Introduction

The Financial-grade API is a highly secured OAuth profile that aims to provide specific implementation guidelines for security and interoperability.

Among other security enhancements, this specification provides a secure alternative to screen scraping.

Importantly, this profile does not provide non-repudiation (signing of authorization requests and responses) and sender-constrained access tokens.

5. Baseline security profile

5.1. Introduction

The OIDF Financial-grade API (FAPI) security profile specifies security requirements for API resources protected by the OAuth 2.0 Authorization Framework

FAPI Security Profile 1.0 - Part 1: Baseline and Part 2: Advanced specify different levels of security.

5.2.2