Keycloak Admin REST API

naftiko: 1.0.0-alpha2
info:
  label: Keycloak Admin REST API
  description: The Keycloak Admin REST API provides endpoints for managing all aspects of a Keycloak deployment, including
    realms, users, clients, roles, groups, and identity providers. All endpoints require authentication via a bearer token
    obtained from the Keycloak token endpoint.
  tags:
  - Keycloak
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: keycloak
    baseUri: https://localhost:8080/admin/realms
    description: Keycloak Admin REST API HTTP API.
    authentication:
      type: bearer
      token: '{{KEYCLOAK_TOKEN}}'
    resources:
    - name: resource
      path: /
      operations:
      - name: getrealms
        method: GET
        description: Keycloak List all realms
        inputParameters:
        - name: briefRepresentation
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm
      path: /{realm}
      operations:
      - name: getrealm
        method: GET
        description: Keycloak Get a realm
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updaterealm
        method: PUT
        description: Keycloak Update a realm
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleterealm
        method: DELETE
        description: Keycloak Delete a realm
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-users
      path: /{realm}/users
      operations:
      - name: getusers
        method: GET
        description: Keycloak List users
        inputParameters:
        - name: search
          in: query
          type: string
          description: Search string for username, first name, last name, or email
        - name: username
          in: query
          type: string
        - name: email
          in: query
          type: string
        - name: firstName
          in: query
          type: string
        - name: lastName
          in: query
          type: string
        - name: enabled
          in: query
          type: boolean
        - name: first
          in: query
          type: integer
          description: Pagination offset
        - name: max
          in: query
          type: integer
          description: Maximum results size
        - name: briefRepresentation
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createuser
        method: POST
        description: Keycloak Create a new user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-users-userid
      path: /{realm}/users/{userId}
      operations:
      - name: getuser
        method: GET
        description: Keycloak Get a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateuser
        method: PUT
        description: Keycloak Update a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteuser
        method: DELETE
        description: Keycloak Delete a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-users-userid-role-mappings-realm
      path: /{realm}/users/{userId}/role-mappings/realm
      operations:
      - name: getuserrealmrolemappings
        method: GET
        description: Keycloak Get realm-level role mappings for a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: adduserrealmrolemappings
        method: POST
        description: Keycloak Add realm-level role mappings to a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteuserrealmrolemappings
        method: DELETE
        description: Keycloak Remove realm-level role mappings from a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-users-userid-groups
      path: /{realm}/users/{userId}/groups
      operations:
      - name: getusergroups
        method: GET
        description: Keycloak Get groups for a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-users-userid-groups-groupid
      path: /{realm}/users/{userId}/groups/{groupId}
      operations:
      - name: addusertogroup
        method: PUT
        description: Keycloak Add a user to a group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: removeuserfromgroup
        method: DELETE
        description: Keycloak Remove a user from a group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-users-userid-reset-password
      path: /{realm}/users/{userId}/reset-password
      operations:
      - name: resetuserpassword
        method: PUT
        description: Keycloak Reset a user's password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-clients
      path: /{realm}/clients
      operations:
      - name: getclients
        method: GET
        description: Keycloak List clients
        inputParameters:
        - name: clientId
          in: query
          type: string
          description: Filter by clientId
        - name: search
          in: query
          type: boolean
        - name: first
          in: query
          type: integer
        - name: max
          in: query
          type: integer
        - name: viewableOnly
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createclient
        method: POST
        description: Keycloak Create a new client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-clients-clientuuid
      path: /{realm}/clients/{clientUuid}
      operations:
      - name: getclient
        method: GET
        description: Keycloak Get a client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateclient
        method: PUT
        description: Keycloak Update a client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteclient
        method: DELETE
        description: Keycloak Delete a client
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-clients-clientuuid-client-secret
      path: /{realm}/clients/{clientUuid}/client-secret
      operations:
      - name: getclientsecret
        method: GET
        description: Keycloak Get the client secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: regenerateclientsecret
        method: POST
        description: Keycloak Regenerate the client secret
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-roles
      path: /{realm}/roles
      operations:
      - name: getroles
        method: GET
        description: Keycloak List realm-level roles
        inputParameters:
        - name: search
          in: query
          type: string
        - name: first
          in: query
          type: integer
        - name: max
          in: query
          type: integer
        - name: briefRepresentation
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createrole
        method: POST
        description: Keycloak Create a realm-level role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-roles-rolename
      path: /{realm}/roles/{roleName}
      operations:
      - name: getrole
        method: GET
        description: Keycloak Get a realm-level role by name
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updaterole
        method: PUT
