# 3. Userinfo Endpoint

{% hint style="danger" %}
All Login and Myinfo apps must follow Singpass' [FAPI 2.0-compliant authentication API](https://docs.developer.singpass.gov.sg/docs/technical-specifications/integration-guide) by 31 Dec 2026.

The specifications on this page apply to you only if you are maintaining an existing Login / Myinfo (v5) integration. We encourage you to [migrate](https://docs.developer.singpass.gov.sg/docs/technical-specifications/migration-guides/login-myinfo-v5-apps) early to avoid service disruptions.
{% endhint %}

The UserInfo endpoint is an OAuth 2.0 [protected resource](http://tools.ietf.org/html/rfc6749#section-7) of the Singpass Authentication server; where client applications can retrieve consented [claims](http://openid.net/specs/openid-connect-core-1_0.html#Claims), or assertions, about the logged-in end-user.

The claims are typically packaged in a JSON object where the `sub` member denotes the subject (end-user) identifier, along with the data items that were tagged to the scopes requested in the `/auth` [request parameters](https://github.com/SingpassPX/dev-docs/blob/main/technical-specifications/singpass-authentication-api/1.-authorization-endpoint#request-parameters) earlier.

> The full list of scopes are under the [Myinfo Data Catalogue](https://docs.developer.singpass.gov.sg/docs/data-catalog-myinfo/catalog).

For the purposes of Userinfo in the context of Singpass, we will be returning an encrypted payload in the form of a signed JSON Web Token (JWS) in a JSON Web Encrypted (JWE) token.