I think this may have already been answered somewhere else (github issues) but I'll respond here as well for the benefit of all. :) The API Gateway configuration API is protected by KeyCloak using the same Realm as the API Manager UI/REST. However, the KeyCloak role needed is "apipublisher" which is unique to the API Gateway configuration. So in other words, in order to call the API Gateway configuration API you must authenticate as a user with the 'apipublisher' role. The quickstart comes pre-configured with a user named "apimanager" that has this role. By default that user's password is: apiman123! I believe our documentation must be updated to reflect this fact. If anyone can point me to where we have the old information (where the password is listed as something else) then I'd appreciate it. Please note that you should definitely change this password in the quickstart. To do this, log into KeyCloak here: http://localhost:8080/auth admin admin123! Then find the user in via the KC UI and modify the credentials. You really should do this for the 'admin' user in both the Apiman and Master realms! The quickstart comes pre-configured with these users as a convenience only. -Eric On 11/29/2015 1:40 AM, Pavel Maslov wrote: