSS]# echo $?
0

Get User from Realm

Below API command can be used to list the user along with their attributes

 curl -k -X GET http://<ip>:<port>/admin/realms/<realm>/users -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Get Users from Realm REST API

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/users -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" 
[
    {
        "id": "05029cb2-524e-476f-91b3-43d95f16984d",
        "createdTimestamp": 1664086831832,
        "username": "sample_user",
        "enabled": true,
        "totp": false,
        "emailVerified": false,
        "attributes": {
            "uid": [
                "4010"
            ],
            "shell": [
                "/sbin/nologin"
            ],
            "homedir": [
                "/home/sample_user"
            ]
        },
        "disableableCredentialTypes": [],
        "requiredActions": [],
        "notBefore": 0,
        "access": {
            "manageGroupMembership": true,
            "view": true,
            "mapRoles": true,
            "impersonate": true,
            "manage": true
        }
    }

Get User Count from Realm

Below API command can be used to get the count of the user from a realm

curl -k -X GET http://<ip>:<port>/admin/realms/<realm>/users/count -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Get Users Count from Realm REST API

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/users/count -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
2

Get Representation of the User

Below API command will list the details of a user in the realm

 curl -k -X GET http://<ip>:<port>/admin/realms/<realm-name>/users/<id of user> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example of Get Representation of the User

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
{
    "id": "05029cb2-524e-476f-91b3-43d95f16984d",
    "createdTimestamp": 1664086831832,
    "username": "sample_user",
    "enabled": true,
    "totp": false,
    "emailVerified": false,
    "attributes": {
        "uid": [
            "4010"
        ],
        "shell": [
            "/sbin/nologin"
        ],
        "homedir": [
            "/home/sample_user"
        ]
    },
    "disableableCredentialTypes": [],
    "requiredActions": [],
    "notBefore": 0,
    "access": {
        "manageGroupMembership": true,
        "view": true,
        "mapRoles": true,
        "impersonate": true,
        "manage": true
    }
}

Update the User

Below API command with the id of the user can be used to update the details of an existing user

curl -k -X PUT http://<ip>:<port>/admin/realms/<realm-name>/users/<id of user> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" --data <json-data>

Example of Update the User REST API

In the below example, uid , shell and homedir attributes are getting modified

[root@3vcpu-2 NSS]# curl -k -X PUT http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" --data '{ "username": "sample_user", "enabled": true, "attributes": { "uid": ["40110"], "homedir": ["/home/sample_user2"], "shell": ["/sbin/nologin2"] } 
}'
[root@3vcpu-2 NSS]# echo $?
0

Delete the User

Below API command can be used to delete the user from a realm

curl -X DELETE http://<ip>:<port>/admin/realms/<realm-name>/users/<id> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example of Delete User REST API

[root@3vcpu-2 NSS]# curl -X DELETE http://10.39.251.173:8080/admin/realms/linuxdatahub/users/e0508a11-3da5-4e2c-bf8f-4f9d81b4bd00 -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[root@3vcpu-2 NSS]# echo $?
0

Get Details of User Credentials

For obvious reasons, keycloak wont return the user credentials, but will return details of the credentials set for the user

curl -k -X GET http://<ip>:<port>/admin/realms/<realm-name>/users/<id of the user>/credentials -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Getting Details of User Credentials

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d/credentials -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[
    {
        "id": "b3598093-3f97-448c-9e17-c6a25b8f91b5",
        "type": "password",
        "createdDate": 1664094085833,
        "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
    }
]

Delete User Credentials

Below curl command will delete the existing credential of a user (pass user-id), but credentials id need to be passed. Credentials Id can be obtained using about REST API command

 curl -k -X DELETE http://<ip>:<port>/admin/realms/<realm-name>/users/<user-id>/credentials/<credential-id> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Delete User Credentials REST API

[root@3vcpu-2 NSS]# curl -k -X DELETE http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d/credentials/407a7749-4c31-42a1-85c2-819d986a5e46 -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[root@3vcpu-2 NSS]#echo $?
0

Get List of Groups of a User

Below  command will list the groups of a user

curl -k -X GET http://<ip>:<port>/admin/realms/<realm>/users/<user-id>/groups -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example command for getting list of groups of  a user

