#compliance

The official US government foreign-exchange rates, served live from the US Treasury's FiscalData API — no key, nothing cached. These are the rates the federal government uses to convert foreign-currency balances into US dollars for reporting, and US companies use them for tax and compliance; they are published every quarter for around 168 currencies and go back two decades. The rates endpoint returns the whole quarterly set — every country and currency with its rate to one US dollar (the euro near 0.87, the yen near 159) — and accepts a date to pull any past quarter. The currency endpoint returns one currency's official rate with its history quarter by quarter, looked up by ISO code, country or currency name. The convert endpoint turns an amount from any currency into any other, crossed through the US dollar at the official Treasury rate. Everything is the Treasury's own published data, live, nothing stored; rates are quarterly and authoritative for accounting, not a live market quote. This is the official FX layer for any accounting, tax-compliance, treasury, government-contracting or historical-FX app. Distinct from central-bank and market FX APIs — this is the US Treasury's quarterly reporting rates of exchange. 4 endpoints, no key on our side.

api.oanor.com/treasuryfx-api

Fetch and parse any domain's RFC 9116 security.txt — the machine-readable file at /.well-known/security.txt that tells security researchers how to report vulnerabilities. Pass a domain and the service locates the file (the canonical .well-known path with a legacy root fallback), parses every field — Contact, Expires, Encryption, Acknowledgments, Preferred-Languages, Canonical, Policy, Hiring and CSAF — and reports whether it is valid (has at least one Contact and a single, non-expired Expires), whether it is PGP-signed, whether it has expired (with the number of days remaining) and a list of issues with concrete advice. A companion endpoint returns the raw file. The request is made server-side; private and internal targets are refused (SSRF-guarded). Built for security audits, vendor and third-party risk assessment, attack-surface reviews and vulnerability-disclosure-policy compliance checks. A security.txt parser and validator — distinct from the HTTP security-header grader (secheaders), the SSL/TLS certificate check (sslcheck) and host reachability (hostcheck). No upstream key, no cache.

api.oanor.com/securitytxt-api

The full SPDX License List as an API — all 729 software licenses with metadata and the complete license text for each. Look up any license by its SPDX id (e.g. MIT, Apache-2.0, GPL-3.0-only, MPL-2.0) and get the exact, canonical license text plus its name, reference URL, see-also links and standard header. Search or list licenses by name/id and filter by OSI-approved (Open Source Initiative), FSF-libre (Free Software Foundation) or deprecated status. Ideal for SBOM / license-compliance tooling, package managers, repository scanners, legal review, and open-source governance dashboards.

api.oanor.com/licenses-api

Search official US FDA product recalls — food, drugs and medical devices — from the openFDA enforcement reports. Filter by category, recalling firm, US state, hazard classification (Class I/II/III) and recall status, or look up a single recall by its number. Each record includes the firm, product, reason for recall, distribution and dates. Ideal for compliance monitoring, food-safety, pharma QA, insurance and legal research.

api.oanor.com/recalls-api