News

API Authorization Engine, AUTHLETE 2.1, conforms to all security profiles for Financial-grade APIs

Fukuoka Financial Group now testing AUTHLETE for its new bank, "Minna no Ginko (Tentative name)"

Authlete, Inc has certified that AUTHLETE 2.1 conforms to all OpenID providers profiles for Financial-grade API (FAPI), which is fast-growing API security profiles targeting for financial institutes. AUTHLETE 2.1 is the only software that has passed all the conformance tests as of today. We keep contributing to the API economy generated by the open API innovation in the financial industry.

Key Takeaways

  1. AUTHLETE 2.1 conforms to all security profiles for Financial-grade APIs. As of September 17, 2019, Authlete is the first and only company that has certified for all the FAPI-related security profiles.

  2. Several financial institutions, including Fukuoka Financial Group, are at using AUTHLETE 2.1 to build FAPI-compliant banking APIs to establish safer methods of transferring assets through APIs.


AUTHLETE is a managed cloud/on-prem authorization engine that provides Web APIs for implementing OAuth 2.0, OpenID Connect, Financial-grade API, and CIBA. AUTHLETE focuses on OAuth and OIDC functionalities; thus, API providers can easily integrate AUTHLETE with their API infrastructure to protect the APIs with the latest industry standards. AUTHLETE helps customers in a wide range of industries, from financial to healthcare to IoT.

The new version, AUTHLETE 2.1, conforms to the “Financial-grade API Client Initiated Backchannel Authentication (FAPI-CIBA) OpenID Provider Profiles” of the OpenID Connect protocol. The FAPI-CIBA profile is a new specification that is built on top of “Client Initiated Backchannel Authentication Flow - Core 1.0 (CIBA Core)” and make it suitable for use in higher-risk scenarios, such as banking APIs.

Authlete has been contributing to the development of the FAPI-CIBA profiles and becomes the first certified solution provider by conforming the all four FAPI-CIBA OpenID provider profiles, according to OpenID Foundation. As of the date of this release, our solution has received the following certifications.

  • FAPI R/W OpenID Providers w/ MTLS
  • FAPI R/W OpenID Providers w/ Private Key
  • FAPI-CIBA OpenID Provider Poll w/ MTLS
  • FAPI-CIBA OpenID Provider Poll w/ Private Key
  • FAPI-CIBA OpenID Provider Ping w/ MTLS
  • FAPI-CIBA OpenID Provider poll w/ Private Key

Along with this adaptation of new security profiles, several financial institutions inside and outside Japan have started to test our solution to build open but secure APIs for their third-party collaborators, including Fintech startups.

Fukuoka Financial Group (FFG) in Fukoka, Japan is one of the banks and preparing a new challenger bank called “Minna no Ginko (Everybody’s bank in English; Tentative name) “. Mr. Inakura, Manager at FFG says, “We believe it is inevitable to build an API-based banking ecosystem and provide better services and experiences through it. Financial-grade API is an international standard for API security and will play a pivotal role in bridging the gap between API usability and security. We are testing AUTHLETE for implementing Financial-grade API because it is a proven solution in many financial institutions and built and supported by best-in-class experts “.

Authlete is keen to encourage secure, interoperable, and wide adoption of the authorization standards, and to aid the community. Authlete also provides consulting services to help customers implement the authorization standards properly. Please contact us for more details.