The OpenID Foundation is pleased to announce the availability of conformance tests and certifications for the final versions of the FAPI 2.0 Security Profile and FAPI 2.0 Message Signing specifications for both authorization servers and OAuth clients. FAPI 2.0 Security Profile was approved as a Final specification in February 2025, and FAPI 2.0 Message Signing is currently undergoing public review and voting. Upon successful completion, it will be published as a final specification in August 2025.
OpenID Foundation’s FAPI Working Group and many invited experts have worked extensively on the specification to make it simpler, easier to understand, more secure, and more interoperable. This version has been through formal security analysis by the University of Stuttgart.
Since the FAPI 2.0 implementer’s drafts were published, there have been many editorial changes: new introduction sections, formatting, corrected typos, section renumbering, updated references to sections of this document and other specifications, and added acknowledgments. Details of the updates are summarized, including any impacts on existing FAPI 2.0 implementations, in this March 2025 blog: Implementer’s Guide: FAPI 2.0 Final vs. Implementer’s Draft 2.0.
Links to the FAPI 2.0 Final Specifications:
The approval of these FAPI 2.0 Final Specifications and the launch of the conformance tests and certifications is an important milestone, not only for the OpenID Foundation, but also:
-
global open finance/open data ecosystems that have adopted prior versions of FAPI and are transitioning to FAPI 2.0,
-
and new ecosystems coming online with plans to adopt FAPI 2.0 final specifications and certifications.
The OpenID Foundation kindly thanks the FAPI Working Group co-chairs and the many contributors for getting the FAPI 2.0 final specifications successfully across the finish line. It also thanks the certification program team for the development and launch of the conformance tests and certifications.
Additional resources:
About the OpenID Foundation
The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.
The post FAPI 2.0 Security Profile and FAPI 2.0 Message Signing: Final Conformance Tests and Certifications Now Available first appeared on OpenID Foundation.