Generate Keycloak Bearer Token Using Postman

2 min readJun 6, 2021


1. Introduction

In this article, we will generate a Keycloak bearer token that we can use to authorized our request. This token is mostly used to verify request in the backend REST API.

1.1 Prerequisites

  • You must have a docker installed.
  • You must have installed Postman.

Take note of this URL format: Save the value of authorization_endpoint and token_endpoint, we will use them later.

2. Setup Keycloak

Before we begin, we need to run an instance of Keycloak in docker first.

docker run -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin -p 8081:8080 -d jboss/keycloak:10.0.2

Keycloak should run on port 8081.

Now, go to your browser and open http://localhost:8081 and you should arrive in Keycloak admin page.

3. Create a Keycloak Realm and Client

Next, we need to create the realm and client that we will be using to generate a token.

During the first serving of the page, Keycloak will ask you to save an admin user and password.

  1. Login to Keycloak.
  2. In the left panel, hover to Master, and click Add Realm.
  3. Enter czetsuyatech.
  4. On the left panel, click Clients.
  5. On the right side, click Create.
  6. Enter auth in the client id and hit Save.
  7. On the client detail page:
  8. Set Access Type=confidential.
  9. Valid Redirect URIs=* (for debugging purposes only)
  10. Web Origins=* (for debugging purposes only)
  11. *Make sure to secure items 2 and 3 in production.
  12. Copy the Secret value in the Credentials tab, we will use it later.

4. Create a Keycloak User

  1. On the left panel, under Manage click Users.
  2. Click Add User.
  3. In the username field, enter czetsuyatech and hit save.
  4. Open the Credentials tab, set the password to czetsuyatech, switch Temporary to OFF.
  5. Click Set Password.

4. Generate the Token

4.1 Set the following request parameters

  1. In Postman, create a new request. It could be any HTTP method.
  2. Under Authorization tab, set TYPE=OAuth 2.0.
  3. On the right panel, click Get New Access Token.
  4. Callback URL=
  5. Or anything since we did not set it;
  6. It should match the value you will set in Keycloak;
  7. Normally, this is your frontend URL where Keycloak will redirect after login.
  8. Auth URL=
  9. Access Token URL=
  10. ClientID=auth
  11. Client Secret=[Get the value from 3.8]
  12. Scope=email

4.2 Execute the request

  1. Click Request Token
  2. Enter the user we created in step 4, czetsuyatech/czetsuyatech.
  3. Click Submit/Login.
  4. It should automatically fill up the Access Token field with the generated token.
  5. Header prefix must be set to “Bearer “.

Originally published at




Open for Collaboration | Senior Java Backend Developer