openapi: 3.0.3 info: title: Device Location Verification description: | This API provides the consumer with the ability to verify the location of a device. # Introduction API consumers are able to verify whether the location of certain user device is within the area specified. Currently the only area supported as input is a circle determined by a set of coordinates (latitude and longitude) and some expected accuracy (radius). * If the provided area is out of the operator's coverage or it is not supported for any reason, an error `422 LOCATION_VERIFICATION.AREA_NOT_COVERED` will be returned. * Legal restrictions regarding privacy, or other regulatory or implementation issues, may force the operator to set restrictions to the provided area, such as setting a minimum value to the accepted radius. In these cases, an error `422 LOCATION_VERIFICATION.INVALID_AREA` will be returned and the error message will refer to the reason of the limitation. The verification result depends on the network's ability and accuracy to locate the device at the requested area. * If the network's estimation of the device's location is fully contained within the requested area, the verification result is `TRUE`. * If the network's estimation of the device's location does not overlap with the requested area at all, the verification result is `FALSE`. * If the network's estimation of the device's location partially overlaps with the requested area, or it fully contains the requested area (because it is larger), the result is `PARTIAL`. In this case, a `match_rate` is included in the response, indicating an estimation of the likelihood of the match in percent. * If the network cannot locate the device, an error with code `422 LOCATION_VERIFICATION.UNABLE_TO_LOCATE` is sent back. * The client may optionally include a `maxAge` indication. If the location information known to the server is older than the specified `maxAge` or not known at all, an error with code `422 LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE` is sent back, independently of the verification result. Location Verification could be useful in scenarios such as: - Fraud protection, to ensure a given user is located in the location area claimed for financial transactions. - Verification of GPS coordinates reported by the app on a device, to ensure the GPS was not faked, e.g. for content delivery with regional restrictions. - Contextual-based advertising, to trigger advertising after verifying the device is in the area of interest. - Smart mobility (vehicle / bikes renting), to confirm the location of the device and the location of the vehicle/bike to guarantee they are rented correctly. # Relevant terms and definitions * **Device**: A device refers to any physical entity that can connect to a network and participate in network communication. * **Area**: It specifies the geographical surface where a device may be physically located. * **Max Age**: Maximum age of the location information which is accepted for the location verification (in seconds). * Absence of maxAge means "any age" is acceptable for the client. In other words, this is like maxAge=infinite. In this case the system will return `lastLocationTime`. * maxAge=0 means a fresh calculation is requested by the client. If the system is not able to provide the fresh location, an error with code `422 LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE` is sent back. * **Verification**: Process triggered in the API server to confirm or contradict the expectation assumed by the API client about the device location. # API Functionality The API exposes a single endpoint/operation: - Verify whether the device location is within a requested area, currently a circle with center specified by the latitude and longitude, and radius specified by the accuracy. The operation returns a verification result and, optionally, a match rate estimation for the location verification in percent. # Authorization and authentication The "Camara Security and Interoperability Profile" provides details of how an API consumer requests an access token. Please refer to Identity and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the profile. The specific authorization flows to be used will be agreed upon during the onboarding process, happening between the API consumer and the API provider, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation. In cases where personal data is processed by the API and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of three-legged access tokens is mandatory. This ensures that the API remains in compliance with privacy regulations, upholding the principles of transparency and user-centric privacy-by-design. # Identifying the device from the access token This API requires the API consumer to identify a device as the subject of the API as follows: - When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided. - When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token. This approach simplifies API usage for API consumers using a three-legged access token to invoke the API by relying on the information that is associated with the access token and was identified during the authentication process. ## Error handling: - If the subject cannot be identified from the access token and the optional `device` object is not included in the request, then the server will return an error with the `422 MISSING_IDENTIFIER` error code. - If the subject can be identified from the access token and the optional `device` object is also included in the request, then the server will return an error with the `422 