FusionAuth
Powered by JAIRF v1.0.0 by Jentic · open methodology at /the-headless-index/methodology
Scorecard detail
FusionAuth is an open-source identity product with a self-hostable Java backend and a comprehensive REST API covering every administrative surface. SDKs in Java, .NET, Python, Node, Go, Ruby, and PHP are all maintained. The OpenAPI specification is published in the documentation, which puts FusionAuth ahead of most identity vendors on machine discoverability.
signals (6)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- +OpenAPI specPublished, 0 operations
- −GraphQL endpointNot discovered (5 probes; project-scoped endpoints require a real project ID)
- +SDKs maintained16 (dotnet, go, java, javascript, php, python, ruby, typescript); top by stars: FusionAuth/fusionauth-typescript-client (71 stars)
- +SDK recency13 of 16 SDK repos pushed within 30 days (most recent SDK commit: 2026-05-18)
- +npm weekly downloads12.6M across published packages; top: npm @ 12.6M/week
cite (5)
- openapi.probes_tried@2026-05-19
- graphql.probes_tried@2026-05-19
- github.sdks@2026-05-19
- freshness.most_recent_sdk_commit@2026-05-19
- github.sdks@2026-05-19
Every action in the FusionAuth admin UI is available through the API: user CRUD, application registration, tenant configuration, identity provider setup, lambda authoring, family unit management, audit log access. Kickstart YAML provides config-as-code for bootstrapping deployments. Reference-class operability for self-hosted identity.
signals (9)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −API operations exposedOpenAPI present but operations could not be counted
- ·Docs pages crawled0 pages (crawler: none)
- ·Auth schemes documentedAuth documentation page not reached by crawler
- ·Setup / quickstart docsNot reached by crawler
- ·Billing docsNot reached by crawler
- ·Teams / org docsNot reached by crawler
- ·CLI docsNot reached by crawler
- ·Schema / data model docsNot reached by crawler
cite (1)
- ai_review_browser.topics_found@2026-05-20
No official FusionAuth MCP server has been published. The product positioning is self-hostable IdP rather than agent integration; community wrappers cover the protocol layer where needed.
signals (4)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −Official MCP serverNone found in vendor's GitHub org or the official MCP registry
- −Community MCP serversNone found
- +Agent-friendly SDKs2 TS/JS SDKs available; top: fusionauth-typescript-client (3/week downloads)
cite (1)
- ai_review_browser.pages_fetched@2026-05-20
A public OpenAPI specification is published at fusionauth.io and used to generate the SDKs across languages. This makes FusionAuth one of the more agent-introspectable identity vendors in the index.
signals (3)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- +OpenAPIPublished at https://raw.githubusercontent.com/FusionAuth/fusionauth-openapi/main/openapi.yaml (OpenAPI undefined, 0 operations)
- −GraphQL introspectionNo GraphQL endpoint discovered (5 probes; some vendors use project-scoped endpoints that require a real project handle)
cite (1)
- ai_review_browser.schema@2026-05-20
Webhook subscriptions cover user, registration, application, tenant, family, JWT, audit, MFA, and lambda lifecycle events with HMAC signing options. The catalog is among the most comprehensive in the identity category, reflecting FusionAuth's API-first orientation.
signals (2)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- ·Webhook docs pageNot reached by crawler within budget (0 pages crawled). Cannot confirm whether vendor offers webhooks.
cite (1)
- ai_review_browser.pages_fetched@2026-05-20
FCFoundational Compliance100/100
Structural validity, standards conformance, and parsability of the OpenAPI specification.
DXJDeveloper Experience & Tooling Compatibility59.2/100
Documentation clarity, example coverage, response completeness, and ingestion health.
ARAXAI-Readiness & Agent Experience49/100
Semantic clarity, intent expression, datatype specificity, and error standardization.
AUAgent Usability90/100
Operational composability, complexity comfort, navigation affordances, and safety patterns.
SECSecurity60/100
Authentication strength, transport security, secret hygiene, and OWASP risk posture.
AIDAI Discoverability60/100
Descriptive richness, intent phrasing, workflow context, and registry signals.
Band rationale:C band: scores 40-75 range
Show FusionAuth's score on your site.
Drop a live badge into your README, footer, or marketing page. It updates automatically when we re-score, and every embed is a dofollow link back here.
How THI compares to external scorers
| Source | Score | Measures | Last checked |
|---|---|---|---|
| Fern Agent Score | 70 · C | Documentation completeness and SDK shape (~22 checks) | April 8, 2026 |
| CLIRank Agent Friendliness | not found | CLI readiness, docs quality, and overall agent affordances | — |
| Cloudflare Is It Agent Ready? | blocked | Cloudflare's manual agent-readiness heuristic per vendor URL | — |
| Jentic Scorecard | n a | JAIRF-based scorecard requiring a public OpenAPI specification | — |
THI display 51 vs external median 70 (delta -19). Within calibration band.