--- openapi: 3.0.3 ############################################################################ # API info # ############################################################################ info: title: Call Forwarding Signal description: | # Overview The Call Forwarding Signal API provides the API Consumer with information about the status of the Call Forwarding Service on a specific phone number. The main scope of the Call Forwarding Signal API is "anti Fraud" to avoid fraudsters to use the Call Forwarding Service to carry on a scam. Other use cases are anyway supported by the Call Forwarding Signal API that also provides additional endpoints to detect the general Call Forwarding Service settings. # Introduction The Call Forwarding Service is provided by the Network to a phone number. This service redirects the incoming call to that phone number to an alternative destination such as another phone number or a voice mail system. There are two main types of call forwarding settings: unconditional and conditional. The Call Forwarding Signal API can be invoked to detect if the unconditional call forwarding service is active. The Call Forwarding Signal API can also be invoked to get the general status of the Call Forwarding Service (inactive, conditional, unconditional). If conditional call forwarding is active, the different type of settings are returned ('conditional_busy', 'conditional_not_reachable', 'conditional_no_answer'). **Example use cases:** [**Bank Frauds**](https://github.com/camaraproject/CallForwardingSignal/discussions/3#discussioncomment-8694420) [**Alert Interception**](https://github.com/camaraproject/CallForwardingSignal/discussions/3#discussioncomment-8701847) [**Call Forwarding Verification**](https://github.com/camaraproject/CallForwarding\Signal/discussions/3#discussioncomment-8915595) # Quick Start The Call Forwarding Signal API is a REST API based on the CreateCallForwardingSignal resource. This resource can be used, by the API Consumer, to specify the phone number on which the Call Forwarding Service status must be verified, in case of two-legged authentication. If three-legged authentication is used the phone number is instead detected, by the API Producer, from the access token. Before starting to use the Call Forwarding API, the developer needs to know about the below specified details: **phoneNumber** This is the end user phone number. The Call Forwarding Signal API verifies if a call forwarding service is active on this phone number. Note: this parameter must be must be provided/valued only in case of two-legged authentication. In case of three-legged authentication the phone number is retrieved by the access token. **CreateCallForwardingSignal** This is the resource the API Consumer uses to define the phone number to be verified about the status of the Network Call Forwarding service. **UnconditionalCallForwardingSignal** This is the resource the API Consumer gets back, containing the information about the Unconditional Call Forwarding Service status for the given phone number (PhoneNumber). **CallForwardingSignal** This is the resource the API Consumer gets back, containing the information about the general status of the Network Call Forwarding service for the specified phone number. The Call Forwarding Signal API provides two endpoints fulfilling the following intents: - **unconditional-call-forwardings**: Is the unconditional call fwd service active on a specific phone number? - **call-forwardings**: Which is the status of the call forwarding for a specific phone number? # API Documentation ## Details The Call Forwarding Signal API is invoked by an API Consumer after the Consent Management flow. The API Consumer can request the API Producer for the status of the Unconditional Call Forwarding service using the unconditional-call-forwardings POST method. A boolean, with the information about the activation status of the call forwarding service, will be provided back via the UnconditionalCallForwardingSignal resource. The API Consumer can also request the API Producer for the generic status of the Call Forwarding service using the call-forwardings POST method. An array of strings with the information of the type of active call forwarding services will be provided back via the CallForwardingSignal resource. # Authorization and authentication The "Camara Security and Interoperability Profile" provides details of how an API consumer requests an access token. Please refer to Identity and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the profile. The specific authorization flows to be used will be agreed upon during the onboarding process, happening between the API consumer and the API provider, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation. In cases where personal data is processed by the API and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of three-legged access tokens is mandatory. This ensures that the API remains in compliance with privacy regulations, upholding the principles of transparency and user-centric privacy-by-design. # Identifying the phone number from the access token This API requires the API consumer to identify a phone number as the subject of the API as follows: - When the API is invoked using a two-legged access token, the subject will be identified from the optional `phoneNumber` object field, which therefore MUST be provided. - When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token. This approach simplifies API usage for API consumers using a three-legged access token to invoke the API by relying on the information that is associated with the access token and was identified during the authentication process. ## Error handling: - If the subject cannot be identified from the access token and the optional `phoneNumber` object field is not included in the request, then the server will return an error with the `422 