diff --git a/_http/.env.example b/_http/.env.example
new file mode 100644
index 0000000..8935f4f
--- /dev/null
+++ b/_http/.env.example
@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: 2024 PNED G.I.E.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+KEYCLOAK_HOST=https://keycloak-test.healthdata.nl
+KEYCLOAK_REALM=ckan
+KEYCLOAK_PROVIDER_ALIAS=LSAAI
+ACCESS_TOKEN=dummy
\ No newline at end of file
diff --git a/_http/.gitignore b/_http/.gitignore
deleted file mode 100644
index ad81c5d..0000000
--- a/_http/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-# SPDX-FileCopyrightText: 2024 PNED G.I.E.
-#
-# SPDX-License-Identifier: Apache-2.0
-## TODO - this file is just a placeholder
\ No newline at end of file
diff --git a/_http/keycloak.http b/_http/keycloak.http
new file mode 100644
index 0000000..e2434e5
--- /dev/null
+++ b/_http/keycloak.http
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: 2024 PNED G.I.E.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+GET {{$dotenv KEYCLOAK_HOST}}/realms/{{$dotenv KEYCLOAK_REALM}}/broker/{{$dotenv KEYCLOAK_PROVIDER_ALIAS}}/token
+Authorization: Bearer {{$dotenv ACCESS_TOKEN}}
\ No newline at end of file
diff --git a/src/main/openapi/beacon.yaml b/src/main/openapi/beacon.yaml
index f24961b..de7fd85 100644
--- a/src/main/openapi/beacon.yaml
+++ b/src/main/openapi/beacon.yaml
@@ -14,6 +14,13 @@ paths:
     post:
       summary: Searches for individuals based on criteria
       operationId: list_individuals
+      parameters:
+        - name: Authorization
+          in: header
+          description: The authorization header
+          required: true
+          schema:
+            type: string
       tags:
         - "beacon-query"
       requestBody:
@@ -28,6 +35,8 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/BeaconIndividualsResponse"
+        "401":
+          description: "Unauthorized"
       security:
         - beacon_auth:
             - read:beacon
@@ -37,6 +46,13 @@ paths:
       operationId: list_filtering_terms
       tags:
         - "beacon-query"
+      parameters:
+        - name: Authorization
+          in: header
+          description: The authorization header
+          required: true
+          schema:
+            type: string
       responses:
         "200":
           description: A list of filtering terms
@@ -44,6 +60,8 @@ paths:
             application/json:
               schema:
                 $ref: "#/components/schemas/BeaconFilteringTermsResponse"
+        "401":
+          description: "Unauthorized"
       security:
         - beacon_auth:
             - read:beacon
diff --git a/src/main/openapi/ckan.yaml b/src/main/openapi/ckan.yaml
index 77ef3f2..0b9062d 100644
--- a/src/main/openapi/ckan.yaml
+++ b/src/main/openapi/ckan.yaml
@@ -60,6 +60,12 @@ paths:
           required: false
           schema:
             type: string
+        - name: Authorization
+          in: header
+          description: The authorization header
+          required: false
+          schema:
+            type: string
       responses:
         "200":
           description: A list of packages matching the search criteria
@@ -80,6 +86,12 @@ paths:
           required: true
           schema:
             type: string
+        - name: Authorization
+          in: header
+          description: The authorization header
+          required: false
+          schema:
+            type: string
       responses:
         "200":
           description: The package with the specified ID
diff --git a/src/main/openapi/keycloak.yaml b/src/main/openapi/keycloak.yaml
new file mode 100644
index 0000000..d708bf7
--- /dev/null
+++ b/src/main/openapi/keycloak.yaml
@@ -0,0 +1,82 @@
+# SPDX-FileCopyrightText: 2024 PNED G.I.E.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+openapi: 3.0.3
+info:
+  title: Keycloak API
+  version: 1.0.0
+  description: This API allows to query the Keycloak identity provider
+servers:
+  - url: /
+paths:
+  /broker/{providerAlias}/token:
+    get:
+      summary: Retrieves tokens from the identity provider
+      operationId: retrive_idp_tokens
+      tags:
+        - "keycloak-query"
+      parameters:
+        - name: providerAlias
+          in: path
+          description: The alias of the identity provider
+          required: true
+          schema:
+            type: string
+        - name: Autorization
+          in: header
+          description: The authorization header
+          required: true
+          schema:
+            type: string
+      responses:
+        "200":
+          description: A list of packages matching the search criteria
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/KeycloakTokenResponse"
+        "401":
+          description: "Unauthorized"
+      security:
+        - keycloak_auth:
+            - read:token
+components:
+  securitySchemes:
+    keycloak_auth:
+      type: oauth2
+      description: This API uses OAuth 2 with the implicit grant flow.