        description: Keycloak Update a realm-level role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleterole
        method: DELETE
        description: Keycloak Delete a realm-level role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-groups
      path: /{realm}/groups
      operations:
      - name: getgroups
        method: GET
        description: Keycloak List groups
        inputParameters:
        - name: search
          in: query
          type: string
        - name: first
          in: query
          type: integer
        - name: max
          in: query
          type: integer
        - name: briefRepresentation
          in: query
          type: boolean
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: creategroup
        method: POST
        description: Keycloak Create a top-level group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-groups-groupid
      path: /{realm}/groups/{groupId}
      operations:
      - name: getgroup
        method: GET
        description: Keycloak Get a group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updategroup
        method: PUT
        description: Keycloak Update a group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deletegroup
        method: DELETE
        description: Keycloak Delete a group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-groups-groupid-children
      path: /{realm}/groups/{groupId}/children
      operations:
      - name: createchildgroup
        method: POST
        description: Keycloak Create a child group
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-groups-groupid-members
      path: /{realm}/groups/{groupId}/members
      operations:
      - name: getgroupmembers
        method: GET
        description: Keycloak Get members of a group
        inputParameters:
        - name: first
          in: query
          type: integer
        - name: max
          in: query
          type: integer
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-identity-provider-instances
      path: /{realm}/identity-provider/instances
      operations:
      - name: getidentityproviders
        method: GET
        description: Keycloak List identity providers
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createidentityprovider
        method: POST
        description: Keycloak Create an identity provider
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: realm-identity-provider-instances-alias
      path: /{realm}/identity-provider/instances/{alias}
      operations:
      - name: getidentityprovider
        method: GET
        description: Keycloak Get an identity provider
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateidentityprovider
        method: PUT
        description: Keycloak Update an identity provider
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteidentityprovider
        method: DELETE
        description: Keycloak Delete an identity provider
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: keycloak-rest
    description: REST adapter for Keycloak Admin REST API.
    resources:
    - path: /
      name: getrealms
      operations:
      - method: GET
        name: getrealms
        description: Keycloak List all realms
        call: keycloak.getrealms
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}
      name: getrealm
      operations:
      - method: GET
        name: getrealm
        description: Keycloak Get a realm
        call: keycloak.getrealm
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}
      name: updaterealm
      operations:
      - method: PUT
        name: updaterealm
        description: Keycloak Update a realm
        call: keycloak.updaterealm
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}
      name: deleterealm
      operations:
      - method: DELETE
        name: deleterealm
        description: Keycloak Delete a realm
        call: keycloak.deleterealm
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users
      name: getusers
      operations:
      - method: GET
        name: getusers
        description: Keycloak List users
        call: keycloak.getusers
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users
      name: createuser
      operations:
      - method: POST
        name: createuser
        description: Keycloak Create a new user
        call: keycloak.createuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}
      name: getuser
      operations:
      - method: GET
        name: getuser
        description: Keycloak Get a user
        call: keycloak.getuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}
      name: updateuser
      operations:
      - method: PUT
        name: updateuser
        description: Keycloak Update a user
        call: keycloak.updateuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}
      name: deleteuser
      operations:
      - method: DELETE
        name: deleteuser
        description: Keycloak Delete a user
        call: keycloak.deleteuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}/role-mappings/realm
      name: getuserrealmrolemappings
      operations:
      - method: GET
        name: getuserrealmrolemappings
        description: Keycloak Get realm-level role mappings for a user
        call: keycloak.getuserrealmrolemappings
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}/role-mappings/realm
      name: adduserrealmrolemappings
      operations:
      - method: POST
        name: adduserrealmrolemappings
        description: Keycloak Add realm-level role mappings to a user
        call: keycloak.adduserrealmrolemappings
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}/role-mappings/realm
      name: deleteuserrealmrolemappings
      operations:
      - method: DELETE
        name: deleteuserrealmrolemappings
        description: Keycloak Remove realm-level role mappings from a user
        call: keycloak.deleteuserrealmrolemappings
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}/groups
      name: getusergroups
      operations:
      - method: GET
        name: getusergroups
        description: Keycloak Get groups for a user
        call: keycloak.getusergroups
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}/groups/{groupId}
      name: addusertogroup
      operations:
      - method: PUT
        name: addusertogroup
        description: Keycloak Add a user to a group
        call: keycloak.addusertogroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}/groups/{groupId}
      name: removeuserfromgroup
      operations:
      - method: DELETE
        name: removeuserfromgroup
        description: Keycloak Remove a user from a group
        call: keycloak.removeuserfromgroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/users/{userId}/reset-password
      name: resetuserpassword
      operations:
      - method: PUT
        name: resetuserpassword
