FAPI is a refinement of the Oath standard developed by the Open ID Foundation.

It was conceived to solve a core problem of providing a consistent approach to API security across a financial industry,

with the goal of enhancing interoperability of financial data exchange.

It has now been adopted across many different industries and applications where there is an API that requires a heightened

authorization security implementation.

OTHLEET is a service that provides a set of APIs to implement Oath authorization servers

and Open ID Connect identity providers, allowing either to be easily made FAPE compliant.

Joseph Hinnon is the CTO at OTHLET, and he also leads the certification program at the Open ID Foundation.

He joins the podcast with Gerger Van to talk about the origins of FAPI, the motivations for its creation, the status of FAPI development, and more.

Gregor Vand is a security focused technologist and is the founder and CTO of MailPass.

Previously, Gregor was a CTO across cybersecurity, cyber insurance, and general software engineering companies.

He has been based in Asia Pacific for almost a decade and can be found via his profile at vand.hk.

Music his profile at vand.hk. Hi Joseph. Welcome to Software Engineering Daily.

Thanks, Gregor. Great to be here.

Yeah, Joseph, it's great to be speaking today.

We did have Offleet on the podcast.

I think it was back in April, and we learned a really good amount of things really around

the OAuth spec and the way that Offley implements that specifically.

But today we're going to be focusing on kind of a different piece of the Offly stack,

if we could call it that, which is FAPI.

And obviously we can get onto what on earth it is FAPI and what does it even stand for,

etc.

...