Abstract: The FAPI 2.0 Security Profile is an API security profile based on the OAuth 2.0 Authorization Framework and related specifications that aims to reach the security goals laid out in the FAPI 2.0 Attacker Model so that it is suitable for protecting APIs in high-value scenarios. It also follows the recommendations in the OAuth Security BCP.
FAPI 2.0 specifies the process for a client to obtain sender-constrained tokens from an authorization server and use them securely with resource servers. The OpenID Foundation FAPI Working Group publishes additional documents that build on this profile as part of the FAPI 2.0 framework.
The security property is formally analysed under the aforementioned attacker model.
Update your browser to view this website correctly.