FAPI 2.0 Authentication API (DRAFT ver.)

This guide provides information on the new Singpass Authentication API specifications, which we are updating to comply with the FAPI 2.0 Security Profile.

This guide and its specifications is in DRAFT version. The FINAL version will be released at the end of September 2025, but we expect only minor changes to be made to the specification.

We will also be releasing a migration guide together with the FINAL version, so that you can better understand how to update your application to be compatible with the new specifications.

Why introduce these changes?

This initiative is a critical step in strengthening our digital identity ecosystem by modernising our authentication protocols for Singpass, Myinfo, Corppass and Myinfo Business to align with the latest security standards. Our goal is to enhance security, improve user experience, and streamline integration for all partners.

Benefits

1. Bolstered Security: By adopting the Financial-grade API (FAPI) 2.0 security profile, we are implementing a robust and modern framework that protects against a wide range of security vulnerabilities like phishing and token theft, giving your customers greater confidence in your services. This includes preventing replay attacks and ensuring tokens are used only by the intended client.

2. Streamlined Partner Experience: Standardizing on modern protocols like FAPI 2.0 will simplify your integration process. A single, standardised approach across Singpass ecosystem reduces development effort for subsequent integrations and minimises future maintenance in the long run.

3. Consistency and Scalability: By aligning both Singpass and Corppass under the same modern protocols, we are creating a more cohesive and scalable system. This prepares us for future enhancements and ensures a consistent experience for all users and partners. This means less time on security plumbing and more time on building innovative features for your users.

Ultimately, moving to these new standards is a critical step in future-proofing your business, ensuring you stay ahead in a rapidly evolving digital landscape.