Identity, OIDC client, and realm management API used by the TARDIS control plane and the Open Telekom Integration Platform's Keycloak-based identity layer.
TARDIS Identity API is one of 20 APIs that Deutsche Telekom publishes on the APIs.io network, described by a machine-readable OpenAPI specification.
Tagged areas include Identity, OIDC, Internal Developer Platform, and TARDIS. The published artifact set on APIs.io includes an OpenAPI specification.
# Copyright 2025 Deutsche Telekom IT GmbH
#
# SPDX-License-Identifier: Apache-2.0
# kics-scan ignore
{
"openapi": "3.0.2",
"info": {
"title": "Keycloak Admin REST API",
"description": "This is a REST API reference for the Keycloak Admin",
"version": "1"
},
"paths": {
"/": {
"get": {
"tags": [
"Root"
],
"summary": "Get themes, social providers, auth providers, and event listeners available on this server",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ServerInfoRepresentation"
}
}
}
}
}
},
"post": {
"tags": [
"Realms Admin"
],
"summary": "Import a realm Imports a realm from a full representation of that realm.",
"requestBody": {
"description": "JSON representation of the realm",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RealmRepresentation"
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
}
},
"/{id}/name": {
"get": {
"tags": [
"User Storage Provider"
],
"summary": "Need this for admin console to display simple name of provider when displaying client detail KEYCLOAK-4328",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "object",
"additionalProperties": true
}
}
}
}
}
},
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}": {
"get": {
"tags": [
"Realms Admin"
],
"summary": "Get the top-level representation of the realm It will not include nested information like User and Client representations.",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RealmRepresentation"
}
}
}
}
}
},
"put": {
"tags": [
"Realms Admin"
],
"summary": "Update the top-level information of the realm Any user, roles or client information in the representation will be ignored.",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RealmRepresentation"
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"delete": {
"tags": [
"Realms Admin"
],
"summary": "Delete the realm",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/admin-events": {
"get": {
"tags": [
"Realms Admin"
],
"summary": "Get admin events Returns all admin events, or filters events based on URL query parameters listed here",
"parameters": [
{
"in": "query",
"name": "authClient",
"schema": {
"type": "string"
},
"style": "form"
},
{
"in": "query",
"name": "authIpAddress",
"schema": {
"type": "string"
},
"style": "form"
},
{
"in": "query",
"name": "authRealm",
"schema": {
"type": "string"
},
"style": "form"
},
{
"in": "query",
"name": "authUser",
"description": "user id",
"schema": {
"type": "string"
},
"style": "form"
},
{
"in": "query",
"name": "dateFrom",
"schema": {
"type": "string"
},
"style": "form"
},
{
"in": "query",
"name": "dateTo",
"schema": {
"type": "string"
},
"style": "form"
},
{
"in": "query",
"name": "first",
"schema": {
"type": "integer",
"format": "int32"
},
"style": "form"
},
{
"in": "query",
"name": "max",
"description": "Maximum results size (defaults to 100)",
"schema": {
"type": "integer",
"format": "int32"
},
"style": "form"
},
{
"in": "query",
"name": "operationTypes",
"schema": {
"type": "array",
"items": {
"type": "string"
}
},
"style": "form"
},
{
"in": "query",
"name": "resourcePath",
"schema": {
"type": "string"
},
"style": "form"
},
{
"in": "query",
"name": "resourceTypes",
"schema": {
"type": "array",
"items": {
"type": "string"
}
},
"style": "form"
}
],
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AdminEventRepresentation"
}
}
}
}
}
}
},
"delete": {
"tags": [
"Realms Admin"
],
"summary": "Delete all admin events",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/attack-detection/brute-force/users": {
"delete": {
"tags": [
"Attack Detection"
],
"summary": "Clear any user login failures for all users This can release temporary disabled users",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/attack-detection/brute-force/users/{userId}": {
"get": {
"tags": [
"Attack Detection"
],
"summary": "Get status of a username in brute force detection",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "object",
"additionalProperties": true
}
}
}
}
}
},
"delete": {
"tags": [
"Attack Detection"
],
"summary": "Clear any user login failures for the user This can release temporary disabled user",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "userId",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/authenticator-providers": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get authenticator providers Returns a list of authenticator providers.",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
}
}
}
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/client-authenticator-providers": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get client authenticator providers Returns a list of client authenticator providers.",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
}
}
}
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/config-description/{providerId}": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get authenticator provider’s configuration description",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorConfigInfoRepresentation"
}
}
}
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "providerId",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/config/{id}": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get authenticator configuration",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorConfigRepresentation"
}
}
}
}
}
},
"put": {
"tags": [
"Authentication Management"
],
"summary": "Update authenticator configuration",
"requestBody": {
"description": "JSON describing new state of authenticator configuration",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorConfigRepresentation"
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"delete": {
"tags": [
"Authentication Management"
],
"summary": "Delete authenticator configuration",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "id",
"description": "Configuration id",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/executions": {
"post": {
"tags": [
"Authentication Management"
],
"summary": "Add new authentication execution",
"requestBody": {
"description": "JSON model describing authentication execution",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationExecutionRepresentation"
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/executions/{executionId}": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get Single Execution",
"responses": {
"2XX": {
"description": "success"
}
}
},
"delete": {
"tags": [
"Authentication Management"
],
"summary": "Delete execution",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "executionId",