UNNECESSARY_IDENTIFIER` error code. This will be the case even if the same device is identified by these two methods, as the server is unable to make this comparison. # Multi-SIM scenario handling In multi-SIM scenarios, where more than one mobile device is associated with the phone number given as input in the API call (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device whose location is to be verified. Check with the API provider what is the expected behaviour when a phone number belonging to a multi-SIM group is used as the device identifier, as the API may response with: - an error indicating that that phone number is not supported for this API, or - the verification for a single device in the multi-SIM group, if one of the devices is considered linked to the main SIM and this concept is supported by the operator, or - a verification value that combines the location verification of all the SIMs associated to the requested phone number. Possible solutions to make the scenario more deterministic include: - Using preferably the authorisation code flow to obtain an access token, which will automatically identify the intended device. - Identifying the intended device from a unique identifier for that device, such as its source IP address and port. - Check with the API provider whether a unique "secondary" phone number is already associated with each device and use the secondary phone number to identify the intended device if available. # Additional CAMARA error responses The list of error codes in this API specification is not exhaustive. Therefore the API specification may not document some non-mandatory error statuses as indicated in `CAMARA API Design Guide`. Please refer to the `CAMARA_common.yaml` of the Commonalities Release associated to this API version for a complete list of error responses. The applicable Commonalities Release can be identified in the `API Readiness Checklist` document associated to this API version. As a specific rule, error `501 - NOT_IMPLEMENTED` can be only a possible error response if it is explicitly documented in the API. # Further info and support (FAQs will be added in a later version of the documentation) version: wip license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html x-camara-commonalities: tbd externalDocs: description: Project documentation at CAMARA url: https://github.com/camaraproject/DeviceLocation servers: - url: "{apiRoot}/location-verification/vwip" variables: apiRoot: default: http://localhost:9091 description: API root tags: - name: Location verification description: Verification of the location of a device paths: /verify: post: tags: - Location verification summary: Verify the location of a device description: | Verify whether the location of a device is within a requested area. The operation returns a verification result and, optionally, a match rate estimation for the location verification in percent. operationId: verifyLocation parameters: - $ref: "#/components/parameters/x-correlator" requestBody: required: true content: application/json: schema: $ref: "#/components/schemas/VerifyLocationRequest" examples: INPUT_PHONE_NUMBER_CIRCLE: summary: Phone number, circle and maxAge description: Verify if device identified by a phone number is within a circle, providing a maxAge value: device: phoneNumber: "+123456789" area: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 maxAge: 120 INPUT_IP_ADDRESS_V4_CIRCLE: summary: IPv4 address, circle, without maxAge description: Verify if device identified by an IPv4 address is within a circle, not indicating a maxAge value: device: ipv4Address: publicAddress: 123.234.1.2 publicPort: 1234 area: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 INPUT_PHONE_NUMBER_IP_ADDRESS_V4_CIRCLE: summary: Both phone number and IPv4 address, circle and maxAge description: Verify if device identified both by a phone number and an IPv4 address is within a circle, providing a maxAge value: device: phoneNumber: "+123456789" ipv4Address: publicAddress: 123.234.1.2 publicPort: 1234 area: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 maxAge: 120 INPUT_NO_DEVICE: summary: Device not provided description: The device has to be deducted from token value: area: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 maxAge: 120 responses: "200": description: Location verification result headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: $ref: "#/components/schemas/VerifyLocationResponse" examples: VERIFICATION_TRUE: summary: Match description: The network locates the device within the requested area value: verificationResult: "TRUE" lastLocationTime: "2023-09-07T10:40:52Z" VERIFICATION_TRUE_WITH_DEVICE: summary: Match returning the device identifier used by the implementation description: The network locates the device within the requested area. Response when the request used a 2-legged access token with multiple device identifiers, or possibly only a single device identifier value: verificationResult: "TRUE" lastLocationTime: "2023-09-07T10:40:52Z" device: phoneNumber: "+123456789" VERIFICATION_FALSE: summary: No match description: The requested area does not match the area where the network locates the device value: verificationResult: "FALSE" lastLocationTime: "2023-09-07T10:40:52Z" VERIFICATION_PARTIAL: summary: Partial match description: The requested area partially matches the area where the network locates the device value: verificationResult: "PARTIAL" matchRate: 74 lastLocationTime: "2023-09-07T10:40:52Z" "400": $ref: "#/components/responses/Generic400" "401": $ref: "#/components/responses/Generic401" "403": $ref: "#/components/responses/Generic403" "404": $ref: "#/components/responses/VerifyLocationNotFound404" "422": $ref: "#/components/responses/VerifyLocationUnprocessableEntity422" security: - openId: - location-verification:verify components: securitySchemes: openId: description: OpenID Connect authentication type: openIdConnect openIdConnectUrl: https://example.org/.well-known/openid-configuration parameters: x-correlator: name: x-correlator in: header description: Correlation id for the different services schema: $ref: "#/components/schemas/XCorrelator" headers: x-correlator: description: Correlation id for the different services schema: $ref: "#/components/schemas/XCorrelator" schemas: XCorrelator: type: string pattern: ^[a-zA-Z0-9-_:;.