This repo contains the fapi-pep-as Secure API Gateway component, this component builds on top of ForgeRock Identity Gateway (IG) product to protect APIs to the FAPI standard.
This build creates a gateway capable of enforcing the following FAPI spec: https://openid.net/specs/openid-financial-api-part-2-1_0.html
The configuration can be used as a starting point for a SAPI-G deployment which protects any API using the aforementioned FAPI spec.
The 01-rs-example-fapi-protected-api.json route acts as an example API endpoint which provides enough functional to enable the OIDF FAPI conformance suite (https://openid.net/certification/certification-fapi_op_testing/) to test a deployment. In a real world deployment, one or more RS (Resource Server) routes will be used in its place which reverse proxy upstream services providing the real functionality.
Support for FAPI 2.0 is coming soon.
A SAPI-G build exists for Open Banking UK, see repo: https://github.com/SecureApiGateway/secure-api-gateway-ob-uk
This build takes the fapi-pep-as and adds support for Open Banking UK API endpoints, protected with FAPI 1.0 Part 2 Advanced.
This module manages creating docker images for the gateway builds supported.
See README.md for more details.