This page is for Authlete 3.x. For Authlete 2.x documentation, see Financial-grade API (FAPI) Basics.
Overview
FAPI 2.0 is a set of specifications designed to enhance the security and interoperability of APIs, primarily in the financial services and banking sectors. It represents a significant evolution from FAPI 1.0, introducing advanced security measures and refined standards to meet the growing challenges across a range of industries.FAPI 2.0 Security Profile
FAPI 2.0 Security Profile (Final) is an API security profile that builds upon OAuth 2.0, with a focus on providing robust security measures for APIs across various industries. For guidance on supporting FAPI 2.0 Security Profile with Authlete, see the following article:FAPI 2.0 Message Signing Profile
FAPI 2.0 Message Signing Profile (hereinafter referred to as FAPI2 MS) is a subset of FAPI 2.0 that extends FAPI 2.0 Security Profile as its foundation and deals with message signing. FAPI2 MS Profile primarily defines four categories of requirements:- Signing Authorization Requests
- Signing Authorization Responses
- Signing Introspection Responses
- Signing ID Tokens