FAPI (Financial-grade API) is a highly secured profile of the OAuth 2.0 and OpenID Connect (OIDC) standards, defined by the OpenID Foundation, designed to meet the stringent security and privacy requirements of the financial industry and other sectors requiring high levels of assurance. It mandates specific cryptographic protections, token binding, and advanced threat mitigations to protect high-value data and transactions from sophisticated attacks, establishing a benchmark for secure API access.
Glossary
FAPI (Financial-grade API)

What is FAPI (Financial-grade API)?
The Financial-grade API (FAPI) is a security profile that extends OAuth 2.0 and OpenID Connect with stringent requirements for high-risk transactions.
The profile enforces the use of JWT-secured authorization requests (JAR), demonstration of proof-of-possession (DPoP) tokens, and mutual TLS (mTLS) for client authentication to prevent token replay and injection. By providing a certified, interoperable security baseline, FAPI enables AI agents and applications in regulated environments to execute tool calls and access sensitive backend systems with verifiable, zero-trust principles, ensuring compliance with global financial regulations.
Core Security Requirements & Mechanisms
The Financial-grade API (FAPI) is a highly secured OAuth 2.0 and OpenID Connect profile designed to meet the stringent security requirements of the financial industry and other high-assurance sectors. It defines specific security mechanisms and implementation requirements to protect against sophisticated attacks.
High-Level Security Profile
FAPI is not a new protocol but a security profile that mandates specific, stricter implementations of OAuth 2.0 and OpenID Connect. It is defined by the OpenID Foundation's FAPI Working Group. The profile is divided into two parts:
- FAPI 1.0 Advanced (Read/Write API): For high-value transactions (e.g., payments, account modifications). Requires the strongest security controls, including sender-constrained tokens and PAR.
- FAPI 1.0 Baseline (Read-Only API): For accessing sensitive data (e.g., account balances). Provides a high-security baseline that is a prerequisite for the Advanced profile. The goal is to create a standardized, interoperable, and highly secure API security layer that can be independently certified.
Sender-Constrained Access Tokens
A cornerstone of FAPI security is moving beyond simple bearer tokens. In standard OAuth, anyone in possession of a bearer token can use it. FAPI mandates sender-constrained tokens, where the client must prove possession of a key to use the token. The two primary methods are:
- Mutual TLS (mTLS) for OAuth: The client presents a TLS certificate during the TLS handshake with the resource server. The access token is bound to the certificate's thumbprint (
cnfclaim). The resource server verifies the client's presented certificate matches the binding. - Demonstration of Proof-of-Possession (DPoP): The client signs a JWT containing the token's thumbprint and other data with a private key. This DPoP proof is sent with the API call. The resource server validates the signature using the public key bound to the token. This prevents token replay if the token is stolen from a client's storage.
Pushed Authorization Request (PAR)
FAPI requires the use of Pushed Authorization Requests (PAR, RFC 9126) for the Authorization Code flow. Instead of sending all authorization request parameters via the user's browser (front-channel), the client pushes them directly to the authorization server's PAR endpoint via a secure back-channel request (authenticated with private_key_jwt).
Process:
- Client sends a complete authorization request (including
code_challengefor PKCE) to the PAR endpoint. - Authorization server validates the request, stores it, and returns a unique
request_uri. - Client redirects the user's browser to the authorization endpoint with only the
client_idandrequest_uri. Benefits:
- Prevents parameter tampering and injection via the browser.
- Allows for full request validation before user interaction.
- Enables the use of long, complex parameters without URL length limits.
Strict Client Authentication
FAPI enforces strong client authentication to the authorization server, moving beyond simple client secrets. The required method is private_key_jwt client authentication.
How it works:
- The client registers a public key (in JWK format) with the authorization server.
- For authentication (e.g., at the token endpoint), the client creates a JWT (the client assertion) signed with its corresponding private key.
- This JWT includes claims like
iss(client ID),sub(client ID),aud(authorization server URL), andjti(unique token ID). - The authorization server validates the JWT's signature using the registered public key and the claims. This method is highly secure as it doesn't rely on a shared secret and provides non-repudiation. It is used for all back-channel communications, including the PAR endpoint and token endpoint.
Cryptographic Requirements & Key Management
FAPI specifies precise cryptographic algorithms to ensure interoperability and eliminate weak options. Key requirements include:
- Signing Algorithms: Mandates PS256 (RSA PSS) or ES256 (ECDSA) for JWTs (ID tokens, client assertions, DPoP proofs). Insecure algorithms like
noneorHS256are prohibited. - Encryption: For sensitive data, requires JWE encryption using strong algorithms like
RSA-OAEPfor key encryption andA256GCMfor content encryption. - TLS: Mandates TLS 1.2 or higher with specific cipher suites, and often requires mutual TLS (mTLS) for certain endpoints.
- Key Management: Clients and servers must securely generate, store, and rotate cryptographic keys. The use of Hardware Security Modules (HSMs) or secure cloud key management services is strongly encouraged for protecting private keys, especially in production financial environments.
Security Integration for AI Agents
For AI agents performing tool calling and API execution, integrating with FAPI-protected services requires a specialized security architecture:
- Credential Management: The agent's platform must securely store and manage the client's private key for
private_key_jwtauthentication, never exposing it in prompts or logs. - Dynamic Proof Generation: The agent must be able to dynamically generate signed JWTs (client assertions, DPoP proofs) for each authenticated request, which requires access to a secure signing module.
- PAR Execution: The agent's OAuth client must implement the full PAR flow, handling the back-channel push before initiating user-facing authorization.
