Creation of Keycloak protection resources - protection or admin API?

Hi, I was hoping to get some enlightenment on configuring protection resources, scopes, policies and permissions. There is a resource registration endpoint on the protection API at http://${host}:${port}/auth/realms/${realm}/authz/protection/resource_set,
and this is what I would expect to use. But when I tried to add a protection resource or protection scope from the Keycloak web application, I see (via Chrome devtools) that the POST is actually made via the server admin API,
/auth/admin/realms/{realm}/clients/{client id}/authz/resource-server/{ scope | resource }
Why does this undocumented endpoint exist in the admin API and should I be using it for my own configuration of protection resources?