        description: Keycloak Reset a user's password
        call: keycloak.resetuserpassword
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/clients
      name: getclients
      operations:
      - method: GET
        name: getclients
        description: Keycloak List clients
        call: keycloak.getclients
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/clients
      name: createclient
      operations:
      - method: POST
        name: createclient
        description: Keycloak Create a new client
        call: keycloak.createclient
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/clients/{clientUuid}
      name: getclient
      operations:
      - method: GET
        name: getclient
        description: Keycloak Get a client
        call: keycloak.getclient
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/clients/{clientUuid}
      name: updateclient
      operations:
      - method: PUT
        name: updateclient
        description: Keycloak Update a client
        call: keycloak.updateclient
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/clients/{clientUuid}
      name: deleteclient
      operations:
      - method: DELETE
        name: deleteclient
        description: Keycloak Delete a client
        call: keycloak.deleteclient
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/clients/{clientUuid}/client-secret
      name: getclientsecret
      operations:
      - method: GET
        name: getclientsecret
        description: Keycloak Get the client secret
        call: keycloak.getclientsecret
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/clients/{clientUuid}/client-secret
      name: regenerateclientsecret
      operations:
      - method: POST
        name: regenerateclientsecret
        description: Keycloak Regenerate the client secret
        call: keycloak.regenerateclientsecret
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/roles
      name: getroles
      operations:
      - method: GET
        name: getroles
        description: Keycloak List realm-level roles
        call: keycloak.getroles
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/roles
      name: createrole
      operations:
      - method: POST
        name: createrole
        description: Keycloak Create a realm-level role
        call: keycloak.createrole
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/roles/{roleName}
      name: getrole
      operations:
      - method: GET
        name: getrole
        description: Keycloak Get a realm-level role by name
        call: keycloak.getrole
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/roles/{roleName}
      name: updaterole
      operations:
      - method: PUT
        name: updaterole
        description: Keycloak Update a realm-level role
        call: keycloak.updaterole
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/roles/{roleName}
      name: deleterole
      operations:
      - method: DELETE
        name: deleterole
        description: Keycloak Delete a realm-level role
        call: keycloak.deleterole
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/groups
      name: getgroups
      operations:
      - method: GET
        name: getgroups
        description: Keycloak List groups
        call: keycloak.getgroups
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/groups
      name: creategroup
      operations:
      - method: POST
        name: creategroup
        description: Keycloak Create a top-level group
        call: keycloak.creategroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/groups/{groupId}
      name: getgroup
      operations:
      - method: GET
        name: getgroup
        description: Keycloak Get a group
        call: keycloak.getgroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/groups/{groupId}
      name: updategroup
      operations:
      - method: PUT
        name: updategroup
        description: Keycloak Update a group
        call: keycloak.updategroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/groups/{groupId}
      name: deletegroup
      operations:
      - method: DELETE
        name: deletegroup
        description: Keycloak Delete a group
        call: keycloak.deletegroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/groups/{groupId}/children
      name: createchildgroup
      operations:
      - method: POST
        name: createchildgroup
        description: Keycloak Create a child group
        call: keycloak.createchildgroup
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/groups/{groupId}/members
      name: getgroupmembers
      operations:
      - method: GET
        name: getgroupmembers
        description: Keycloak Get members of a group
        call: keycloak.getgroupmembers
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/identity-provider/instances
      name: getidentityproviders
      operations:
      - method: GET
        name: getidentityproviders
        description: Keycloak List identity providers
        call: keycloak.getidentityproviders
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/identity-provider/instances
      name: createidentityprovider
      operations:
      - method: POST
        name: createidentityprovider
        description: Keycloak Create an identity provider
        call: keycloak.createidentityprovider
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/identity-provider/instances/{alias}
      name: getidentityprovider
      operations:
      - method: GET
        name: getidentityprovider
        description: Keycloak Get an identity provider
        call: keycloak.getidentityprovider
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/identity-provider/instances/{alias}
      name: updateidentityprovider
      operations:
      - method: PUT
        name: updateidentityprovider
        description: Keycloak Update an identity provider
        call: keycloak.updateidentityprovider
        outputParameters:
        - type: object
          mapping: $.
    - path: /{realm}/identity-provider/instances/{alias}
      name: deleteidentityprovider
      operations:
      - method: DELETE
        name: deleteidentityprovider
        description: Keycloak Delete an identity provider
        call: keycloak.deleteidentityprovider
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    port: 9090
    namespace: keycloak-mcp
    transport: http
    description: MCP adapter for Keycloak Admin REST API for AI agent use.
    tools:
    - name: getrealms
      description: Keycloak List all realms
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keycloak.getrealms
      with:
        briefRepresentation: tools.briefRepresentation
      inputParameters:
      - name: briefRepresentation
        type: boolean
        description: briefRepresentation
      outputParameters:
      - type: object
        mapping: $.
