

Financial -grade API (FAPI) Security¶

Financial-grade API (FAPI), a specification that extends the OAuth and OIDC frameworks, was introduced by the FAPI Working Group and defines additional technical requirements to secure APIs. Even though FAPI was initially defined for financial services, it is appropriate for any critical API whose security is the highest priority.

For Open Banking/ Open Finance use cases, since robust API and data security is a must, most of the emerging technical specifications for Open Banking/ Open Finance have mandated FAPI Security for exposing financial APIs such as: - Open Banking UK - Consumer Data Standards (CDS), Australia - The Financial Data Exchange (FDX), USA

The following diagram illustrates how FAPI-compliant features combine to secure applications

fapi

WSO2 Identity Server 7.0.0 onwards, FAPI Security is supported from the base product itself and for more information on configuring the FAPI features, please visit WSO2 IS Documentation on FAPI

WSO2 Open Banking Accelerators have been certified as an OpenID FAPI1-Advanced OpenID Provider as in https://openid.net/certification/

Top