openapi: 3.0.3 info: title: Global System for Mobile Communications GSMA Camara Project Device Location Verification API description: >- Device Location Verification API checks if a mobile device is in proximity of a given location. The API request contains the location to be checked and an accuracy range in km (between 2km and 200km). The API response indicates whether the location is within the accuracy range of the last known location of the MSISDN. version: 1.0.0 license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html x-camara-commonalities: 0.4.0 externalDocs: description: Project documentation at CAMARA url: https://github.com/camaraproject/DeviceLocation servers: - url: '{apiRoot}/location-verification/v1' variables: apiRoot: default: http://localhost:9091 description: API root tags: - name: Location Verification description: Verification of the location of a device paths: /verify: post: tags: - Location Verification summary: Global System for Mobile Communications Verify the location of a device description: > Verify whether the location of a device is within a requested area. The operation returns a verification result and, optionally, a match rate estimation for the location verification in percent. operationId: verifyLocation parameters: - $ref: '#/components/parameters/x-correlator' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/VerifyLocationRequest' examples: INPUT_PHONE_NUMBER_CIRCLE: summary: Phone number, circle and maxAge description: >- Verify if device identified by a phone number is within a circle, providing a maxAge value: device: phoneNumber: '+123456789' area: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 maxAge: 120 INPUT_IP_ADDRESS_V4_CIRCLE: summary: IPv4 address, circle, without maxAge description: >- Verify if device identified by an IPv4 address is within a circle, not indicating a maxAge value: device: ipv4Address: publicAddress: 123.234.1.2 publicPort: 1234 area: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 INPUT_NO_DEVICE: summary: Device not provided description: The device has to be deducted from token value: area: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 maxAge: 120 responses: '200': description: Location verification result headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/VerifyLocationResponse' examples: VERIFICATION_TRUE: summary: Match description: The network locates the device within the requested area value: verificationResult: 'TRUE' lastLocationTime: '2023-09-07T10:40:52.000Z' VERIFICATION_FALSE: summary: No match description: >- The requested area does not match the area where the network locates the device value: verificationResult: 'FALSE' lastLocationTime: '2023-09-07T10:40:52.000Z' VERIFICATION_UNKNOWN: summary: Unknown description: The network cannot locate the device value: verificationResult: UNKNOWN VERIFICATION_PARTIAL: summary: Partial match description: >- The requested area partially matches the area where the network locates the device value: verificationResult: PARTIAL matchRate: 74 lastLocationTime: '2023-09-07T10:40:52.000Z' '400': $ref: '#/components/responses/Generic400' '401': $ref: '#/components/responses/Generic401' '403': $ref: '#/components/responses/Generic403' '404': $ref: '#/components/responses/Generic404' '422': $ref: '#/components/responses/VerifyLocationUnprocessableEntity422' '429': $ref: '#/components/responses/Generic429' '500': $ref: '#/components/responses/Generic500' '503': $ref: '#/components/responses/Generic503' security: - openId: - location-verification:verify components: securitySchemes: openId: description: OpenID Connect authentication type: openIdConnect openIdConnectUrl: https://example.org/.well-known/openid-configuration parameters: x-correlator: name: x-correlator in: header description: Correlation id for the different services schema: type: string headers: x-correlator: description: Correlation id for the different services schema: type: string schemas: Area: description: Base schema for all areas type: object properties: areaType: $ref: '#/components/schemas/AreaType' required: - areaType discriminator: propertyName: areaType mapping: CIRCLE: '#/components/schemas/Circle' AreaType: type: string description: | Type of this area. CIRCLE - The area is defined as a circle. enum: - CIRCLE Circle: description: Circular area allOf: - $ref: '#/components/schemas/Area' - type: object properties: center: $ref: '#/components/schemas/Point' radius: type: integer description: Expected accuracy for the verification in meters, from center minimum: 2000 maximum: 200000 required: - center - radius example: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 Point: type: object description: Coordinates (latitude, longitude) defining a location in a map required: - latitude - longitude properties: latitude: $ref: '#/components/schemas/Latitude' longitude: $ref: '#/components/schemas/Longitude' example: latitude: 50.735851 longitude: 7.10066 Latitude: description: Latitude component of a location type: number format: double minimum: -90 maximum: 90 example: 50.735851 Longitude: description: Longitude component of location type: number format: double minimum: -180 maximum: 180 example: 7.10066 VerifyLocationRequest: description: >- Request to verify the location of a device. Device is not required when using a 3-legged access token, following the rules in the description. type: object properties: device: $ref: '#/components/schemas/Device' area: $ref: '#/components/schemas/Area' maxAge: $ref: '#/components/schemas/MaxAge' required: - area VerifyLocationResponse: description: Response to a location verification request type: