Hanko
Powered by JAIRF v1.0.0 by Jentic · open methodology at /the-headless-index/methodology
Scorecard detail
Hanko is passkey-first identity with the Public API for end-user flows and the Admin API for management. JavaScript SDK including a passkey-enabled web component is the client surface. Modern web platform primitives are explicit design choices; the product leans into WebAuthn rather than treating it as one provider among many.
signals (4)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- +OpenAPI specPublished, 0 operations
- ·GraphQL endpointDiscovered at https://www.hanko.io/graphql, introspection disabled or scoped
- −SDKs maintainedNone detected in vendor org
cite (1)
- github.sdks@2026-05-20
Most identity workflows are programmable through the Admin API. The admin surface is narrower than enterprise-tier IdPs (no SAML, no directory sync, narrower MFA matrix), but it is sufficient for consumer and prosumer use cases.
signals (9)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −API operations exposedOpenAPI present but operations could not be counted
- ·Docs pages crawled0 pages (crawler: none)
- ·Auth schemes documentedAuth documentation page not reached by crawler
- ·Setup / quickstart docsNot reached by crawler
- ·Billing docsNot reached by crawler
- ·Teams / org docsNot reached by crawler
- ·CLI docsNot reached by crawler
- ·Schema / data model docsNot reached by crawler
cite (1)
- github.sdks@2026-05-20
No first-party Hanko MCP server has been published. The product focus is passkey adoption, not agent integration.
signals (4)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −Official MCP serverNone found in vendor's GitHub org or the official MCP registry
- −Community MCP serversNone found
- −Agent-friendly SDKsNo TypeScript/JavaScript SDK published (agents commonly run in TS/JS)
cite (1)
- mcp.found@2026-05-20
REST documentation is detailed at docs.hanko.io. OpenAPI references exist for some surfaces; not all of the API is reachable through a single canonical OpenAPI URL.
signals (3)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- +OpenAPIPublished at https://raw.githubusercontent.com/teamhanko/docs/main/openapi-public.yaml (OpenAPI undefined, 0 operations)
- ·GraphQL introspectionGraphQL endpoint at https://www.hanko.io/graphql but introspection is disabled, scoped, or behind authentication
cite (1)
- openapi.discovered@2026-05-20
Hanko Webhooks deliver signed events for identity lifecycle changes. Event catalog is modest but well-scoped to the passkey-and-modern-identity use case.
signals (2)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- ·Webhook docs pageNot reached by crawler within budget (0 pages crawled). Cannot confirm whether vendor offers webhooks.
cite (1)
- ai_review_browser.webhooks@2026-05-20
FCFoundational Compliance100/100
Structural validity, standards conformance, and parsability of the OpenAPI specification.
DXJDeveloper Experience & Tooling Compatibility70.5/100
Documentation clarity, example coverage, response completeness, and ingestion health.
ARAXAI-Readiness & Agent Experience68.8/100
Semantic clarity, intent expression, datatype specificity, and error standardization.
AUAgent Usability86.1/100
Operational composability, complexity comfort, navigation affordances, and safety patterns.
SECSecurity84.1/100
Authentication strength, transport security, secret hygiene, and OWASP risk posture.
AIDAI Discoverability83.8/100
Descriptive richness, intent phrasing, workflow context, and registry signals.
Band rationale:C band: scores 40-75 range
Show Hanko's score on your site.
Drop a live badge into your README, footer, or marketing page. It updates automatically when we re-score, and every embed is a dofollow link back here.