Keycloak · Capability

Keycloak Admin REST API — Clients

Keycloak Admin REST API — Clients. 7 operations. Lead operation: Keycloak List clients. Self-contained Naftiko capability covering one Keycloak business surface.

Run with Naftiko KeycloakClients

What You Can Do

GET
Getclients — Keycloak List clients
/v1/{realm}/clients
POST
Createclient — Keycloak Create a new client
/v1/{realm}/clients
GET
Getclient — Keycloak Get a client
/v1/{realm}/clients/{clientuuid}
PUT
Updateclient — Keycloak Update a client
/v1/{realm}/clients/{clientuuid}
DELETE
Deleteclient — Keycloak Delete a client
/v1/{realm}/clients/{clientuuid}
GET
Getclientsecret — Keycloak Get the client secret
/v1/{realm}/clients/{clientuuid}/client-secret
POST
Regenerateclientsecret — Keycloak Regenerate the client secret
/v1/{realm}/clients/{clientuuid}/client-secret

MCP Tools

keycloak-list-clients

Keycloak List clients

read-only idempotent
keycloak-create-new-client

Keycloak Create a new client

keycloak-get-client

Keycloak Get a client

read-only idempotent
keycloak-update-client

Keycloak Update a client

idempotent
keycloak-delete-client

Keycloak Delete a client

idempotent
keycloak-get-client-secret

Keycloak Get the client secret

read-only idempotent
keycloak-regenerate-client-secret

Keycloak Regenerate the client secret

Capability Spec

admin-rest-clients.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Keycloak Admin REST API — Clients
  description: 'Keycloak Admin REST API — Clients. 7 operations. Lead operation: Keycloak List clients. Self-contained Naftiko
    capability covering one Keycloak business surface.'
  tags:
  - Keycloak
  - Clients
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    KEYCLOAK_API_KEY: KEYCLOAK_API_KEY
capability:
  consumes:
  - type: http
    namespace: admin-rest-clients
    baseUri: https://{host}/admin/realms
    description: Keycloak Admin REST API — Clients business capability. Self-contained, no shared references.
    resources:
    - name: realm-clients
      path: /{realm}/clients
      operations:
      - name: getclients
        method: GET
        description: Keycloak List clients
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: clientId
          in: query
          type: string
          description: Filter by clientId
        - name: search
          in: query
          type: boolean
        - name: first
          in: query
          type: integer
        - name: max
          in: query
          type: integer
        - name: viewableOnly
          in: query
          type: boolean
      - name: createclient
        method: POST
        description: Keycloak Create a new client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: realm-clients-clientUuid
      path: /{realm}/clients/{clientUuid}
      operations:
      - name: getclient
        method: GET
        description: Keycloak Get a client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateclient
        method: PUT
        description: Keycloak Update a client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deleteclient
        method: DELETE
        description: Keycloak Delete a client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-clients-clientUuid-client-secret
      path: /{realm}/clients/{clientUuid}/client-secret
      operations:
      - name: getclientsecret
        method: GET
        description: Keycloak Get the client secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: regenerateclientsecret
        method: POST
        description: Keycloak Regenerate the client secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: bearer
      token: '{{env.KEYCLOAK_API_KEY}}'
  exposes:
  - type: rest
    namespace: admin-rest-clients-rest
    port: 8080
    description: REST adapter for Keycloak Admin REST API — Clients. One Spectral-compliant resource per consumed operation,
      prefixed with /v1.
    resources:
    - path: /v1/{realm}/clients
      name: realm-clients
      description: REST surface for realm-clients.
      operations:
      - method: GET
        name: getclients
        description: Keycloak List clients
        call: admin-rest-clients.getclients
        with:
          clientId: rest.clientId
          search: rest.search
          first: rest.first
          max: rest.max
          viewableOnly: rest.viewableOnly
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createclient
        description: Keycloak Create a new client
        call: admin-rest-clients.createclient
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/{realm}/clients/{clientuuid}
      name: realm-clients-clientuuid
      description: REST surface for realm-clients-clientUuid.
      operations:
      - method: GET
        name: getclient
        description: Keycloak Get a client
        call: admin-rest-clients.getclient
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updateclient
        description: Keycloak Update a client
        call: admin-rest-clients.updateclient
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteclient
        description: Keycloak Delete a client
        call: admin-rest-clients.deleteclient
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/{realm}/clients/{clientuuid}/client-secret
      name: realm-clients-clientuuid-client-secret
      description: REST surface for realm-clients-clientUuid-client-secret.
      operations:
      - method: GET
        name: getclientsecret
        description: Keycloak Get the client secret
        call: admin-rest-clients.getclientsecret
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: regenerateclientsecret
        description: Keycloak Regenerate the client secret
        call: admin-rest-clients.regenerateclientsecret
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: admin-rest-clients-mcp
    port: 9090
    transport: http
    description: MCP adapter for Keycloak Admin REST API — Clients. One tool per consumed operation, routed inline through
      this capability's consumes block.
    tools:
    - name: keycloak-list-clients
      description: Keycloak List clients
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-rest-clients.getclients
      with:
        clientId: tools.clientId
        search: tools.search
        first: tools.first
        max: tools.max
        viewableOnly: tools.viewableOnly
      outputParameters:
      - type: object
        mapping: $.
    - name: keycloak-create-new-client
      description: Keycloak Create a new client
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: admin-rest-clients.createclient
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: keycloak-get-client
      description: Keycloak Get a client
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-rest-clients.getclient
      outputParameters:
      - type: object
        mapping: $.
    - name: keycloak-update-client
      description: Keycloak Update a client
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: admin-rest-clients.updateclient
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: keycloak-delete-client
      description: Keycloak Delete a client
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: admin-rest-clients.deleteclient
      outputParameters:
      - type: object
        mapping: $.
    - name: keycloak-get-client-secret
      description: Keycloak Get the client secret
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: admin-rest-clients.getclientsecret
      outputParameters:
      - type: object
        mapping: $.
    - name: keycloak-regenerate-client-secret
      description: Keycloak Regenerate the client secret
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: admin-rest-clients.regenerateclientsecret
      outputParameters:
      - type: object
        mapping: $.