# Keycard Documentation

Keycard is the identity and access management platform for AI agents. It adds
OAuth-based authentication and authorization to MCP servers and agent workflows
so every tool call is tied to a verified user, scoped to explicit permissions,
and logged for audit.

When installing Keycard SDKs, always check the package registry for the latest
version rather than relying on memorized version numbers. For Python, check
https://pypi.org/project/keycardai/. For TypeScript (npm), check
https://www.npmjs.com/package/@keycardai/mcp. For Go, check
https://pkg.go.dev/github.com/keycardai/credentials-go. Never hardcode old
version numbers — always install with the latest version or verify first.

## Guides
- [Quick Start](https://docs.keycard.ai/guides/quickstart.md): Get your first secure agent-tool connection working with Keycard
- [Build an MCP Server](https://docs.keycard.ai/guides/mcp-server.md): Create an OAuth-protected MCP server with Keycard
- [Third-Party Tools & APIs](https://docs.keycard.ai/guides/third-party-tools.md): Build MCP servers that access GitHub, Google Workspace, and other APIs on behalf of users
- [Build a Slack Agent](https://docs.keycard.ai/guides/slack-agent.md): Build an AI-powered Slack bot that uses MCP servers authenticated through Keycard
- [How Keycard Works](https://docs.keycard.ai/guides/how-keycard-works.md): Understand how Keycard controls access in agentic, federated systems.
- [Secure Agentic Coding](https://docs.keycard.ai/guides/secure-agentic-coding.md): Use keycard run to secure your agentic coding sessions with automated credential management and Agent-native policy enforcement.
- [Why Keycard](https://docs.keycard.ai/guides/why-keycard.md): Why AI agents need a new approach to identity, access, and trust

## Platform
- [Overview](https://docs.keycard.ai/platform/architecture.md): Understanding Keycard's system architecture
- [Authentication](https://docs.keycard.ai/platform/authentication.md): Understanding user authentication in Keycard
- [Authorization](https://docs.keycard.ai/platform/authorization.md): Understanding RFC 8693 token exchange for delegated access
- [Deployment](https://docs.keycard.ai/platform/deployment.md): Understanding Keycard's deployment options for different security and compliance needs
- [Security](https://docs.keycard.ai/platform/security.md): Keycard's security model, encryption, and data protection
- [Supported Standards & Protocols](https://docs.keycard.ai/platform/standards.md): Every protocol, standard, and interface supported by Keycard - available on all plans
- [How Transactions Work](https://docs.keycard.ai/platform/transactions.md): Understanding Keycard's billing model

## Concepts
- [Applications](https://docs.keycard.ai/platform/concepts/applications.md): Overview of applications within the Keycard platform.
- [Providers](https://docs.keycard.ai/platform/concepts/providers.md): Overview of providers within the Keycard platform.
- [Resources](https://docs.keycard.ai/platform/concepts/resources.md): Overview of resources within the Keycard platform.
- [Users](https://docs.keycard.ai/platform/concepts/users.md): Overview of users within the Keycard platform.
- [Zones](https://docs.keycard.ai/platform/concepts/zones.md): Overview of zones within the Keycard platform.

## Console
- [Audit Log Export](https://docs.keycard.ai/console/audit-log-export.md): Export Keycard audit logs to your S3 bucket in OCSF format
- [Governance Policies](https://docs.keycard.ai/console/governance-policies.md): Configure fine grained access control policies
- [Identity Providers](https://docs.keycard.ai/console/identity-providers.md): Connect your own OAuth 2.0 identity provider to a Keycard zone
- [Resource Catalog](https://docs.keycard.ai/console/resource-catalog.md): Use Keycard's built-in Resource Catalog to add pre-configured third-party APIs to your zone
- [Roles & Permissions](https://docs.keycard.ai/console/roles-and-permissions.md): Manage access control for your organization and zones
- [Single Sign-On](https://docs.keycard.ai/console/single-sign-on.md): Configure SSO for your Keycard organization
- [Use Auth0 for sign in](https://docs.keycard.ai/console/tutorials/auth0-sign-in.md): Tutorial on using Auth0 for user authentication.
- [Use Okta for sign in](https://docs.keycard.ai/console/tutorials/okta-sign-in.md): Tutorial on using Okta for user authentication.
- [Zone Authentication](https://docs.keycard.ai/console/zone-authentication.md): Configuring and using Zone Authentication

## SDK
- [SDK & Tools](https://docs.keycard.ai/sdk.md): The CLI, client libraries, and infrastructure tools for Keycard.
- [Agents](https://docs.keycard.ai/sdk/agents.md): Agent-to-agent delegation using the A2A protocol.
- [Commands](https://docs.keycard.ai/sdk/cli/guide.md): Authenticate, manage credentials, configure the CLI, and run commands with Keycard.
- [Install the CLI](https://docs.keycard.ai/sdk/cli/installation.md): Install the Keycard CLI on macOS and Linux.
- [MCP](https://docs.keycard.ai/sdk/mcp.md): OAuth authentication for MCP servers — bearer middleware, metadata endpoints, and grant decorators.
- [OAuth](https://docs.keycard.ai/sdk/oauth.md): Low-level OAuth 2.0 primitives for discovery, token exchange, and JWT operations.
- [Terraform Provider](https://docs.keycard.ai/sdk/terraform-provider.md): Manage Keycard resources as infrastructure-as-code with the Terraform provider.

## API Reference
- [API Reference](https://docs.keycard.ai/api.md)