Skip to content

KIFWA Documentation

Authentication

KIFWA Documentation

Home
Getting Started
Getting Started
- Overview
- Authentication Authentication
  Table of contents
- Environments
Integrations
Integrations
API and Workflows
API and Workflows
Operations
Operations
- Deployment
- Observability
Internal Docs
Internal Docs
- Access Model

Authentication¶

KIFWA services use OAuth 2.0 / OIDC via Keycloak.

Baseline requirements¶

Realm access for the target tenant (cfhub for KIFWA deployments).
Client credentials for server-to-server integrations.
Browser clients configured with approved redirect URIs.

Token use¶

Use bearer tokens for all protected API calls.
Validate token expiry and refresh before long-running operations.
Restrict scopes and roles to least privilege.

Recommended checks¶

bash curl -sS https://auth.preprod.kifwa.cfhub.net/realms/cfhub/.well-known/openid-configuration

bash curl -sS https://auth.clearingagent.co.ke/realms/cfhub/.well-known/openid-configuration