MISSING_IDENTIFIER` error code. - If the subject can be identified from the access token and the optional `phoneNumber` object field is also included in the request, then the server will return an error with the `422 UNNECESSARY_IDENTIFIER` error code. This will be the case even if the same device is identified by these two methods, as the server is unable to make this comparison. # Additional CAMARA error responses The list of error codes in this API specification is not exhaustive. Therefore the API specification may not document some non-mandatory error statuses as indicated in `CAMARA API Design Guide`. Please refer to the `CAMARA_common.yaml` of the Commonalities Release associated to this API version for a complete list of error responses. The applicable Commonalities Release can be identified in the `API Readiness Checklist` document associated to this API version. As a specific rule, error `501 - NOT_IMPLEMENTED` can be only a possible error response if it is explicitly documented in the API. # FAQ's (FAQs will be added in a later version of the documentation) version: wip license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html x-camara-commonalities: 0.6 externalDocs: description: Product documentation at CAMARA url: https://github.com/camaraproject/CallForwardingSignal ############################################################################ # Servers # ############################################################################ servers: - url: "{apiRoot}/call-forwarding-signal/vwip" variables: apiRoot: default: http://localhost:9091 description: API root, defined by the service provider, e.g. `api.example.com` or `api.example.com/somepath` ############################################################################ # Tags # ############################################################################ tags: - name: Unconditional Call Forwarding information retrieval description: Provides information on Unconditional Call Forwarding settings for the provided phone number (PhoneNumber) - name: Call Forwarding information retrieval description: Provides information on Call Forwarding settings for the provided phone number (PhoneNumber). ############################################################################ # Paths # ############################################################################ paths: /unconditional-call-forwardings: post: tags: - Unconditional Call Forwarding information retrieval security: - openId: - 'call-forwarding-signal:unconditional-call-forwardings:read' summary: Retrieve the information about the status of the unconditional call forwarding service on a phone number (PhoneNumber) description: This endpoint provides information about the status of the unconditional call forwarding, being active or not. operationId: retrieveUnconditionalCallForwarding parameters: - $ref: '#/components/parameters/x-correlator' requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateCallForwardingSignal' required: true responses: '200': description: OK. headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/UnconditionalCallForwardingSignal' "400": $ref: "#/components/responses/Generic400" '404': $ref: '#/components/responses/Generic404' "401": $ref: "#/components/responses/Generic401" "403": $ref: "#/components/responses/Generic403" "422": $ref: "#/components/responses/Generic422" "429": $ref: "#/components/responses/Generic429" /call-forwardings: post: tags: - Call Forwarding information retrieval security: - openId: - 'call-forwarding-signal:call-forwardings:read' summary: Retrieve the information about the type of call forwarding service active on a phone number (PhoneNumber) description: This endpoint provides information about which type of call forwarding service is active. More than one service can be active, e.g. conditional and unconditional. This endpoint exceeds the main scope of the Call Forwarding Signal API, for this reason an error code 501 can be returned. operationId: retrieveCallForwarding parameters: - $ref: '#/components/parameters/x-correlator' requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateCallForwardingSignal' required: true responses: '200': description: OK. headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/CallForwardingSignal' "400": $ref: "#/components/responses/Generic400" '404': $ref: '#/components/responses/Generic404' "401": $ref: "#/components/responses/Generic401" "403": $ref: "#/components/responses/Generic403" "422": $ref: "#/components/responses/Generic422" "429": $ref: "#/components/responses/Generic429" "501": $ref: "#/components/responses/Generic501" ############################################################################ # Components # ############################################################################ components: securitySchemes: openId: description: to support Consent Management type: openIdConnect openIdConnectUrl: https://example.com/.well-known/openid-configuration parameters: x-correlator: name: x-correlator in: header description: Correlation id for the different services schema: $ref: "#/components/schemas/XCorrelator" headers: x-correlator: description: Correlation id for the different services schema: $ref: "#/components/schemas/XCorrelator" ############################################################################ # Resources # ############################################################################ schemas: UnconditionalCallForwardingSignal: description: resource containing the information about the Unconditional Call Forwarding Service for the given phone number (PhoneNumber) type: object properties: active: type: boolean description: Indicates if the unconditional call forwarding service is active. CallForwardingSignal: description: resource containing the list of the Call Forwarding Services active for the given phone number (PhoneNumber). The possible states are, 'inactive' (no call forwarding service activated), 'unconditional' (call forwarded independently from the device status), 'conditional_busy' (call forwarded if the device is on an active call), 'conditional_not_reachable' (call forwarded if the device is not reachable), 'conditional_no_answer' (call forwarded if the device doesn't answer the incoming call). type: array items: type: string enum: - 'inactive' - 'unconditional' - 'conditional_busy' - 'conditional_not_reachable' - 'conditional_no_answer' example: - 'unconditional' - 'conditional_busy' - 'conditional_no_answer' minItems: 1 XCorrelator: type: string pattern: ^[a-zA-Z0-9-_:;.