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d/groups -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[
    {
        "id": "129398bc-5c80-4411-a623-c65791400271",
        "name": "LDHGroup",
        "path": "/LDHGroup"
    },
    {
        "id": "6f58f83c-141f-450d-8625-29db92b0bd5d",
        "name": "test",
        "path": "/test"
    }
]

Get Group count of a user

Below curl command will list the number of groups that a user is part of

curl -k -X GET http://<ip>:<port>/admin/realms/<realm-name>/users/<user-id>/groups/count -H "Content-Type:application/json" -H "Authorization: bearer $mastertoken"

Example Count for getting group count of a user

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d/groups/count -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
{"count":2}

Add a Group to the user

We need to user PUT and  provide the group-id of the new user which we need to the user to be part of.

 curl -k -X PUT http://10.39.251.173:8080/admin/realms/<realm-name>/users/<user-id>/groups/<group-id> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example REST API command to add group to user

[root@3vcpu-2 NSS]# curl -k -X PUT http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d/groups/ac6f6d6c-c65a-4dd0-8d99-35c071bae445 -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[root@3vcpu-2 NSS]# echo $?
0

Delete a group from a user

We need to user DELETE and  provide the group-id of the group which need to be removed from the user

curl -k -X DELETE http://<ip>:<port>/admin/realms/<realm-name>/users/<user-id>/groups/<group-id> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example REST API command to delete group from a user

[root@3vcpu-2 NSS]# curl -k -X DELETE http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d/groups/ac6f6d6c-c65a-4dd0-8d99-35c071bae445 -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[root@3vcpu-2 NSS]# echo $?
0

Reset Password of a user

We need to provide user-id and the json file with the details of the new password in the command

 curl -k -X PUT http://<ip>:<port>/admin/realms/<realm-name>/users/<user-id>/reset-password -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" --data <json-data>

Example API command for Reset Password

[root@3vcpu-2 NSS]# curl -k -X PUT http://10.39.251.173:8080/admin/realms/linuxdatahub/users/05029cb2-524e-476f-91b3-43d95f16984d/reset-password -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" --data '{ "type": "password", "temporary": false, "value": "my-new-password" }'
[root@3vcpu-2 NSS]# echo $?
0

Query user based on Username

Below command can be used query used from the realm based on the username

[root@3vcpu-2 NSS]#curl -k -X GET "http://<ip>:<port>/admin/realms/<realm>/users?q=username:"<query-value>"&exact=true" -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example API command fetching user based on Username Query

[root@3vcpu-2 NSS]#[root@3vcpu-2 NSS]#curl -k -X GET "http://<ip>:<port>/admin/realms/linux-data-hub/users?q=username:"casy"&exact=true" -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[
    {
        "id": "2369f9b6-b46c-4ae6-bf03-a7f99347600f",
        "createdTimestamp": 1665246486154,
        "username": "casy",
        "enabled": true,
        "totp": false,
        "emailVerified": false,
        "firstName": "Sample",
        "lastName": "test",
        "email": "[email protected]",
        "attributes": {
            "clubs": [
                "Santos,FC Barcelona,borussia dortmund fc"
            ]
        },
        "disableableCredentialTypes": [],
        "requiredActions": [],
        "notBefore": 1665247383,
        "access": {
            "manageGroupMembership": true,
            "view": true,
            "mapRoles": true,
            "impersonate": true,
            "manage": true
        }
    }
]

Query User based on User Attributes

Users can be queried based on the user attributes

[root@3vcpu-2 NSS]#curl -k -X GET "http://<ip>:<port>/admin/realms/<realm>/users?q=<query-parameter>:"<query-value>"&exact=true" -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Query User based on User Attributes

Below example shows fetching user based on attributes. In the Realm, the user nova is having attribute key as cement and attribute value as ramco

[root@abhi-rocky ~]# curl -k -X GET "http://10.39.251.173:8080/admin/realms/linux-data-hub/users?q=cement:"ramco"&exact=true" -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[
{
"id": "47af2295-43b3-4cfa-b202-9141c4f40b2f",
"createdTimestamp": 1665246691756,
"username": "nova",
"enabled": true,
"totp": false,
"emailVerified": false,
"attributes": {
"cement": [
"Ramco"
]
},
"disableableCredentialTypes": [],
"requiredActions": [],
"notBefore": 0,
"access": {
"manageGroupMembership": true,
"view": true,
"mapRoles": true,
"impersonate": true,
"manage": true
}
}
]

