News

Authlete enhances its industry-leading API authorization solution

Authlete 2.2 supports the latest standards to achieve financial-grade API security and KYC information sharing

  • February 4, 2021

Authlete Inc., a technology leader in API authorization, has announced that Authlete 2.2 is generally available today. It supports the latest OAuth 2.0 / OpenID Connect (OIDC) standards, including the final version of the Financial-grade API (FAPI) specifications that have been approved by the OpenID Foundation in January 2021. Service providers that require a high level of API security can leverage the newest release of Authlete to employ the most recent industry efforts in OAuth 2.0 / OIDC into their API infrastructure in a quick and secure manner.

Highlights in Authlete 2.2
  1. Providing implementation of final version of the FAPI specifications that have been approved in January 2021
  2. Adopting the latest OAuth 2.0 / OIDC standard extensions in development, such as KYC information sharing

Authlete 2.2 has adopted wide range of standard specifications as in the previous versions of Authlete. It supports the final version of the FAPI specifications that have been approved in January 2021, while the previous version of Authlete (2.1) does their “implementer’s draft” versions.

The latest version of Authlete also incorporates emerging OAuth 2.0 / OIDC standard extensions under being discussed so that you can make use of such state-of-the-art efforts e.g. OpenID Connect for Identity Assurance 1.0 (IDA) for KYC information sharing, OAuth 2.0 Pushed Authorization Requests (PAR) / OAuth 2.0 Rich Authorization Requests (RAR) that are essential parts for granting fine-grained access privileges and scopes in API authorization.

Service providers that integrate Authlete 2.2 into their API infrastructure can develop and deploy standards-compliant APIs at lower cost and shorter time to implement.

Supported major standards in Authlete 2.2

  • Financial-grade API Security Profile 1.0 - Part 1: Baseline
  • Financial-grade API Security Profile 1.0 - Part 2: Advanced
  • JWT Secured Authorization Request (JAR)
  • OAuth 2.0 Pushed Authorization Requests (PAR)
  • OAuth 2.0 Rich Authorization Requests (RAR)
  • OAuth 2.0 Demonstration of Proof-of-Posession at the Application Layer (DPoP)
  • OpenID Connect for Identity Assurance 1.0 (IDA)

See Authlete 2.2 Release Notes for technical details.