Skip to main content

Corppass FAPI 2.0 Staging Environment Now Available

Mandon Kho
Updated

Dear Partners,

As part of our ongoing commitment to strengthen security standards and align with global security best practices, Corppass is adopting Financial-grade API (FAPI) 2.0 for all APIs.

We are pleased to announce that the Corppass FAPI 2.0 staging environment is now available.

What you need to know:

  • Mandatory Compliance: All new apps created on the Corppass Developer Portal (CDP) from 23 March 2026 must be FAPI 2.0 compliant. Existing apps must be migrated to FAPI 2.0 by 31 March 2027.
  • Privacy enhancements to Corppass Login apps:
    • Added security via PAR (Pushed Authorisation Requests): Authorisation parameters are now sent securely server-to-server before redirecting users, reducing tampering risks, eliminating large URL payloads, and significantly strengthening the platform’s financial-grade security posture.
    • Modernised Token Structure: FAPI 2.0 replaces the legacy flat token with a clean hierarchical format - separating the subject (sub), profile attributes (sub_attributes), and actor info (act) to clearly identify entity vs acting user.
    • More Granular Scopes: New fine-grained scopes (e.g., entity.identity, user.name) provide partners with precise control over identity data requests.
    • Standardised Userinfo Endpoints: The old /authorization-info API has been replaced by the OIDC-standard /userinfo endpoint, accessed with a DPoP-bound access token.
  • Engagement Session: Technical briefing with Q&A will be held on 31 March 2026 to support you in your migration. The briefing materials will be shared after the session.

What you need to do:

  1. Review Documentation: Refer to the Corppass FAPI 2.0 Integration Guide and Migration guide to review the relevant technical information.
  2. Submit Migration Timeline & RSVP: Please use this link to indicate your planned migration window for FAPI 2.0 and register for the virtual technical briefing.
    1. Date/Time: 31 March 2026, 10am – 12pm (Singpass and Corppass FAPI 2.0)
    2. Note: Even if you are unable to attend, please complete the form to indicate your migration timeline.

Timeline Summary

Date Milestone
23 February 2026 Corppass FAPI 2.0 staging environment is now live.
23 March 2026 Corppass FAPI 2.0 production environment will be live.
31 March 2026 Attend the Singpass and Corppass FAPI 2.0 engagement session.
31 March 2027 All Corppass e-services must be FAPI 2.0 compliant.

Thank you for your continued partnership in strengthening security and trust across all digital services. If you have any questions, please reach out to our support team here.

Best regards,

Corppass team

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk