Financial-grade API (FAPI) 2.0

Overview

Financial-grade API (FAPI) 2.0 is a set of specifications aimed at enhancing the security and interoperability of financial APIs, primarily in the context of the financial services and banking industry. It represents a significant evolution from FAPI 1.0, introducing advanced security measures and improved standards to address the growing challenges in the financial sector.

FAPI 2.0 Security Profile

FAPI 2.0 Security Profile is an API security profile that builds upon OAuth 2.0, with a focus on providing robust security measures for financial APIs. For guidance on implementing the FAPI 2.0 Security Profile with Authlete, see the following article:

FAPI 2.0 Message Signing

FAPI 2.0 Message Signing (hereinafter referred to as FAPI2 MS) profile is a subset of FAPI 2.0 that extends FAPI 2.0 Security profile as its foundation and deals with message signing. FAPI2 MS profile primarily defines four categories of requirements:

  1. Signing Authorization Requests
  2. Signing Authorization Responses
  3. Signing Introspection Responses
  4. Signing HTTP Messages

For detailed instructions on how to implement these features with Authlete, please refer to the following articles: