Difference between v3 and v4

The diagram below highlights the end to end flow of v4 APIs with key changes:

Myinfo v4 APIs bring about improved security posture, standards and features.

For the comprehensive list of changes, refer to our API Specs Release notes.

v3
v4
Justification

-

Proof of Key Code Exchange (PKCE) (Reference : PKCE)

Improve security posture between /authorize and /token by protecting against authcode injection

X.509 Certificate public keys

JSON Web Key Store (JWKS) (Reference : JWKS)

Enable minimal disruption on key rotations

PKI Base string signing

Client Assertions (Reference : Client Assertions)

Alignment to international standards

-

Demonstration of Proof-of-Possesion (DPoP) (Reference : DPoP)

Improve security posture between /token and /person by proving legitimacy of possession for access token before data can be released

Last updated

Was this helpful?