object required: - verificationResult properties: lastLocationTime: $ref: '#/components/schemas/LastLocationTime' verificationResult: $ref: '#/components/schemas/VerificationResult' matchRate: $ref: '#/components/schemas/MatchRate' Device: description: > End-user equipment able to connect to a mobile network. Examples of devices include smartphones or IoT sensors/actuators. The developer can choose to provide the below specified device identifiers: * `ipv4Address` * `ipv6Address` * `phoneNumber` * `networkAccessIdentifier` NOTE1: the MNO might support only a subset of these options. The API invoker can provide multiple identifiers to be compatible across different MNOs. In this case the identifiers MUST belong to the same device NOTE2: for the Commonalities release v0.4, we are enforcing that the networkAccessIdentifier is only part of the schema for future-proofing, and CAMARA does not currently allow its use. After the CAMARA meta-release work is concluded and the relevant issues are resolved, its use will need to be explicitly documented in the guidelines. type: object properties: phoneNumber: $ref: '#/components/schemas/PhoneNumber' networkAccessIdentifier: $ref: '#/components/schemas/NetworkAccessIdentifier' ipv4Address: $ref: '#/components/schemas/DeviceIpv4Addr' ipv6Address: $ref: '#/components/schemas/DeviceIpv6Address' minProperties: 1 PhoneNumber: description: >- A public identifier addressing a telephone subscription. In mobile networks it corresponds to the MSISDN (Mobile Station International Subscriber Directory Number). In order to be globally unique it has to be formatted in international format, according to E.164 standard, prefixed with '+'. type: string pattern: ^\+[1-9][0-9]{4,14}$ example: '+123456789' NetworkAccessIdentifier: description: >- A public identifier addressing a subscription in a mobile network. In 3GPP terminology, it corresponds to the GPSI formatted with the External Identifier ({Local Identifier}@{Domain Identifier}). Unlike the telephone number, the network access identifier is not subjected to portability ruling in force, and is individually managed by each operator. type: string example: 123456789@domain.com DeviceIpv4Addr: type: object description: > The device should be identified by either the public (observed) IP address and port as seen by the application server, or the private (local) and any public (observed) IP addresses in use by the device (this information can be obtained by various means, for example from some DNS servers). If the allocated and observed IP addresses are the same (i.e. NAT is not in use) then the same address should be specified for both publicAddress and privateAddress. If NAT64 is in use, the device should be identified by its publicAddress and publicPort, or separately by its allocated IPv6 address (field ipv6Address of the Device object) In all cases, publicAddress must be specified, along with at least one of either privateAddress or publicPort, dependent upon which is known. In general, mobile devices cannot be identified by their public IPv4 address alone. properties: publicAddress: $ref: '#/components/schemas/SingleIpv4Addr' privateAddress: $ref: '#/components/schemas/SingleIpv4Addr' publicPort: $ref: '#/components/schemas/Port' anyOf: - required: - publicAddress - privateAddress - required: - publicAddress - publicPort example: publicAddress: 84.125.93.10 publicPort: 59765 SingleIpv4Addr: description: A single IPv4 address with no subnet mask type: string format: ipv4 example: 84.125.93.10 Port: description: TCP or UDP port number type: integer minimum: 0 maximum: 65535 DeviceIpv6Address: description: > The device should be identified by the observed IPv6 address, or by any single IPv6 address from within the subnet allocated to the device (e.g. adding ::0 to the /64 prefix). type: string format: ipv6 example: 2001:db8:85a3:8d3:1319:8a2e:370:7344 MaxAge: description: >- The maximum age (in seconds) for the location known by the implementation, which is accepted for the verification. Absence of maxAge means "any age" and maxAge=0 means a fresh calculation. type: integer example: 120 VerificationResult: description: | Result of a verification request: - `TRUE`: when the network locates the device within the requested area, - `FALSE`: when the requested area does not match the area where the network locates the device, - `UNKNOWN`: when the network cannot locate the device, - `PARTIAL`: when the requested area partially match the area where the network locates the device. A `match_rate` is included in the response. type: string enum: - 'TRUE' - 'FALSE' - UNKNOWN - PARTIAL MatchRate: description: >- Estimation of the match rate between the area in the request (R), and area where the network locates the device (N), calculated as the percent value of the intersection of both areas divided by the network area, that is (R ) N) / N * 100. Included only if VerificationResult is PARTIAL. type: integer minimum: 1 maximum: 99 LastLocationTime: description: >- Timestamp of the last location information. It must follow RFC 3339 and must have time zone. Recommended format is yyyy-MM-dd'T'HH:mm:ss.SSSZ (i.e. which allows 2023-07-03T14:27:08.312+02:00 or 2023-07-03T12:27:08.312Z) example: '2023-09-07T10:40:52Z' format: date-time type: string ErrorInfo: description: Common schema for errors type: object required: - status - code - message properties: status: type: integer description: HTTP status code returned along with this error response code: type: string description: Code given to this error message: type: string description: Detailed error description responses: Generic400: description: Bad