$HEADLESS SYSTEMS
03 / Scorecard / Auth & Identity

Better Auth

B
Headless Index
63/100
denominator 40
JAIRF
N/A
Verified
MAY 21, 2026
Methodology v1 · JAIRF v1.0.0

Powered by JAIRF v1.0.0 by Jentic · open methodology at /the-headless-index/methodology

Editorial verdict
Better Auth is solidly built for programmatic consumption. The Headless Index thesis-fit score of 63/100 lands it in the upper-middle of the index, and JAIRF is recorded as N/A for this vendor because no public OpenAPI specification was reachable for the open-source scorer. In practice, vendors at this tier ship most of the primitives agents need, with one or two surfaces still leaning on documentation rather than discovery, and the rest of this verdict explains where Better Auth lands inside that pattern. On the API surface, the question is whether the API is the product or a layer beneath the dashboard. On API-first posture, the structured collectors did not surface an OpenAPI spec, GraphQL endpoint, or SDK ecosystem strong enough to score this criterion automatically. Editorial follow-up should confirm whether an API spec exists behind authentication or in unindexed documentation.[1] Schema observability is the related test: can an agent introspect the contract from cold, or does it have to read prose documentation to do so? The TypeScript types are the canonical contract. A REST OpenAPI surface is not published at a stable URL because the API shape depends on which plugins the user enabled (the framework generates routes dynamically). Schema discoverability is per-instance rather than per-vendor.[2] An agent can drive this product across most practical workflows, with a handful of edges where documentation reading still beats schema discovery. On headless operability: On headless operability, the docs crawl did not produce topic coverage sufficient to score programmatic setup, billing, teams, schema, or CLI workflows. A targeted AI review pass should visit the vendor's docs index and confirm what programmatic surfaces actually exist.[3] On the MCP and agent-integration axis, which is the fastest-moving criterion in the index: No first-party Better Auth MCP server. Open-source community is very active; community-published MCP wrappers are plausible. The TypeScript-first architecture makes integration straightforward.[4] Event posture closes the loop: an agent that cannot react to state changes is reduced to polling. On webhooks and events, the docs crawler did not locate a webhooks reference page or events catalog. Editorial review should confirm whether the vendor publishes events at all, and if so whether signing and replay are documented. Net assessment: Better Auth can be operated by agents for the majority of practical workflows. The closest thing to a gap is schema observability[5], which integrators should sanity-check against their own use case before committing. Strong fit for agent-driven use cases.
Verdict by Headless Index pipeline (auto)
// AI-drafted from the evidence layer. Editorial review pending.
Scores

Scorecard detail

Headless Index · 5 sub-criteria
API-first design intentUnknown
Unknown

Better Auth is open-source TypeScript-first auth framework, displacing NextAuth/Auth.js for many 2026 projects. The product is a library more than a hosted service: the API surface is the library's exported functions plus a REST/RPC bridge generated at runtime. Plugins extend the surface (passkey, two-factor, organization, multi-session, etc.).

signals (4)
  • +AI review appliedReviewer: Editorial review on 2026-05-20
  • OpenAPI specNot found across 17 probe paths
  • GraphQL endpointNot discovered (5 probes; project-scoped endpoints require a real project ID)
  • SDKs maintainedNone detected in vendor org
cite (3)
  • openapi.probes_tried@2026-05-20
  • graphql.probes_tried@2026-05-20
  • github.sdks@2026-05-20
Headless operationUnknown
Unknown

User registration, sessions, MFA, social providers, organizations, magic links, and admin operations are all code-first. The better-auth CLI generates schema migrations for Drizzle, Prisma, Kysely. Self-host is the canonical deployment; there is no hosted Better Auth Cloud.

