jspωiki
FAPI Read Write API Security Profile

Overview#

FAPI Read Write API Security Profile is a draft by the OpenID Foundation as part of the Financial API

FAPI Read Write API Security Profile specifies a profile of OAuth 2.0 Grant Type that is suitable to be used in write access to Financial Data (also known as transaction access) and other similar higher risk access. This document specifies the controls against attacks such as:

  • authorization request tampering
  • authorization response tampering including code injection
  • state injection,
  • token request phishing.
Additional details are available in the security considerations section.

More Information#

There might be more information for this subject on one of the following: