A GET on the /{realm}/clients REST endpoint is supposed to return an  array of ClientRepresentation JSON objects. This is documented here: https://www.keycloak.org/docs-api/4.8/rest-api/index.html#_clients_resource According to the REST documentation  (https://www.keycloak.org/docs-api/4.8/rest-api/index.html#_clientrepresen... a ClientRepresentation is supposed to contain the following top level keys: access adminUrl attributes authenticationFlowBindingOverrides authorizationServicesEnabled authorizationSettings baseUrl bearerOnly clientAuthenticatorType clientId consentRequired defaultClientScopes defaultRoles description directAccessGrantsEnabled enabled frontchannelLogout fullScopeAllowed id implicitFlowEnabled name nodeReRegistrationTimeout notBefore optionalClientScopes origin protocol protocolMappers publicClient redirectUris registeredNodes registrationAccessToken rootUrl secret serviceAccountsEnabled standardFlowEnabled surrogateAuthRequired webOrigins However when authenticated as the admin in the master realm on Keycloak  version 4.8.2.Final a GET on /{realm}/clients returns  ClientRepresentation's containing only these keys: access attributes authenticationFlowBindingOverrides bearerOnly clientAuthenticatorType clientId consentRequired defaultClientScopes directAccessGrantsEnabled enabled frontchannelLogout fullScopeAllowed id implicitFlowEnabled nodeReRegistrationTimeout notBefore optionalClientScopes protocol publicClient redirectUris serviceAccountsEnabled standardFlowEnabled surrogateAuthRequired webOrigins This means the following keys are omitted from the ClientRepresentation.  Why? adminUrl authorizationServicesEnabled authorizationSettings baseUrl defaultRoles description name origin protocolMappers registeredNodes registrationAccessToken rootUrl secret As far as I can tell the documented ClientRepresentation closely matches  what is in the code here: https://github.com/keycloak/keycloak/blob/master/core/src/main/java/org/k... I believe this is the method used to return the ClientRepresentation  from the REST endpoint: https://github.com/keycloak/keycloak/blob/885eec5ef2628e41d59f4017745df44... The conversion from model to representation occurs here: https://github.com/keycloak/keycloak/blob/885eec5ef2628e41d59f4017745df44... I don't see anything which is dropping the missing keys in the returned  ClientRepresentation. Is something filtering the result? The context for the question arises from this: We were creating a client  via a PUT and allowing Keycloak to generate the client secret, we then  wanted to extract the client secret from the ClientRepresentation but  it's absent. I can also undersand why the client secret might be omitted  for security reasons (although I did find that seems to replace that  value with "**********", but that's not happening either, it's just  absent). That's when we noticed it wasn't just the client secret that  was missign but 12 other keys as well.