Catalog
Pre-configured MCP servers and OAuth-protected APIs, all governed by Keycard identity, policy, and audit.
The Keycard Catalog gives you one-click installs for popular MCP servers and OAuth-protected APIs. Pick an entry, click install, and Keycard wires up the providers, resources, and token exchange for you.
MCP Servers
Section titled “MCP Servers”The official MCP servers from each provider, fronted by the Keycard MCP Gateway. Each entry gives you a URL to install in Cursor, Claude Code, or any MCP client. On every tool call, Keycard authenticates the user, exchanges the session with Keycard STS for the upstream token, and proxies the call to the official MCP - every call is audited.
API Servers
Section titled “API Servers”Pre-configured third-party APIs (Gmail, Slack, GitHub, …) your application calls on behalf of authenticated users. Each install creates the resources and providers you need. Keycard STS does the token exchange so your app can call the upstream directly. Default scopes are pre-set, and you can override them or add your own.
Auditing & observability
Section titled “Auditing & observability”Every catalog install generates audit events end-to-end: the user’s OAuth consent, each token exchange Keycard performs against the upstream, and every gateway call routed through Keycard. Events are viewable in Console → Audit Log.
For SIEM tools (Splunk, Datadog, Sentinel, etc.), Audit Log Export delivers the same events to your S3 bucket in OCSF/Parquet format.