Skip to content
Switch branches/tags
Go to file
Authenticating against Admin REST API with `client_id` and `client_secret`
2 contributors

Users who have contributed to this file

@stianst @danifr


{project_name} comes with a fully functional Admin REST API with all features provided by the Admin Console.

To invoke the API you need to obtain an access token with the appropriate permissions. The required permissions are described in {adminguide_link}[{adminguide_name}].

A token can be obtained by enabling authenticating to your application with {project_name}; see the {adapterguide_link}[{adapterguide_name}]. You can also use direct access grant to obtain an access token.

For complete documentation see {apidocs_link}[{apidocs_name}].

Examples using CURL

Authenticate with username and password

Obtain access token for user in the realm master with username admin and password password:

curl \
  -d "client_id=admin-cli" \
  -d "username=admin" \
  -d "password=password" \
  -d "grant_type=password" \
By default this token expires in 1 minute

The result will be a JSON document. To invoke the API you need to extract the value of the access_token property. You can then invoke the API by including the value in the Authorization header of requests to the API.

The following example shows how to get the details of the master realm:

curl \
  -H "Authorization: bearer eyJhbGciOiJSUz..." \

Authenticate with a service account

Before being able to authenticate against the Admin REST API using a client_id and a client_secret you need to make sure the client is configured as it follows:

  • client_id is a confidential client that belongs to the realm master

  • client_id has Service Accounts Enabled option enabled

  • client_id has a custom "Audience" mapper

    • Included Client Audience: security-admin-console

Finally, check that client_id has the role 'admin' assigned in the "Service Account Roles" tab.

After that, you will be able to obtain an access token for the Admin REST API using client_id and client_secret:

curl \
  -d "client_id=<YOUR_CLIENT_ID>" \
  -d "client_secret=<YOUR_CLIENT_SECRET>" \
  -d "grant_type=client_credentials" \