+      flows:
+        authorizationCode:
+          tokenUrl: https://api.example.com/oauth2/token
+          authorizationUrl: https://api.example.com/oauth2/authorize
+          scopes:
+            read:token: read tokens
+  schemas:
+    KeycloakTokenResponse:
+      type: object
+      properties:
+        access_token:
+          type: string
+          title: The access token
+        expires_in:
+          type: integer
+          title: The expiration time of the token
+        refresh_expires_in:
+          type: integer
+          title: The expiration time of the refresh token
+        token_type:
+          type: string
+          title: The type of the token
+        id_token:
+          type: string
+          title: The ID token
+        not-before-policy:
+          type: integer
+          title: The not-before policy
+        scope:
+          type: string
+          title: The scope of the token
+        accessTokenExpiration:
+          type: integer
+          title: The expiration time of the access token
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 757674b..4b07f1d 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -11,7 +11,6 @@ quarkus.keycloak.devservices.port=32794
 quarkus.wiremock.devservices.port=4000
 quarkus.oidc.client-id=backend-service
 quarkus.oidc.credentials.secret=secret
-# Enable Policy Enforcement
 quarkus.openapi-generator.codegen.spec.discovery_yaml.enable-security-generation=false
 quarkus.openapi-generator.codegen.spec.discovery_yaml.additional-model-type-annotations=@lombok.Data;@lombok.NoArgsConstructor;@lombok.AllArgsConstructor;@lombok.Builder
 quarkus.openapi-generator.codegen.spec.discovery_yaml.base-package=io.github.genomicdatainfrastructure.discovery
@@ -25,3 +24,10 @@ quarkus.openapi-generator.codegen.spec.beacon_yaml.enable-security-generation=fa
 quarkus.openapi-generator.codegen.spec.beacon_yaml.base-package=io.github.genomicdatainfrastructure.discovery.remote.beacon
 quarkus.openapi-generator.codegen.spec.beacon_yaml.additional-model-type-annotations=@lombok.Data;@lombok.NoArgsConstructor;@lombok.AllArgsConstructor;@lombok.Builder
 quarkus.openapi-generator.codegen.spec.beacon_yaml.generate-part-filename=false
+quarkus.openapi-generator.codegen.spec.keycloak_yaml.enable-security-generation=false
+quarkus.openapi-generator.codegen.spec.keycloak_yaml.base-package=io.github.genomicdatainfrastructure.discovery.remote.keycloak
+quarkus.openapi-generator.codegen.spec.keycloak_yaml.additional-model-type-annotations=@lombok.Data;@lombok.NoArgsConstructor;@lombok.AllArgsConstructor;@lombok.Builder
+quarkus.openapi-generator.codegen.spec.keycloak_yaml.generate-part-filename=false
+quarkus.rest-client.ckan_yaml.url=http://localhost:4000
+quarkus.rest-client.keycloak_yaml.url=http://localhost:4000
+quarkus.rest-client.beacon_yaml.url=http://localhost:4000