Tool 97 · Open Banking & APIs · cat-5

FAPI Security Header
& Compliance Validator

Paste raw HTTP response headers or an authorization request URL and instantly validate against FAPI 1.0 Read-Write, FAPI 2.0 Security Profile, UK OB Security Profile, PSD2 RTS Article 98, and Berlin Group NextGenPSD2. Outputs a pass/fail report with remediation guidance. Client-side only — no credentials leave your browser.

FAPI 1.0 · FAPI 2.0 · UK OB · PSD2 RTS Header Validator · OAuth Analyzer Security Engineer · API Dev · Compliance FAPI 2.0 non-compliance blocks Open Banking participation in UK/EU/AU markets. v1.0
Select Standard
Input Mode
Possible real JWT detected. This input appears to contain a real signed token (3-part base64 structure). Please use synthetic tokens for testing. No data is transmitted from this tool.
Scope & reliance — 🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only. Embedded rates, thresholds, and regulatory citations are static reference values that may age — verify against current primary sources and your own data before relying on any output for commercial, legal, or compliance decisions. Deterministic logic · no inference · zero PII · CC BY 4.0.
Educational Use Only This tool provides a self-assessment / educational framework for internal planning purposes only. It is not a regulatory audit, legal advice, or a substitute for a formal compliance review by a qualified advisor. Verify all interpretations against the official source text and applicable RTS/ITS/guidance published by the relevant authority.
FAPI Profile
No data leaves your browser. No keys or credentials are extracted or stored.
Comparison across FAPI 1.0 Baseline · FAPI 1.0 Advanced · FAPI 2.0 · UK OB · PSD2 RTS Art. 98 · Berlin Group NextGenPSD2
Requirement / Feature FAPI 1.0 Baseline FAPI 1.0 Advanced (RW) FAPI 2.0 UK OB Security PSD2 RTS Art. 98 Berlin Group NG-PSD2
Required HTTP Security Headers by Profile
Related Tools
Tool 19 — Cat-5
SCA Exemption & FAPI Payload Generator
Generate FAPI JWT payloads to test here
Tool 88 — Compliance
Compliance Readiness Assessment
Validate entity-level FAPI + PSD3 posture
Tool 92 — Cat-5
SCA Exemption Mapper
Map SCA exemptions across EU / UK frameworks
All reference data is embedded. No external requests.