Create Group

Groups can be created with necessary attributes, in any realm

curl -k -v http://<ip>:<port>/admin/realms/<realm>/groups -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" --data <json-data>

Example for Create Group REST API

[root@3vcpu-2 NSS]# curl -k http://10.39.251.173:8080/admin/realms/linuxdatahub/groups -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" --data '{"name":"LDHGroup","attributes":{"gid":["1243"]}}'
[root@3vcpu-2 NSS]# echo $?
0

Get Group from Realm

Below API command will return the available groups in the realm, but without attributes

curl -k -X GET http://<ip>:<port>/admin/realms/<realm-name>/groups -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Get Group from Realm REST API

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/groups -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" 
[
    {
        "id": "129398bc-5c80-4411-a623-c65791400271",
        "name": "LDHGroup",
        "path": "/LDHGroup",
        "subGroups": []
    }
]

Get Group attributes from Realm

Below API command should be used for getting group attributes. We will have to use the group id  which we got from the above REST API command output

curl -k -X GET http://<ip>:<port>/admin/realms/<realm-name>/groups/<id> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Get Group attributes from Realm REST API

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/groups/129398bc-5c80-4411-a623-c65791400271 -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" 
{
    "id": "129398bc-5c80-4411-a623-c65791400271",
    "name": "LDHGroup",
    "path": "/LDHGroup",
    "attributes": {
        "gid": [
            "1243"
        ]
    },
    "realmRoles": [],
    "clientRoles": {},
    "subGroups": [],
    "access": {
        "view": true,
        "manage": true,
        "manageMembership": true
    }
}

Get Members from  Group

Below API command can be used to list the members of a Group. Group Id have to be provided instead of Group name

curl -k -X GET http://<ip>:<port>/admin/realms/<realm-name>/groups/<id>/members -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Get Members from Group REST API

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/groups/129398bc-5c80-4411-a623-c65791400271/members -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" 
[
    {
        "id": "05029cb2-524e-476f-91b3-43d95f16984d",
        "createdTimestamp": 1664086831832,
        "username": "sample_user",
        "enabled": true,
        "totp": false,
        "emailVerified": false,
        "attributes": {
            "uid": [
                "4010"
            ],
            "shell": [
                "/sbin/nologin"
            ],
            "homedir": [
                "/home/sample_user"
            ]
        },
        "disableableCredentialTypes": [],
        "requiredActions": [],
        "notBefore": 0
    },
    {
        "id": "e0508a11-3da5-4e2c-bf8f-4f9d81b4bd00",
        "createdTimestamp": 1664090353885,
        "username": "test",
        "enabled": true,
        "totp": false,
        "emailVerified": false,
        "disableableCredentialTypes": [],
        "requiredActions": [],
        "notBefore": 0
    }
]

Get Group Count

Below API command will list the count of group available in the realm

curl -k -X GET http://<ip>:<port>/admin/realms/<realm-name>/groups/count -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Get Group Count REST API

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linuxdatahub/groups/count -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" 
{"count":2}

Delete Group from Realm

Below API command can be used to delete group from realm. Id need to be provided in the API command

curl -X DELETE http://<ip>:<port>/admin/realms/<realm-name>/groups/<id> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Delete Group REST API

[root@3vcpu-2 NSS]# curl -X DELETE http://10.39.251.173:8080/admin/realms/linuxdatahub/groups/e91fa9f7-ad22-4029-8e25-bedf4be62f7c -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken" 
[root@3vcpu-2 NSS]# echo $?
0

Search Group from Realm

Below API command can be used to search group from the keycloak

curl -k -X GET http://<ip>:<port>/admin/realms/<realm-name>/groups?search=<search-query> -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"

Example for Search Group REST API

[root@3vcpu-2 NSS]# curl -k -X GET http://10.39.251.173:8080/admin/realms/linux-data-hub/groups?search=LDHGroup -H "Content-Type: application/json" -H "Authorization: bearer $mastertoken"
[
    {
        "id": "958bc34e-041d-4ed7-94ad-d310d8099d9e",
        "name": "LDHGroup",
        "path": "/LDHGroup",
        "subGroups": []
    }
]

 

Search on LinuxDataHub

2 thoughts on “Keycloak REST API Commands Cheat Sheet With Examples”

Leave a Comment