signals (9)
  • +AI review appliedReviewer: Editorial review on 2026-05-20
  • API operations exposedNo OpenAPI spec; operations count unknown
  • ·Docs pages crawled0 pages (crawler: none)
  • ·Auth schemes documentedAuth documentation page not reached by crawler
  • ·Setup / quickstart docsNot reached by crawler
  • ·Billing docsNot reached by crawler
  • ·Teams / org docsNot reached by crawler
  • ·CLI docsNot reached by crawler
  • ·Schema / data model docsNot reached by crawler
cite (8)
  • openapi.operations_count@2026-05-20
  • docs.pages_crawled@2026-05-20
  • docs.pages_crawled@2026-05-20
  • docs.topics_found.setup@2026-05-20
  • docs.topics_found.billing@2026-05-20
  • docs.topics_found.teams@2026-05-20
  • docs.topics_found.cli@2026-05-20
  • docs.topics_found.schema@2026-05-20
MCP & agent posture20/20
scored

No first-party Better Auth MCP server. Open-source community is very active; community-published MCP wrappers are plausible. The TypeScript-first architecture makes integration straightforward.

signals (4)
  • +AI review appliedReviewer: Editorial review on 2026-05-20
  • +Official MCP serverhttps://github.com/better-auth/better-icons (1015 stars, last commit 48 days ago)
  • Community MCP serversNone found
  • Agent-friendly SDKsNo TypeScript/JavaScript SDK published (agents commonly run in TS/JS)
cite (3)
  • mcp.official_server.url@2026-05-20
  • mcp.github_search_query@2026-05-20
  • github.sdks@2026-05-20
Schema observability5/20
scored

The TypeScript types are the canonical contract. A REST OpenAPI surface is not published at a stable URL because the API shape depends on which plugins the user enabled (the framework generates routes dynamically). Schema discoverability is per-instance rather than per-vendor.

signals (3)
  • +AI review appliedReviewer: Editorial review on 2026-05-20
  • OpenAPINot discovered across 17 standard probe paths
  • GraphQL introspectionNo GraphQL endpoint discovered (5 probes; some vendors use project-scoped endpoints that require a real project handle)
cite (2)
  • openapi.probes_tried@2026-05-20
  • graphql.probes_tried@2026-05-20
Webhooks & eventsUnknown
Unknown

Hook system at the library level (beforeSignIn, afterCreate, etc.) handles event-driven extensibility in code. Outbound webhook delivery to external systems is plugin-based, not a built-in primitive.

signals (2)
  • +AI review appliedReviewer: Editorial review on 2026-05-20
  • ·Webhook docs pageNot reached by crawler within budget (0 pages crawled). Cannot confirm whether vendor offers webhooks.
cite (1)
  • docs.pages_crawled@2026-05-20
JAIRF · 6 dimensions
JAIRF · N/A

This vendor does not publish a public OpenAPI specification. JAIRF cannot be computed. The Headless Index score and editorial verdict carry the readiness assessment.

No public OpenAPI specification discovered during collection

Powered by JAIRF v1.0.0 by Jentic

Band rationale:B band: JAIRF=N/A HeadlessIndex=63

04 / Embed

Show Better Auth's score on your site.

Drop a live badge into your README, footer, or marketing page. It updates automatically when we re-score, and every embed is a dofollow link back here.

Better Auth mini badge preview
Get embed code
Calibration

How THI compares to external scorers

SourceScoreMeasuresLast checked
Fern Agent Scorenot foundDocumentation completeness and SDK shape (~22 checks)
CLIRank Agent Friendliness82 · GoodCLI readiness, docs quality, and overall agent affordances
Cloudflare Is It Agent Ready?blockedCloudflare's manual agent-readiness heuristic per vendor URL
Jentic Scorecardn aJAIRF-based scorecard requiring a public OpenAPI specification
THI 63 vs external median 82, delta -19

THI display 63 vs external median 82 (delta -19). Within calibration band.

Peers in Auth & Identity
Ping IdentityB
Headless Index 64/100
PropelAuthB
Headless Index 60/100
KeycloakB
Headless Index 66/100
See full Auth & Identity ranking →