\/<>{}]{0,256}$ example: "b4333c46-49c0-4f62-80d7-f0ef930f1c46" ############################################################################ # Request # ############################################################################ CreateCallForwardingSignal: description: resource containing the phone number (PhoneNumber) regarding which the Call Forwarding Service must be checked. To be provided/valued only in case of two-legged authentication. If provided/valued with three-legged authentication a 422-UNNECESSARY_IDENTIFIER error code is returned. type: object properties: phoneNumber: $ref: "#/components/schemas/PhoneNumber" ############################################################################ # Types # ############################################################################ PhoneNumber: description: A public identifier addressing a telephone subscription. In mobile networks it corresponds to the MSISDN (Mobile Station International Subscriber Directory Number). In order to be globally unique it has to be formatted in international format, according to E.164 standard, prefixed with '+'. type: string pattern: '^\+[1-9][0-9]{4,14}$' example: "+123456789" ############################################################################ # Responces # ############################################################################ ErrorInfo: type: object required: - status - code - message properties: status: type: integer description: HTTP response status code code: type: string description: A human-readable code to describe the error message: type: string description: A human-readable description of what the event represents responses: Generic400: description: Bad Request headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 400 code: enum: - INVALID_ARGUMENT examples: GENERIC_400_INVALID_ARGUMENT: description: Invalid Argument. Generic Syntax Exception value: status: 400 code: INVALID_ARGUMENT message: Client specified an invalid argument, request body or query param. Generic401: description: Unauthorized headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 401 code: enum: - UNAUTHENTICATED examples: GENERIC_401_UNAUTHENTICATED: description: Request cannot be authenticated and a new authentication is required value: status: 401 code: UNAUTHENTICATED message: Request not authenticated due to missing, invalid, or expired credentials. A new authentication is required. Generic403: description: Forbidden headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 403 code: enum: - PERMISSION_DENIED examples: GENERIC_403_PERMISSION_DENIED: description: Permission denied. OAuth2 token access does not have the required scope or when the user fails operational security value: status: 403 code: PERMISSION_DENIED message: Client does not have sufficient permissions to perform this action. Generic404: description: Not found headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 404 code: enum: - NOT_FOUND - IDENTIFIER_NOT_FOUND examples: GENERIC_404_NOT_FOUND: description: Resource is not found value: status: 404 code: NOT_FOUND message: The specified resource is not found. GENERIC_404_IDENTIFIER_NOT_FOUND: description: Call forwarding check can't be done because the phone number is unknown. value: status: 404 code: IDENTIFIER_NOT_FOUND message: Device identifier not found. Generic422: description: Unprocessable Content headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 422 code: enum: - SERVICE_NOT_APPLICABLE - MISSING_IDENTIFIER - UNNECESSARY_IDENTIFIER examples: GENERIC_422_SERVICE_NOT_APPLICABLE: description: Service not applicable for the provided identifier value: status: 422 code: SERVICE_NOT_APPLICABLE message: The service is not available for the provided identifier. GENERIC_422_MISSING_IDENTIFIER: description: An identifier is not included in the request and the device or phone number identification cannot be derived from the 3-legged access token value: status: 422 code: MISSING_IDENTIFIER message: The phone number cannot be identified. GENERIC_422_UNNECESSARY_IDENTIFIER: description: An explicit identifier is provided when a device or phone number has already been identified from the access token value: status: 422 code: UNNECESSARY_IDENTIFIER message: The phone number is already identified by the access token. Generic429: description: Too Many Requests headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 429 code: enum: - QUOTA_EXCEEDED - TOO_MANY_REQUESTS examples: GENERIC_429_QUOTA_EXCEEDED: description: Request is rejected due to exceeding a business quota limit value: status: 429 code: QUOTA_EXCEEDED message: Out of resource quota. GENERIC_429_TOO_MANY_REQUESTS: description: Access to the API has been temporarily blocked due to rate or spike arrest limits being reached value: status: 429 code: TOO_MANY_REQUESTS message: Rate limit reached. Generic501: description: Not Implemented headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 501 code: enum: - NOT_IMPLEMENTED examples: GENERIC_501_NOT_IMPLEMENTED: description: Service not implemented. The use of this code should be avoided as far as possible to get the objective to reach aligned implementations value: status: 501 code: NOT_IMPLEMENTED message: This functionality is not implemented yet.