Skip to main content

FAPI compliance

FAPI compliance enables you to meet Financial-grade API security requirements for Open Banking, Open Finance, and regulated data sharing initiatives. Pre-configured FAPI 1.0 and 2.0 profiles accelerate compliance while maintaining the advanced security controls required by global regulators.

💡 Why this matters
You meet mandatory regulatory requirements while reducing compliance complexity and accelerating time-to-market for regulated financial APIs and data sharing services.

Key capabilities​

  • Pre-configured FAPI profiles – Ready-to-deploy FAPI 1.0 and 2.0 Baseline and Advanced profiles
  • Strong Customer Authentication – Adaptive MFA, biometrics, and passkeys meeting SCA requirements
  • Consent management – Capture, store, and enforce user consent with full audit trails and revocation
  • Request object security – JWT Secured Authorization Requests (JAR) and Pushed Authorization Requests (PAR)
  • Client attestation – Verify client trust through software statements and dynamic client registration
  • Token binding – Implement mTLS, DPoP, and other proof-of-possession mechanisms

Outcomes​

Organizations that implement FAPI compliance typically achieve:

  • Regulatory compliance with PSD2, CDR, Open Banking, and similar global mandates
  • Reduced compliance costs through pre-built, tested security profiles
  • Faster market entry with accelerated regulatory approval processes

Design principles​

  • Start with regulatory requirements specific to your jurisdiction and use cases
  • Use certified profiles to ensure compliance and interoperability with ecosystem partners
  • Implement comprehensive logging for regulatory audit and reporting requirements
  • Plan for ongoing compliance with profile updates and regulatory changes

Where to configure​

Use these guides to implement FAPI compliance:

Compliance note​

FAPI compliance is specifically designed to meet regulatory requirements for PSD2, Consumer Data Right (CDR), Open Banking initiatives, and similar financial data sharing mandates worldwide.

FAQ​

Which FAPI versions are supported?

SecureAuth supports both FAPI 1.0 (Baseline and Advanced) and FAPI 2.0 profiles with pre-configured security controls and compliance features.

What global regulations does this address?

FAPI compliance supports PSD2 (EU), UK Open Banking, Australia CDR, Brazil Open Finance, and other global financial data sharing regulations.

How does consent management work?

Built-in consent capture, storage, and enforcement with user-friendly interfaces, audit trails, and the ability for users to revoke consent at any time.

Is client certification required?

FAPI compliance includes client attestation and software statement verification, supporting the certification requirements of various Open Banking ecosystems.

Can this integrate with existing banking systems?

Yes. FAPI compliance works as an authorization layer that integrates with existing core banking systems, API gateways, and financial service platforms.