- Token Binding Enforcement: When calling a FAPI resource server, the agent must correctly present the mTLS certificate or DPoP proof alongside the access token.
- Audit Logging: All steps—key usage, token requests, PAR calls—must be immutably logged for compliance with financial-grade audit trails. This ensures the autonomous agent's actions are as secure and verifiable as a human-driven integration.
FAPI 1.0: Baseline vs. Advanced Profiles
A comparison of the two security profiles defined within the Financial-grade API (FAPI) 1.0 specification, detailing the mandatory and optional security controls for each.
| Security Feature / Control | FAPI 1.0 Baseline Profile | FAPI 1.0 Advanced Profile |
|---|---|---|
Primary Objective | Protect against web-based attacks (e.g., CSRF, XSS). | Protect against sophisticated attacks, including credential stuffing and token replay. |
Client Authentication | Mandatory: Private Key JWT or Mutual TLS (mTLS). | Mandatory: Mutual TLS (mTLS). Private Key JWT is not permitted. |
Authorization Code Flow | Required. Must use Proof Key for Code Exchange (PKCE). | Required. Must use Proof Key for Code Exchange (PKCE). |
Access Token Format | Must be a JWT (JSON Web Token). | Must be a JWT (JSON Web Token). |
Token Binding to TLS Channel | Not required. | Mandatory: mTLS-bound access tokens (RFC 8705). |
Sender-Constrained Tokens | Recommended. | Required via mTLS sender constraint. |
Request Object (JAR) | Required. Must be signed (JWS) and optionally encrypted (JWE). | Required. Must be signed (JWS) and encrypted (JWE). |
Pushed Authorization Request (PAR) | Recommended. | Required. All authorization requests must be pushed via the PAR endpoint. |
Dynamically Registered Clients | Required support. | Required support. |
Token Replay Protection | Recommended (e.g., using | Required via mTLS binding and/or other server-side mechanisms. |
Security Event Token (SET) Delivery | Not required. | Required for critical events (e.g., token revocation, credential change). |
Frequently Asked Questions
The Financial-grade API (FAPI) is a security profile that extends OAuth 2.0 and OpenID Connect with stringent requirements for high-value transactions. These questions address its core purpose, technical mechanisms, and implementation considerations.
The Financial-grade API (FAPI) is a highly secured, standardized profile of the OAuth 2.0 and OpenID Connect (OIDC) protocols, designed by the OpenID Foundation to meet the stringent security and privacy requirements of the financial industry and other sectors handling high-value data.
It is not a new protocol but a set of mandatory and recommended security enhancements built on top of existing standards. Its primary goal is to provide a high level of assurance for API security, ensuring strong client authentication, cryptographic message integrity, and protection against a wide range of attacks. While born in finance, its robust security posture makes it applicable to any industry requiring confidential data protection, such as healthcare and government services.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
FAPI builds upon and interacts with a suite of established security standards and protocols. Understanding these related concepts is essential for implementing a complete, high-assurance authentication architecture.
OAuth 2.0
The foundational authorization framework upon which FAPI is built. FAPI is a strict, opinionated security profile of OAuth 2.0, adding mandatory constraints where the base specification is permissive.
- Core Relationship: FAPI does not define new flows; it mandates how existing OAuth 2.0 flows (like Authorization Code with PKCE) must be secured.
- Key Differences: Where OAuth 2.0 allows bearer tokens, FAPI requires sender-constrained tokens (e.g., mTLS). Where OAuth 2.0 suggests PKCE for public clients, FAPI demands it.
OpenID Connect (OIDC)
The identity layer on top of OAuth 2.0. FAPI leverages and extends OIDC to provide high-assurance authentication for financial transactions.
- FAPI 1.0 Advanced: This profile is explicitly built on OpenID Connect, requiring the use of signed ID Tokens to convey identity claims.
- Hybrid Flow: FAI often mandates the OIDC Hybrid Flow, which returns both an authorization code and an ID token in the initial response, enhancing security and user experience.
JWT (JSON Web Token)
The token format that is central to FAPI's security model. FAPI mandates the use of JWTs for access tokens and ID tokens to enable cryptographic validation.
- Signed Claims: All tokens must be signed as JSON Web Signatures (JWS), allowing resource servers to validate their integrity and origin without a network call.
- Strict Validation: FAPI specifies required JWT claims (e.g.,
iss,aud,exp,iat) and enforces tight tolerances for timestamps to prevent replay attacks.
Mutual TLS (mTLS)
A core sender-constraining mechanism mandated by FAPI to bind an access token to a specific client. It prevents stolen tokens from being used by unauthorized parties.
- How it Works: During the TLS handshake, the client presents its X.509 certificate to the server. The issued access token is cryptographically bound to this certificate.
- FAPI Requirement: For confidential clients (like backend servers), FAPI requires the use of mTLS or Demonstrating Proof-of-Possession (DPoP) to present access tokens, moving beyond simple bearer token usage.
Proof Key for Code Exchange (PKCE)
An OAuth 2.0 security extension that is mandatory in FAPI for all public clients (e.g., mobile apps, SPAs). It mitigates authorization code interception attacks.
- Code Verifier & Challenge: The client creates a cryptographically random
code_verifierand sends a derivedcode_challengewith the authorization request. It must later present the originalcode_verifierto exchange the code for a token. - FAPI Enforcement: FAPI requires PKCE S256 (the SHA-256 hashing method), banning the plain
transformmethod for stronger security.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us