Hi Michael, Len DiMaggio forwarded me your question about OAuth and apiman. The short answer is that we have a plugin (targeted for apiman 1.1.0) that adds support for authenticating via Keycloak OAuth bearer token. Some links: The plugin: https://github.com/apiman/apiman-plugins/tree/master/keycloak-oauth-policy Keycloak: http://keycloak.jboss.org/ Once we release version 1.1 in a month or so, you will be able to simply add the Keycloak OAuth Policy Plugin to apiman via the apiman admin UI using the official version of the plugin. For now you would need to built it from source (mvn clean install) so that the SNAPSHOT version is available in your .m2 directory. If you do that, you can add it to your apiman installation to try it out: GroupId: io.apiman.plugins ArtifactId: apiman-plugins-keycloak-oauth-policy Version: 1.1.0-SNAPSHOT This policy works with keycloak - so all it does is validate the OAuth bearer token in the request, using the Keycloak Realm Name and Realm Key (which is configured when the policy is set up in apiman). apiman does not issue OAuth tokens - we rely on keycloak for that. If you have an existing OAuth solution, you would need to write a custom plugin to authenticate the OAuth bearer token issued by your OAuth solution of choice. It should be easy to do that by following the example in github. I hope that helps! -Eric