naftiko: 1.0.0-alpha2 info: label: Keycloak Admin REST API — Groups description: 'Keycloak Admin REST API — Groups. 10 operations. Lead operation: Keycloak List groups. Self-contained Naftiko capability covering one Keycloak business surface.' tags: - Keycloak - Groups created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: KEYCLOAK_API_KEY: KEYCLOAK_API_KEY capability: consumes: - type: http namespace: admin-rest-groups baseUri: https://{host}/admin/realms description: Keycloak Admin REST API — Groups business capability. Self-contained, no shared references. resources: - name: realm-groups path: /{realm}/groups operations: - name: getgroups method: GET description: Keycloak List groups outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: search in: query type: string - name: first in: query type: integer - name: max in: query type: integer - name: briefRepresentation in: query type: boolean - name: creategroup method: POST description: Keycloak Create a top-level group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: realm-groups-groupId path: /{realm}/groups/{groupId} operations: - name: getgroup method: GET description: Keycloak Get a group outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updategroup method: PUT description: Keycloak Update a group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deletegroup method: DELETE description: Keycloak Delete a group outputRawFormat: json outputParameters: - name: result type: object value: $. - name: realm-groups-groupId-children path: /{realm}/groups/{groupId}/children operations: - name: createchildgroup method: POST description: Keycloak Create a child group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: realm-groups-groupId-members path: /{realm}/groups/{groupId}/members operations: - name: getgroupmembers method: GET description: Keycloak Get members of a group outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: first in: query type: integer - name: max in: query type: integer - name: realm-users-userId-groups path: /{realm}/users/{userId}/groups operations: - name: getusergroups method: GET description: Keycloak Get groups for a user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: realm-users-userId-groups-groupId path: /{realm}/users/{userId}/groups/{groupId} operations: - name: addusertogroup method: PUT description: Keycloak Add a user to a group outputRawFormat: json outputParameters: - name: result type: object value: $. - name: removeuserfromgroup method: DELETE description: Keycloak Remove a user from a group outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: bearer token: '{{env.KEYCLOAK_API_KEY}}' exposes: - type: rest namespace: admin-rest-groups-rest port: 8080 description: REST adapter for Keycloak Admin REST API — Groups. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/{realm}/groups name: realm-groups description: REST surface for realm-groups. operations: - method: GET name: getgroups description: Keycloak List groups call: admin-rest-groups.getgroups with: search: rest.search first: rest.first max: rest.max briefRepresentation: rest.briefRepresentation outputParameters: - type: object mapping: $. - method: POST name: creategroup description: Keycloak Create a top-level group call: admin-rest-groups.creategroup with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/{realm}/groups/{groupid} name: realm-groups-groupid description: REST surface for realm-groups-groupId. operations: - method: GET name: getgroup description: Keycloak Get a group call: admin-rest-groups.getgroup outputParameters: - type: object mapping: $. - method: PUT name: updategroup description: Keycloak Update a group call: admin-rest-groups.updategroup with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletegroup description: Keycloak Delete a group call: admin-rest-groups.deletegroup outputParameters: - type: object mapping: $. - path: /v1/{realm}/groups/{groupid}/children name: realm-groups-groupid-children description: REST surface for realm-groups-groupId-children. operations: - method: POST name: createchildgroup description: Keycloak Create a child group call: admin-rest-groups.createchildgroup with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/{realm}/groups/{groupid}/members name: realm-groups-groupid-members description: REST surface for realm-groups-groupId-members. operations: - method: GET name: getgroupmembers description: Keycloak Get members of a group call: admin-rest-groups.getgroupmembers with: first: rest.first max: rest.max outputParameters: - type: object mapping: $. - path: /v1/{realm}/users/{userid}/groups name: realm-users-userid-groups description: REST surface for realm-users-userId-groups. operations: - method: GET name: getusergroups description: Keycloak Get groups for a user call: admin-rest-groups.getusergroups outputParameters: - type: object mapping: $. - path: /v1/{realm}/users/{userid}/groups/{groupid} name: realm-users-userid-groups-groupid description: REST surface for realm-users-userId-groups-groupId. operations: - method: PUT name: addusertogroup description: Keycloak Add a user to a group call: admin-rest-groups.addusertogroup outputParameters: - type: object mapping: $. - method: DELETE name: removeuserfromgroup description: Keycloak Remove a user from a group call: admin-rest-groups.removeuserfromgroup outputParameters: - type: object mapping: $. - type: mcp namespace: admin-rest-groups-mcp port: 9090 transport: http description: MCP adapter for Keycloak Admin REST API — Groups. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: keycloak-list-groups description: Keycloak List groups hints: readOnly: true destructive: false idempotent: true call: admin-rest-groups.getgroups with: search: tools.search first: tools.first max: tools.max briefRepresentation: tools.briefRepresentation outputParameters: - type: object mapping: $. - name: keycloak-create-top-level-group description: Keycloak Create a top-level group hints: readOnly: false destructive: false idempotent: false call: admin-rest-groups.creategroup with: body: tools.body outputParameters: - type: object mapping: $. - name: keycloak-get-group description: Keycloak Get a group hints: readOnly: true destructive: false idempotent: true call: admin-rest-groups.getgroup outputParameters: - type: object mapping: $. - name: keycloak-update-group description: Keycloak Update a group hints: readOnly: false destructive: false idempotent: true call: admin-rest-groups.updategroup with: body: tools.body outputParameters: - type: object mapping: $. - name: keycloak-delete-group description: Keycloak Delete a group hints: readOnly: false destructive: true idempotent: true call: admin-rest-groups.deletegroup outputParameters: - type: object mapping: $. - name: keycloak-create-child-group description: Keycloak Create a child group hints: readOnly: false destructive: false idempotent: false call: admin-rest-groups.createchildgroup with: body: tools.body outputParameters: - type: object mapping: $. - name: keycloak-get-members-group description: Keycloak Get members of a group hints: readOnly: true destructive: false idempotent: true call: admin-rest-groups.getgroupmembers with: first: tools.first max: tools.max outputParameters: - type: object mapping: $. - name: keycloak-get-groups-user description: Keycloak Get groups for a user hints: readOnly: true destructive: false idempotent: true call: admin-rest-groups.getusergroups outputParameters: - type: object mapping: $. - name: keycloak-add-user-group description: Keycloak Add a user to a group hints: readOnly: false destructive: false idempotent: true call: admin-rest-groups.addusertogroup outputParameters: - type: object mapping: $. - name: keycloak-remove-user-group description: Keycloak Remove a user from a group hints: readOnly: false destructive: true idempotent: true call: admin-rest-groups.removeuserfromgroup outputParameters: - type: object mapping: $.