Tool 97 · Open Banking & APIs · cat-5

FAPI Security Header
& Compliance Validator

Paste raw HTTP response headers or an authorization request URL and instantly validate against FAPI 1.0 Read-Write, FAPI 2.0 Security Profile, UK OB Security Profile, PSD2 RTS Article 98, and Berlin Group NextGenPSD2. Outputs a pass/fail report with remediation guidance. Client-side only — no credentials leave your browser.

Zero PII · Client-Side Only FAPI 1.0 · FAPI 2.0 · UK OB · PSD2 RTS Header Validator · OAuth Analyzer Security Engineer · API Dev · Compliance
Select Standard
Input Mode
Possible real JWT detected. This input appears to contain a real signed token (3-part base64 structure). Please use synthetic tokens for testing. No data is transmitted from this tool.
No data leaves your browser. Validation is 100% client-side. Tab close = data gone.
FAPI Profile
No data leaves your browser. No keys or credentials are extracted or stored.
Comparison across FAPI 1.0 Baseline · FAPI 1.0 Advanced · FAPI 2.0 · UK OB · PSD2 RTS Art. 98 · Berlin Group NextGenPSD2
Requirement / Feature FAPI 1.0 Baseline FAPI 1.0 Advanced (RW) FAPI 2.0 UK OB Security PSD2 RTS Art. 98 Berlin Group NG-PSD2
Required HTTP Security Headers by Profile
Related Tools
Tool 19 — Cat-5
SCA Exemption & FAPI Payload Generator
Generate FAPI JWT payloads to test here
Tool 88 — Compliance
Compliance Readiness Assessment
Validate entity-level FAPI + PSD3 posture
Tool 92 — Cat-5
SCA Exemption Mapper
Map SCA exemptions across EU / UK frameworks
All reference data is embedded. No external requests.