Skip to main content
Version: 4.18.1

Create Tenant

Tenant are entities that can request Keycloak to authenticate a user. It also use Keycloak to encrypt themselves and provide a single sign-on solution which can securely invoke other services over the network. Access this API to create a new tenant.


Tenant in mID refers to the Realm.

Resource Informations

Requires authentication?Yes
Rate limited?No


Request headers

AuthorizationBearer token

HTTP request URL for SSMS

POST https://{tenantId}.{hostname}/digitanium/v4/tenants

HTTP request URL for SHIFT

POST https://{hostname}/auth/realms/{tenantId}/v4_realm/

Only MASTER tenant has the access to Create tenants.


API requests must be made over https. Calls made over plain http will fail. {tenantId} which is used in http request should be a master tenantId.


No parameters fields are required.

Request body (*Required)

Field NameTypeDescription
tenantidStringDefine unique tenant id.
*realmStringDefine unique realm id.
enabledBooleanIf this is set to true the realm is enabled.
typeStringIt specifies the RealmType, the possible values are SSMS or AST.
loginThemeStringDefine the theme of the realm.
accountThemeStringDefine the theme of the account.
adminThemeStringDefine the theme of the admin.
*adminUsernameStringDefine unique username of admin user.
adminEmailStringDefine an email of admin user.
*adminPasswordStringDefine new password of admin user.
adminFirstNameStringDefine Firstname of admin user.
adminLastNameStringDefine Lastname of admin user.
bruteForceProtectedBooleanBruteforce will be activated, if enabled.
otpBruteForceProtectedBooleanBruteforce will be activated for otp brute force detection.
actionTokenGeneratedByAdminLifespanIntegerExpire time of the verification link, should be set as a default 86400 second in the field. 
settingsMapDefines the settings of the realm. Required settings can be configured.
requiredActionsArrayPre-requisite for the functionality required.
aliasStringPre-requisite for the functionality required.
nameStringThe name for the required action.
providerIdStringThe required action’s Id.
enabledBooleanIf this is true the required action is enabled.
priorityIntegerThe execution order of the required action.

Sample Request

"id": "tenantExt000019",
"realm": "tenantExt000019",
"enabled": true,
"type": "AST",
"loginTheme": "kobilv2",
"accountTheme": "kobilv2",
"adminTheme": "kobilv2",
"emailTheme": "kobilv2",
"adminUsername": "admin",
"adminEmail": "",
"adminPassword": "Admin@123",
"adminFirstName": "",
"adminLastName": "",
"bruteForceProtected": true,
"otpBruteForceProtected": true,
"settings": {
" UserProperty": "id"
"alias": "kobil-reg-status-required-action",
"name": "KOBIL Registration Status Verification",
"providerId": "kobil-reg-status-required-action",
"enabled": true,


Field NameTypeDescription
messageStringMessage explains result of the API call. Refer Response status Information for details.
statusStringThe status of the API call. Refer Response status Information for details.
subSystemIntegersubSystem categorizes the type of API that has been called. Refer Subsystem details for details.
dataObjectObject containing the newly created tenant details.
tenantNameStringUnique tenant name.
appIdStringDefault appId.
emailIdStringEmail of admin user.
appSecretStringUUID, Secret of the default app.
tenantUrlStringAPI URL of the tenant.

Sample Response

"message": "Tenant created successfully",
"status": "OK",
"subSystem": 1,
"data": {
"tenantName": "tenant419",

"emailId": "",

"tenantUrl": "",

"appId": "digitanium-app",

"appSecret": "5f8e7721-e20c-46ec-9beb-ada05cbfdf93"

Response Status Information

Status CodeStatusMessage
200OKTenant created successfully
400BAD_REQUESTTenant name should not be null or empty
401UnauthorizedFailed to create tenant
409CONFLICTTenant already exists