    - name: getrealm
      description: Keycloak Get a realm
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keycloak.getrealm
      outputParameters:
      - type: object
        mapping: $.
    - name: updaterealm
      description: Keycloak Update a realm
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: keycloak.updaterealm
      outputParameters:
      - type: object
        mapping: $.
    - name: deleterealm
      description: Keycloak Delete a realm
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: keycloak.deleterealm
      outputParameters:
      - type: object
        mapping: $.
    - name: getusers
      description: Keycloak List users
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keycloak.getusers
      with:
        search: tools.search
        username: tools.username
        email: tools.email
        firstName: tools.firstName
        lastName: tools.lastName
        enabled: tools.enabled
        first: tools.first
        max: tools.max
        briefRepresentation: tools.briefRepresentation
      inputParameters:
      - name: search
        type: string
        description: Search string for username, first name, last name, or email
      - name: username
        type: string
        description: username
      - name: email
        type: string
        description: email
      - name: firstName
        type: string
        description: firstName
      - name: lastName
        type: string
        description: lastName
      - name: enabled
        type: boolean
        description: enabled
      - name: first
        type: integer
        description: Pagination offset
      - name: max
        type: integer
        description: Maximum results size
      - name: briefRepresentation
        type: boolean
        description: briefRepresentation
      outputParameters:
      - type: object
        mapping: $.
    - name: createuser
      description: Keycloak Create a new user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: keycloak.createuser
      outputParameters:
      - type: object
        mapping: $.
    - name: getuser
      description: Keycloak Get a user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keycloak.getuser
      outputParameters:
      - type: object
        mapping: $.
    - name: updateuser
      description: Keycloak Update a user
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: keycloak.updateuser
      outputParameters:
      - type: object
        mapping: $.
    - name: deleteuser
      description: Keycloak Delete a user
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: keycloak.deleteuser
      outputParameters:
      - type: object
        mapping: $.
    - name: getuserrealmrolemappings
      description: Keycloak Get realm-level role mappings for a user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keycloak.getuserrealmrolemappings
      outputParameters:
      - type: object
        mapping: $.
    - name: adduserrealmrolemappings
      description: Keycloak Add realm-level role mappings to a user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: keycloak.adduserrealmrolemappings
      outputParameters:
      - type: object
        mapping: $.
    - name: deleteuserrealmrolemappings
      description: Keycloak Remove realm-level role mappings from a user
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: keycloak.deleteuserrealmrolemappings
      outputParameters:
      - type: object
        mapping: $.
    - name: getusergroups
      description: Keycloak Get groups for a user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keycloak.getusergroups
      outputParameters:
      - type: object
        mapping: $.
    - name: addusertogroup
      description: Keycloak Add a user to a group
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: keycloak.addusertogroup
      outputParameters:
      - type: object
        mapping: $.
    - name: removeuserfromgroup
      description: Keycloak Remove a user from a group
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: keycloak.removeuserfromgroup
      outputParameters:
      - type: object
        mapping: $.
    - name: resetuserpassword
      description: Keycloak Reset a user's password
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: keycloak.resetuserpassword
      outputParameters:
      - type: object
        mapping: $.
    - name: getclients
      description: Keycloak List clients
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keycloak.getclients
      with:
        clientId: tools.clientId
        search: tools.search
        first: tools.first
        max: tools.max
        viewableOnly: tools.viewableOnly
      inputParameters:
      - name: clientId
        type: string
        description: Filter by clientId
      - name: search
        type: boolean
        description: search
      - name: first
        type: integer
        description: first
      - name: max
        type: integer
        description: max
      - name: viewableOnly
        type: boolean
        description: viewableOnly
      outputParameters:
      - type: object
        mapping: $.
    - name: createclient
      description: Keycloak Create a new client
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: keycloak.createclient
      outputParameters:
      - type: object
        mapping: $.
    - name: getclient
      description: Keycloak Get a client
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keycloak.getclient
      outputParameters:
      - type: object
        mapping: $.
    - name: updateclient
      description: Keycloak Update a client
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: keycloak.updateclient
      outputParameters:
      - type: object
        mapping: $.
    - name: deleteclient
      description: Keycloak Delete a client
      hints:
        readOnly: false
        destructive: true

# --- truncated at 32 KB (38 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/keycloak/refs/heads/main/capabilities/keycloak-capability.yaml