16.1.1.30. Client endpoints

The client REST API lists the client applications (PAM, SAML, RADIUS, Keycloak, …) that have authenticated against privacyIDEA, grouped by client type. Entries are populated automatically as clients hit the Validate endpoints endpoints.

Access requires admin authentication and the admin policy action clienttype.

GET /client/

Return all client applications that have authenticated against privacyIDEA, grouped by client type. The result is a dictionary keyed by client type (PAM, SAML, RADIUS, …) where each value is a list of records carrying the client’s IP, hostname and the most recent lastseen timestamp across all nodes.

Requires the admin policy action clienttype.

Example request:

GET /client/ HTTP/1.1
Host: example.com
Accept: application/json

Example response:

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 1,
  "jsonrpc": "2.0",
  "result": {
    "status": true,
    "value": {
      "PAM": [
        {"ip": "10.0.0.5", "hostname": "host1.example.com",
         "lastseen": "2026-05-01 12:34:56"}
      ],
      "SAML": []
    }
  },
  "version": "privacyIDEA unknown"
}

Status Codes:

• 200 OK – clients returned in result.value.