Inferensys

Glossary

FAPI (Financial-grade API)

The Financial-grade API (FAPI) is a high-security profile of OAuth 2.0 and OpenID Connect, defined by the OpenID Foundation, designed to protect sensitive financial transactions and data accessed by applications, including autonomous AI agents.
Procurement manager reviewing autonomous AI agent dashboard on laptop, purchase orders visible, office afternoon light.
API AUTHENTICATION FLOWS

What is FAPI (Financial-grade API)?

The Financial-grade API (FAPI) is a security profile that extends OAuth 2.0 and OpenID Connect with stringent requirements for high-risk transactions.

FAPI (Financial-grade API) is a highly secured profile of the OAuth 2.0 and OpenID Connect (OIDC) standards, defined by the OpenID Foundation, designed to meet the stringent security and privacy requirements of the financial industry and other sectors requiring high levels of assurance. It mandates specific cryptographic protections, token binding, and advanced threat mitigations to protect high-value data and transactions from sophisticated attacks, establishing a benchmark for secure API access.

The profile enforces the use of JWT-secured authorization requests (JAR), demonstration of proof-of-possession (DPoP) tokens, and mutual TLS (mTLS) for client authentication to prevent token replay and injection. By providing a certified, interoperable security baseline, FAPI enables AI agents and applications in regulated environments to execute tool calls and access sensitive backend systems with verifiable, zero-trust principles, ensuring compliance with global financial regulations.

FAPI (FINANCIAL-GRADE API)

Core Security Requirements & Mechanisms

The Financial-grade API (FAPI) is a highly secured OAuth 2.0 and OpenID Connect profile designed to meet the stringent security requirements of the financial industry and other high-assurance sectors. It defines specific security mechanisms and implementation requirements to protect against sophisticated attacks.

01

High-Level Security Profile

FAPI is not a new protocol but a security profile that mandates specific, stricter implementations of OAuth 2.0 and OpenID Connect. It is defined by the OpenID Foundation's FAPI Working Group. The profile is divided into two parts:

  • FAPI 1.0 Advanced (Read/Write API): For high-value transactions (e.g., payments, account modifications). Requires the strongest security controls, including sender-constrained tokens and PAR.
  • FAPI 1.0 Baseline (Read-Only API): For accessing sensitive data (e.g., account balances). Provides a high-security baseline that is a prerequisite for the Advanced profile. The goal is to create a standardized, interoperable, and highly secure API security layer that can be independently certified.
02

Sender-Constrained Access Tokens

A cornerstone of FAPI security is moving beyond simple bearer tokens. In standard OAuth, anyone in possession of a bearer token can use it. FAPI mandates sender-constrained tokens, where the client must prove possession of a key to use the token. The two primary methods are:

  • Mutual TLS (mTLS) for OAuth: The client presents a TLS certificate during the TLS handshake with the resource server. The access token is bound to the certificate's thumbprint (cnf claim). The resource server verifies the client's presented certificate matches the binding.
  • Demonstration of Proof-of-Possession (DPoP): The client signs a JWT containing the token's thumbprint and other data with a private key. This DPoP proof is sent with the API call. The resource server validates the signature using the public key bound to the token. This prevents token replay if the token is stolen from a client's storage.
03

Pushed Authorization Request (PAR)

FAPI requires the use of Pushed Authorization Requests (PAR, RFC 9126) for the Authorization Code flow. Instead of sending all authorization request parameters via the user's browser (front-channel), the client pushes them directly to the authorization server's PAR endpoint via a secure back-channel request (authenticated with private_key_jwt). Process:

  1. Client sends a complete authorization request (including code_challenge for PKCE) to the PAR endpoint.
  2. Authorization server validates the request, stores it, and returns a unique request_uri.
  3. Client redirects the user's browser to the authorization endpoint with only the client_id and request_uri. Benefits:
  • Prevents parameter tampering and injection via the browser.
  • Allows for full request validation before user interaction.
  • Enables the use of long, complex parameters without URL length limits.
04

Strict Client Authentication

FAPI enforces strong client authentication to the authorization server, moving beyond simple client secrets. The required method is private_key_jwt client authentication. How it works:

  • The client registers a public key (in JWK format) with the authorization server.
  • For authentication (e.g., at the token endpoint), the client creates a JWT (the client assertion) signed with its corresponding private key.
  • This JWT includes claims like iss (client ID), sub (client ID), aud (authorization server URL), and jti (unique token ID).
  • The authorization server validates the JWT's signature using the registered public key and the claims. This method is highly secure as it doesn't rely on a shared secret and provides non-repudiation. It is used for all back-channel communications, including the PAR endpoint and token endpoint.
05

