Overview

FAPI 2.0 is a set of specifications designed to enhance the security and interoperability of APIs, primarily in the financial services and banking sectors. It represents a significant evolution from FAPI 1.0, introducing advanced security measures and refined standards to meet the growing challenges across a range of industries.

FAPI 2.0 Security Profile

FAPI 2.0 Security Profile (Final) is an API security profile that builds upon OAuth 2.0, with a focus on providing robust security measures for APIs across various industries. For guidance on implementing the FAPI 2.0 Security Profile with Authlete, see the following article:

• Implementing FAPI 2.0 Security Profile with Authlete

FAPI 2.0 Message Signing

FAPI 2.0 Message Signing (hereinafter referred to as FAPI2 MS) profile is a subset of FAPI 2.0 that extends FAPI 2.0 Security profile as its foundation and deals with message signing. FAPI2 MS profile primarily defines four categories of requirements:

1. Signing Authorization Requests
2. Signing Authorization Responses
3. Signing Introspection Responses
4. Signing HTTP Messages

For detailed instructions on how to implement these features with Authlete, please refer to the following articles:

• Implementing FAPI2 Message Signing profile - Signing Authorization Requests with Authlete
• Implementing FAPI2 Message Signing profile - Signing Authorization Responses with Authlete
• Implementing FAPI2 Message Signing profile - Signing Introspection Responses with Authlete (TBW)
• Implementing FAPI2 Message Signing profile - Signing HTTP Messages with Authlete (TBW)