"description": "Execution id",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/executions/{executionId}/config": {
"post": {
"tags": [
"Authentication Management"
],
"summary": "Update execution with new configuration",
"requestBody": {
"description": "JSON with new configuration",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticatorConfigRepresentation"
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "executionId",
"description": "Execution id",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/executions/{executionId}/lower-priority": {
"post": {
"tags": [
"Authentication Management"
],
"summary": "Lower execution’s priority",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "executionId",
"description": "Execution id",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/executions/{executionId}/raise-priority": {
"post": {
"tags": [
"Authentication Management"
],
"summary": "Raise execution’s priority",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "executionId",
"description": "Execution id",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/flows": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get authentication flows Returns a list of authentication flows.",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AuthenticationFlowRepresentation"
}
}
}
}
}
}
},
"post": {
"tags": [
"Authentication Management"
],
"summary": "Create a new authentication flow",
"requestBody": {
"description": "Authentication flow representation",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationFlowRepresentation"
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/flows/{flowAlias}/copy": {
"post": {
"tags": [
"Authentication Management"
],
"summary": "Copy existing authentication flow under a new name The new name is given as 'newName' attribute of the passed JSON object",
"requestBody": {
"description": "JSON containing 'newName' attribute",
"content": {
"application/json": {
"schema": {
"type": "object",
"additionalProperties": true
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "flowAlias",
"description": "Name of the existing authentication flow",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/flows/{flowAlias}/executions": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get authentication executions for a flow",
"responses": {
"2XX": {
"description": "success"
}
}
},
"put": {
"tags": [
"Authentication Management"
],
"summary": "Update authentication executions of a flow",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationExecutionInfoRepresentation"
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "flowAlias",
"description": "Flow alias",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/flows/{flowAlias}/executions/execution": {
"post": {
"tags": [
"Authentication Management"
],
"summary": "Add new authentication execution to a flow",
"requestBody": {
"description": "New execution JSON data containing 'provider' attribute",
"content": {
"application/json": {
"schema": {
"type": "object",
"additionalProperties": true
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "flowAlias",
"description": "Alias of parent flow",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/flows/{flowAlias}/executions/flow": {
"post": {
"tags": [
"Authentication Management"
],
"summary": "Add new flow with new execution to existing flow",
"requestBody": {
"description": "New authentication flow / execution JSON data containing 'alias', 'type', 'provider', and 'description' attributes",
"content": {
"application/json": {
"schema": {
"type": "object",
"additionalProperties": true
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "flowAlias",
"description": "Alias of parent authentication flow",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/flows/{id}": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get authentication flow for id",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationFlowRepresentation"
}
}
}
}
}
},
"put": {
"tags": [
"Authentication Management"
],
"summary": "Update an authentication flow",
"requestBody": {
"description": "Authentication flow representation",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationFlowRepresentation"
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"delete": {
"tags": [
"Authentication Management"
],
"summary": "Delete an authentication flow",
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
},
{
"in": "path",
"name": "id",
"description": "Flow id",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/form-action-providers": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get form action providers Returns a list of form action providers.",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
}
}
}
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/form-providers": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get form providers Returns a list of form providers.",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": true
}
}
}
}
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/per-client-config-description": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get configuration descriptions for all clients",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "object",
"additionalProperties": true
}
}
}
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/register-required-action": {
"post": {
"tags": [
"Authentication Management"
],
"summary": "Register a new required actions",
"requestBody": {
"description": "JSON containing 'providerId', and 'name' attributes.",
"content": {
"application/json": {
"schema": {
"type": "object",
"additionalProperties": true
}
}
},
"required": true
},
"responses": {
"2XX": {
"description": "success"
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/required-actions": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get required actions Returns a list of required actions.",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/RequiredActionProviderRepresentation"
}
}
}
}
}
}
},
"parameters": [
{
"in": "path",
"name": "realm",
"description": "realm name (not id!)",
"required": true,
"schema": {
"type": "string"
},
"style": "simple"
}
]
},
"/{realm}/authentication/required-actions/{alias}": {
"get": {
"tags": [
"Authentication Management"
],
"summary": "Get required action for alias",
"responses": {
"2XX": {
"description": "success",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RequiredActionProviderRepresentation"
}
}
}
}
}
},
"put": {
"tags": [
"Authentication Management"
],
"summary": "Update required action",
"requestBody": {
"description": "JSON describing new state of required action",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RequiredActionProviderRepresentation"
}
}
},
"required": true
},
"
# --- truncated at 32 KB (322 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/deutsche-telekom/refs/heads/main/openapi/controlplane-identity-openapi.yml