Cryptographic Requirements & Key Management

FAPI specifies precise cryptographic algorithms to ensure interoperability and eliminate weak options. Key requirements include:

  • Signing Algorithms: Mandates PS256 (RSA PSS) or ES256 (ECDSA) for JWTs (ID tokens, client assertions, DPoP proofs). Insecure algorithms like none or HS256 are prohibited.
  • Encryption: For sensitive data, requires JWE encryption using strong algorithms like RSA-OAEP for key encryption and A256GCM for content encryption.
  • TLS: Mandates TLS 1.2 or higher with specific cipher suites, and often requires mutual TLS (mTLS) for certain endpoints.
  • Key Management: Clients and servers must securely generate, store, and rotate cryptographic keys. The use of Hardware Security Modules (HSMs) or secure cloud key management services is strongly encouraged for protecting private keys, especially in production financial environments.
06

Security Integration for AI Agents

For AI agents performing tool calling and API execution, integrating with FAPI-protected services requires a specialized security architecture:

  • Credential Management: The agent's platform must securely store and manage the client's private key for private_key_jwt authentication, never exposing it in prompts or logs.
  • Dynamic Proof Generation: The agent must be able to dynamically generate signed JWTs (client assertions, DPoP proofs) for each authenticated request, which requires access to a secure signing module.
  • PAR Execution: The agent's OAuth client must implement the full PAR flow, handling the back-channel push before initiating user-facing authorization.
  • Token Binding Enforcement: When calling a FAPI resource server, the agent must correctly present the mTLS certificate or DPoP proof alongside the access token.
  • Audit Logging: All steps—key usage, token requests, PAR calls—must be immutably logged for compliance with financial-grade audit trails. This ensures the autonomous agent's actions are as secure and verifiable as a human-driven integration.
SECURITY PROFILES

FAPI 1.0: Baseline vs. Advanced Profiles

A comparison of the two security profiles defined within the Financial-grade API (FAPI) 1.0 specification, detailing the mandatory and optional security controls for each.

Security Feature / ControlFAPI 1.0 Baseline ProfileFAPI 1.0 Advanced Profile

Primary Objective

Protect against web-based attacks (e.g., CSRF, XSS).

Protect against sophisticated attacks, including credential stuffing and token replay.

Client Authentication

Mandatory: Private Key JWT or Mutual TLS (mTLS).

Mandatory: Mutual TLS (mTLS). Private Key JWT is not permitted.

Authorization Code Flow

Required. Must use Proof Key for Code Exchange (PKCE).

Required. Must use Proof Key for Code Exchange (PKCE).

Access Token Format

Must be a JWT (JSON Web Token).

Must be a JWT (JSON Web Token).

Token Binding to TLS Channel

Not required.

Mandatory: mTLS-bound access tokens (RFC 8705).

Sender-Constrained Tokens

Recommended.

Required via mTLS sender constraint.

Request Object (JAR)

Required. Must be signed (JWS) and optionally encrypted (JWE).

Required. Must be signed (JWS) and encrypted (JWE).

Pushed Authorization Request (PAR)

Recommended.

Required. All authorization requests must be pushed via the PAR endpoint.

Dynamically Registered Clients

Required support.

Required support.

Token Replay Protection

Recommended (e.g., using jti claim).

Required via mTLS binding and/or other server-side mechanisms.

Security Event Token (SET) Delivery

Not required.

Required for critical events (e.g., token revocation, credential change).

FAPI

Frequently Asked Questions

The Financial-grade API (FAPI) is a security profile that extends OAuth 2.0 and OpenID Connect with stringent requirements for high-value transactions. These questions address its core purpose, technical mechanisms, and implementation considerations.

The Financial-grade API (FAPI) is a highly secured, standardized profile of the OAuth 2.0 and OpenID Connect (OIDC) protocols, designed by the OpenID Foundation to meet the stringent security and privacy requirements of the financial industry and other sectors handling high-value data.

It is not a new protocol but a set of mandatory and recommended security enhancements built on top of existing standards. Its primary goal is to provide a high level of assurance for API security, ensuring strong client authentication, cryptographic message integrity, and protection against a wide range of attacks. While born in finance, its robust security posture makes it applicable to any industry requiring confidential data protection, such as healthcare and government services.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.