#compliance

The official US government foreign-exchange rates, served live from the US Treasury's FiscalData API — no key, nothing cached. These are the rates the federal government uses to convert foreign-currency balances into US dollars for reporting, and US companies use them for tax and compliance; they are published every quarter for around 168 currencies and go back two decades. The rates endpoint returns the whole quarterly set — every country and currency with its rate to one US dollar (the euro near 0.87, the yen near 159) — and accepts a date to pull any past quarter. The currency endpoint returns one currency's official rate with its history quarter by quarter, looked up by ISO code, country or currency name. The convert endpoint turns an amount from any currency into any other, crossed through the US dollar at the official Treasury rate. Everything is the Treasury's own published data, live, nothing stored; rates are quarterly and authoritative for accounting, not a live market quote. This is the official FX layer for any accounting, tax-compliance, treasury, government-contracting or historical-FX app. Distinct from central-bank and market FX APIs — this is the US Treasury's quarterly reporting rates of exchange. 4 endpoints, no key on our side.

api.oanor.com/treasuryfx-api

Recupera e analizza il file security.txt RFC 9116 di qualsiasi dominio — il file leggibile dalla macchina situato in /.well-known/security.txt che indica ai ricercatori di sicurezza come segnalare le vulnerabilità. Fornisci un dominio e il servizio localizza il file (il percorso canonico .well-known con un fallback legacy alla radice), analizza ogni campo — Contact, Expires, Encryption, Acknowledgments, Preferred-Languages, Canonical, Policy, Hiring e CSAF — e segnala se è valido (ha almeno un Contact e un singolo Expires non scaduto), se è firmato PGP, se è scaduto (con il numero di giorni rimanenti) e un elenco di problemi con consigli concreti. Un endpoint complementare restituisce il file grezzo. La richiesta è eseguita lato server; i target privati e interni vengono rifiutati (protetto da SSRF). Progettato per audit di sicurezza, valutazione del rischio di fornitori e terze parti, revisioni della superficie d'attacco e controlli di conformità delle politiche di divulgazione delle vulnerabilità. Un parser e validatore di security.txt — distinto dal grader delle intestazioni di sicurezza HTTP (secheaders), dal controllo del certificato SSL/TLS (sslcheck) e dalla raggiungibilità dell'host (hostcheck). Nessuna chiave upstream, nessuna cache.

api.oanor.com/securitytxt-api

The full SPDX License List as an API — all 729 software licenses with metadata and the complete license text for each. Look up any license by its SPDX id (e.g. MIT, Apache-2.0, GPL-3.0-only, MPL-2.0) and get the exact, canonical license text plus its name, reference URL, see-also links and standard header. Search or list licenses by name/id and filter by OSI-approved (Open Source Initiative), FSF-libre (Free Software Foundation) or deprecated status. Ideal for SBOM / license-compliance tooling, package managers, repository scanners, legal review, and open-source governance dashboards.

api.oanor.com/licenses-api

Search official US FDA product recalls — food, drugs and medical devices — from the openFDA enforcement reports. Filter by category, recalling firm, US state, hazard classification (Class I/II/III) and recall status, or look up a single recall by its number. Each record includes the firm, product, reason for recall, distribution and dates. Ideal for compliance monitoring, food-safety, pharma QA, insurance and legal research.

api.oanor.com/recalls-api