naftiko: 1.0.0-alpha2 info: label: Keycloak Admin REST API — Roles description: 'Keycloak Admin REST API — Roles. 8 operations. Lead operation: Keycloak List realm-level roles. Self-contained Naftiko capability covering one Keycloak business surface.' tags: - Keycloak - Roles created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: KEYCLOAK_API_KEY: KEYCLOAK_API_KEY capability: consumes: - type: http namespace: admin-rest-roles baseUri: https://{host}/admin/realms description: Keycloak Admin REST API — Roles business capability. Self-contained, no shared references. resources: - name: realm-roles path: /{realm}/roles operations: - name: getroles method: GET description: Keycloak List realm-level roles outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: search in: query type: string - name: first in: query type: integer - name: max in: query type: integer - name: briefRepresentation in: query type: boolean - name: createrole method: POST description: Keycloak Create a realm-level role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: realm-roles-roleName path: /{realm}/roles/{roleName} operations: - name: getrole method: GET description: Keycloak Get a realm-level role by name outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updaterole method: PUT description: Keycloak Update a realm-level role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleterole method: DELETE description: Keycloak Delete a realm-level role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: realm-users-userId-role-mappings-realm path: /{realm}/users/{userId}/role-mappings/realm operations: - name: getuserrealmrolemappings method: GET description: Keycloak Get realm-level role mappings for a user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: adduserrealmrolemappings method: POST description: Keycloak Add realm-level role mappings to a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleteuserrealmrolemappings method: DELETE description: Keycloak Remove realm-level role mappings from a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.KEYCLOAK_API_KEY}}' exposes: - type: rest namespace: admin-rest-roles-rest port: 8080 description: REST adapter for Keycloak Admin REST API — Roles. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/{realm}/roles name: realm-roles description: REST surface for realm-roles. operations: - method: GET name: getroles description: Keycloak List realm-level roles call: admin-rest-roles.getroles with: search: rest.search first: rest.first max: rest.max briefRepresentation: rest.briefRepresentation outputParameters: - type: object mapping: $. - method: POST name: createrole description: Keycloak Create a realm-level role call: admin-rest-roles.createrole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/{realm}/roles/{rolename} name: realm-roles-rolename description: REST surface for realm-roles-roleName. operations: - method: GET name: getrole description: Keycloak Get a realm-level role by name call: admin-rest-roles.getrole outputParameters: - type: object mapping: $. - method: PUT name: updaterole description: Keycloak Update a realm-level role call: admin-rest-roles.updaterole with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleterole description: Keycloak Delete a realm-level role call: admin-rest-roles.deleterole outputParameters: - type: object mapping: $. - path: /v1/{realm}/users/{userid}/role-mappings/realm name: realm-users-userid-role-mappings-realm description: REST surface for realm-users-userId-role-mappings-realm. operations: - method: GET name: getuserrealmrolemappings description: Keycloak Get realm-level role mappings for a user call: admin-rest-roles.getuserrealmrolemappings outputParameters: - type: object mapping: $. - method: POST name: adduserrealmrolemappings description: Keycloak Add realm-level role mappings to a user call: admin-rest-roles.adduserrealmrolemappings with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleteuserrealmrolemappings description: Keycloak Remove realm-level role mappings from a user call: admin-rest-roles.deleteuserrealmrolemappings with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: admin-rest-roles-mcp port: 9090 transport: http description: MCP adapter for Keycloak Admin REST API — Roles. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: keycloak-list-realm-level-roles description: Keycloak List realm-level roles hints: readOnly: true destructive: false idempotent: true call: admin-rest-roles.getroles with: search: tools.search first: tools.first max: tools.max briefRepresentation: tools.briefRepresentation outputParameters: - type: object mapping: $. - name: keycloak-create-realm-level-role description: Keycloak Create a realm-level role hints: readOnly: false destructive: false idempotent: false call: admin-rest-roles.createrole with: body: tools.body outputParameters: - type: object mapping: $. - name: keycloak-get-realm-level-role description: Keycloak Get a realm-level role by name hints: readOnly: true destructive: false idempotent: true call: admin-rest-roles.getrole outputParameters: - type: object mapping: $. - name: keycloak-update-realm-level-role description: Keycloak Update a realm-level role hints: readOnly: false destructive: false idempotent: true call: admin-rest-roles.updaterole with: body: tools.body outputParameters: - type: object mapping: $. - name: keycloak-delete-realm-level-role description: Keycloak Delete a realm-level role hints: readOnly: false destructive: true idempotent: true call: admin-rest-roles.deleterole outputParameters: - type: object mapping: $. - name: keycloak-get-realm-level-role-2 description: Keycloak Get realm-level role mappings for a user hints: readOnly: true destructive: false idempotent: true call: admin-rest-roles.getuserrealmrolemappings outputParameters: - type: object mapping: $. - name: keycloak-add-realm-level-role description: Keycloak Add realm-level role mappings to a user hints: readOnly: false destructive: false idempotent: false call: admin-rest-roles.adduserrealmrolemappings with: body: tools.body outputParameters: - type: object mapping: $. - name: keycloak-remove-realm-level-role description: Keycloak Remove realm-level role mappings from a user hints: readOnly: false destructive: true idempotent: true call: admin-rest-roles.deleteuserrealmrolemappings with: body: tools.body outputParameters: - type: object mapping: $.