Overview#FAPI Read Write API Security Profile is a draft by the OpenID Foundation as part of the Financial API
FAPI Read Write API Security Profile specifies a profile of OAuth 2.0 Grant Type that is suitable to be used in write access to Financial Data (also known as transaction access) and other similar higher risk access. This document specifies the controls against attacks such as:
- authorization request tampering
- authorization response tampering including code injection
- state injection,
- token request phishing.
More Information#There might be more information for this subject on one of the following:
- [#1] - Financial-grade API - Part 2: Read and Write API Security Profile - based on information obtained 2019-09-03