Overview

FAPI 2.0 is a set of specifications aimed at enhancing the security and interoperability of APIs, primarily in the context of the financial services and banking industry. It represents a significant evolution from FAPI 1.0, introducing advanced security measures and improved standards to address the growing challenges in the financial sector.

FAPI 2.0 Security Profile

FAPI 2.0 Security Profile is an API security profile that builds upon OAuth 2.0, with a focus on providing robust security measures for financial APIs. For guidance on implementing the FAPI 2.0 Security Profile with Authlete, see the following article:

• Implementing FAPI 2.0 Security Profile with Authlete

FAPI 2.0 Message Signing

FAPI 2.0 Message Signing (hereinafter referred to as FAPI2 MS) profile is a subset of FAPI 2.0 that extends FAPI 2.0 Security profile as its foundation and deals with message signing. FAPI2 MS profile primarily defines four categories of requirements:

1. Signing Authorization Requests
2. Signing Authorization Responses
3. Signing Introspection Responses
4. Signing HTTP Messages

For detailed instructions on how to implement these features with Authlete, please refer to the following articles:

• Implementing FAPI2 Message Signing profile - Signing Authorization Requests with Authlete
• Implementing FAPI2 Message Signing profile - Signing Authorization Responses with Authlete
• Implementing FAPI2 Message Signing profile - Signing Introspection Responses with Authlete (TBW)
• Implementing FAPI2 Message Signing profile - Signing HTTP Messages with Authlete (TBW)