Keycloak
Powered by JAIRF v1.0.0 by Jentic · open methodology at /the-headless-index/methodology
Scorecard detail
Keycloak is the de-facto open-source identity server, with a REST Admin API plus the keycloak-admin-client libraries in Node, Java, Python, and others. The Authentication API supports OIDC, OAuth 2.0, SAML 2.0, and several custom flows. Realms, clients, users, roles, identity providers, authentication flows, and policies are all addressable via REST.
signals (5)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −OpenAPI specNot found across 17 probe paths
- ·GraphQL endpointDiscovered at https://www.keycloak.org/graphql, introspection disabled or scoped
- ·SDKs maintained1 (java); top by stars: keycloak/keycloak-client (57 stars)
- +SDK recency1 of 1 SDK repos pushed within 30 days (most recent SDK commit: 2026-05-11)
cite (1)
- github.sdks@2026-05-19
Every Admin Console action has a REST equivalent. Realm import and export via JSON, the kcadm.sh CLI, and the Keycloak Operator for Kubernetes all give infrastructure-as-code paths. Provider extensibility via Java SPIs adds a customisation layer that is itself code-first. Among the most operationally complete IdPs available.
signals (9)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −API operations exposedNo OpenAPI spec; operations count unknown
- ·Docs pages crawled0 pages (crawler: none)
- ·Auth schemes documentedAuth documentation page not reached by crawler
- ·Setup / quickstart docsNot reached by crawler
- ·Billing docsNot reached by crawler
- ·Teams / org docsNot reached by crawler
- ·CLI docsNot reached by crawler
- ·Schema / data model docsNot reached by crawler
cite (1)
- github.sdks@2026-05-19
No official Keycloak MCP server has been published by the upstream project, although several community implementations exist. Red Hat (which sponsors Keycloak) has not yet authored an MCP integration for the product, which is unusual given the active downstream ecosystem.
signals (4)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −Official MCP serverNone found in vendor's GitHub org or the official MCP registry
- −Community MCP serversNone found
- −Agent-friendly SDKsNo TypeScript/JavaScript SDK published (agents commonly run in TS/JS)
cite (1)
- github.sdks@2026-05-19
The Admin REST API is documented in fine detail and an OpenAPI specification ships in the keycloak/keycloak repository for several major versions. Agents can fetch and use the spec without writing custom integration code.
signals (3)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- −OpenAPINot discovered across 17 standard probe paths
- ·GraphQL introspectionGraphQL endpoint at https://www.keycloak.org/graphql but introspection is disabled, scoped, or behind authentication
cite (1)
- github.sdks@2026-05-19
Webhook support is provided via the keycloak-event-listener SPI rather than as a first-party webhook product; this requires Java SPI implementation. Several community plugins fill the gap. The eventing story is therefore more open-source DIY than out-of-the-box.
signals (2)
- +AI review appliedReviewer: Editorial review on 2026-05-20
- ·Webhook docs pageNot reached by crawler within budget (0 pages crawled). Cannot confirm whether vendor offers webhooks.
cite (1)
- github.sdks@2026-05-19
This vendor does not publish a public OpenAPI specification. JAIRF cannot be computed. The Headless Index score and editorial verdict carry the readiness assessment.
No public OpenAPI specification discovered during collection
Powered by JAIRF v1.0.0 by Jentic
Band rationale:B band: JAIRF=N/A HeadlessIndex=66
Show Keycloak's score on your site.
Drop a live badge into your README, footer, or marketing page. It updates automatically when we re-score, and every embed is a dofollow link back here.