Request headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/ErrorInfo' examples: GENERIC_400_INVALID_ARGUMENT: summary: Generic Invalid Argument description: Invalid Argument. Generic Syntax Exception value: status: 400 code: INVALID_ARGUMENT message: >- Client specified an invalid argument, request body or query param. GENERIC_400_OUT_OF_RANGE: summary: Generic Out of Range description: >- Out of Range. Specific Syntax Exception used when a given field has a pre-defined range or a invalid filter criteria combination is requested value: status: 400 code: OUT_OF_RANGE message: Client specified an invalid range. Generic401: description: Unauthorized headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/ErrorInfo' examples: GENERIC_401_UNAUTHENTICATED: summary: Generic Unauthenticated description: Request cannot be authenticated value: status: 401 code: UNAUTHENTICATED message: >- Request not authenticated due to missing, invalid, or expired credentials. GENERIC_401_AUTHENTICATION_REQUIRED: summary: Generic Authentication Required description: New authentication is needed, authentication is no longer valid value: status: 401 code: AUTHENTICATION_REQUIRED message: New authentication is required. Generic403: description: Forbidden headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/ErrorInfo' examples: GENERIC_403_PERMISSION_DENIED: summary: Generic Permission Denied description: >- Permission denied. OAuth2 token access does not have the required scope or when the user fails operational security value: status: 403 code: PERMISSION_DENIED message: >- Client does not have sufficient permissions to perform this action. GENERIC_403_INVALID_TOKEN_CONTEXT: summary: Invalid access token context description: >- Reflects some inconsistency between information in some field of the API and the related OAuth2 Token value: status: 403 code: INVALID_TOKEN_CONTEXT message: '{{field}} is not consistent with access token.' Generic404: description: Not found headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/ErrorInfo' examples: GENERIC_404_NOT_FOUND: summary: Generic Not Found description: Resource is not found value: status: 404 code: NOT_FOUND message: '{{resource}} is not found' GENERIC_404_DEVICE_NOT_FOUND: summary: Some identifier cannot be matched to a device description: >- One or more of the provided device identifiers do not match any device value: status: 404 code: DEVICE_NOT_FOUND message: No device found for a provided identifier VerifyLocationUnprocessableEntity422: description: Unprocessable Entity headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/ErrorInfo' examples: LOCATION_VERIFICATION_422_UNABLE_TO_FULFILL_MAX_AGE: summary: Unable to fulfill maxAge description: >- The system is not able to provide the fresh location required by the client value: status: 422 code: LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE message: Unable to provide expected freshness for location GENERIC_422_UNPROCESSABLE_ENTITY: summary: Unprocessable entity description: >- The request was well-formed but was unable to be processed due to semantic errors or not applicable values. This is the generic error code for 422 responses. value: status: 422 code: UNPROCESSABLE_ENTITY message: 'Value not acceptable: ...' GENERIC_422_DEVICE_NOT_APPLICABLE: summary: Service not applicable to the device description: >- The provided device is not compatible with the requested operation, according to the service provider rules. value: status: 422 code: DEVICE_NOT_APPLICABLE message: The device is not applicable for the requested operation GENERIC_422_DEVICE_IDENTIFIERS_MISMATCH: summary: Device identifiers mismatch description: >- Several device identifiers are provided but do not match the same device value: status: 422 code: DEVICE_IDENTIFIERS_MISMATCH message: The provided device identifiers do not match the same device GENERIC_422_UNSUPPORTED_DEVICE_IDENTIFIERS: summary: >- None of the provided device identifiers is supported by the implementation description: Message may list the supported device identifiers value: status: 422 code: UNSUPPORTED_DEVICE_IDENTIFIERS message: 'Supported device supported are: ...' GENERIC_422_UNIDENTIFIABLE_DEVICE: summary: No identifier provided description: No device identifier provided for the device to be located value: status: 422 code: UNIDENTIFIABLE_DEVICE message: A device must be provided Generic429: description: Too Many Requests headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/ErrorInfo' examples: GENERIC_429_QUOTA_EXCEEDED: description: Request is rejected due to exceeding a business quota limit value: status: 429 code: QUOTA_EXCEEDED message: Either out of resource quota or reaching rate limiting. GENERIC_429_TOO_MANY_REQUESTS: description: API Server request limit is overpassed value: status: 429 code: TOO_MANY_REQUESTS message: Either out of resource quota or reaching rate limiting. Generic500: description: Internal server error headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/ErrorInfo' examples: GENERIC_500_INTERNAL: summary: Generic Internal description: Problem in Server side. Regular Server Exception value: status: 500 code: INTERNAL message: Internal server error Generic503: description: Service unavailable headers: x-correlator: $ref: '#/components/headers/x-correlator' content: application/json: schema: $ref: '#/components/schemas/ErrorInfo' examples: GENERIC_503_UNAVAILABLE: summary: Generic Unavailable description: >- Service is not available. Temporary situation usually related to maintenance process in the server side value: status: 503 code: UNAVAILABLE message: Service unavailable