From 89e9536154763e3b2f4d6d28d88cc620909a0627 Mon Sep 17 00:00:00 2001 From: Eric Murray Date: Tue, 27 Feb 2024 12:31:18 +0000 Subject: [PATCH] Update CAMARA Mobile Device Identifier API.yaml --- .../CAMARA Mobile Device Identifier API.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/code/API_definitions/CAMARA Mobile Device Identifier API.yaml b/code/API_definitions/CAMARA Mobile Device Identifier API.yaml index 3e5aaf5..f4b170d 100644 --- a/code/API_definitions/CAMARA Mobile Device Identifier API.yaml +++ b/code/API_definitions/CAMARA Mobile Device Identifier API.yaml @@ -45,11 +45,13 @@ info: ### Identifier for the mobile subscription At least one identifier for the mobile subscription from the following four options: - - Phone number (MSISDN) + - Phone number (i.e. MSISDN) - Network Access Identifier assigned by the mobile network operator for the device - IPv6 address - IPv4 address + In scenarios where a primary MSISDN is shared between multiple devices, each of which has its own "secondary" MSISDN (e.g. OneNumber), the MSISDN passed by the API consumer will be treated as the secondary MSISDN, and hence the identifier returned will be that of the relevant associated device (such as a smartwatch). In such scenarios, the "primary" device (e.g. smartphone) is usually allocated the same primary and secondary MSISDN, and hence providing the primary MSISDN will always return the identity of the primary device and not any associated devices. + ### Authorization and authentication CAMARA guidelines defines a set of authorization flows which can grant API clients access to the API functionality, as outlined in the document [CAMARA-API-access-and-user-consent.md](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-API-access-and-user-consent.md). Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation. @@ -60,8 +62,8 @@ info: The API defines two service endpoints: - - `POST /get-identifier` to get details about the specific device being used by a given mobile subscriber, including IMEI / IMEISV and the type of device - - `POST /get-type` to get details only about the type of device being used by a given mobile subscriber + - `POST /retrieve-identifier` to get details about the specific device being used by a given mobile subscriber, including IMEI / IMEISV and the type of device + - `POST /retrieve-type` to get details only about the type (i.e. manufacturer and model) of device being used by a given mobile subscriber To call either of these endpoints, the API consumer must first obtain a valid OAuth2 token from the token endpoint, which is then passed as an Authorization header. The API consumer must also pass at least one of the available mobile subscription identifiers in the body of the request.