\/<>{}]{0,256}$ example: "b4333c46-49c0-4f62-80d7-f0ef930f1c46" Area: description: Base schema for all areas type: object properties: areaType: $ref: "#/components/schemas/AreaType" required: - areaType discriminator: propertyName: areaType mapping: CIRCLE: "#/components/schemas/Circle" AreaType: type: string description: | Type of this area. CIRCLE - The area is defined as a circle. enum: - CIRCLE Circle: description: Circular area allOf: - $ref: "#/components/schemas/Area" - type: object properties: center: $ref: "#/components/schemas/Point" radius: type: number description: | Expected accuracy for the verification, in meters from `center`. Note: The area surface could be restricted locally depending on regulations. Implementations may enforce a larger minimum radius (e.g. 1000 meters). minimum: 1 required: - center - radius example: areaType: CIRCLE center: latitude: 50.735851 longitude: 7.10066 radius: 50000 Point: type: object description: Coordinates (latitude, longitude) defining a location in a map required: - latitude - longitude properties: latitude: $ref: "#/components/schemas/Latitude" longitude: $ref: "#/components/schemas/Longitude" example: latitude: 50.735851 longitude: 7.10066 Latitude: description: Latitude component of a location type: number format: double minimum: -90 maximum: 90 example: 50.735851 Longitude: description: Longitude component of location type: number format: double minimum: -180 maximum: 180 example: 7.10066 VerifyLocationRequest: description: Request to verify the location of a device. Device is not required when using a 3-legged access token, following the rules in the description. type: object properties: device: $ref: "#/components/schemas/Device" area: $ref: "#/components/schemas/Area" maxAge: $ref: "#/components/schemas/MaxAge" required: - area VerifyLocationResponse: description: Response to a location verification request type: object required: - verificationResult - lastLocationTime properties: verificationResult: $ref: "#/components/schemas/VerificationResult" lastLocationTime: $ref: "#/components/schemas/LastLocationTime" matchRate: $ref: "#/components/schemas/MatchRate" device: $ref: "#/components/schemas/DeviceResponse" Device: description: | End-user device able to connect to a mobile network. Examples of devices include smartphones or IoT sensors/actuators. The developer can choose to provide the below specified device identifiers: * `ipv4Address` * `ipv6Address` * `phoneNumber` * `networkAccessIdentifier` NOTE1: the API provider might support only a subset of these options. The API consumer can provide multiple identifiers to be compatible across different API providers. In this case the identifiers MUST belong to the same device. Where more than one device identifier is provided, only one identifier will be selected by the implementation and this choice indicated to the API consumer in the response. NOTE2: as for this Commonalities release, we are enforcing that the networkAccessIdentifier is only part of the schema for future-proofing, and CAMARA does not currently allow its use. After the CAMARA meta-release work is concluded and the relevant issues are resolved, its use will need to be explicitly documented in the guidelines. type: object properties: phoneNumber: $ref: "#/components/schemas/PhoneNumber" networkAccessIdentifier: $ref: "#/components/schemas/NetworkAccessIdentifier" ipv4Address: $ref: "#/components/schemas/DeviceIpv4Addr" ipv6Address: $ref: "#/components/schemas/DeviceIpv6Address" minProperties: 1 PhoneNumber: description: A public identifier addressing a telephone subscription. In mobile networks it corresponds to the MSISDN (Mobile Station International Subscriber Directory Number). In order to be globally unique it has to be formatted in international format, according to E.164 standard, prefixed with '+'. type: string pattern: '^\+[1-9][0-9]{4,14}$' example: "+123456789" NetworkAccessIdentifier: description: A public identifier addressing a subscription in a mobile network. In 3GPP terminology, it corresponds to the GPSI formatted with the External Identifier ({Local Identifier}@{Domain Identifier}). Unlike the telephone number, the network access identifier is not subjected to portability ruling in force, and is individually managed by each operator. type: string example: "123456789@domain.com" DeviceIpv4Addr: type: object description: | The device should be identified by either the public (observed) IP address and port as seen by the application server, or the private (local) and any public (observed) IP addresses in use by the device (this information can be obtained by various means, for example from some DNS servers). If the allocated and observed IP addresses are the same (i.e. NAT is not in use) then the same address should be specified for both publicAddress and privateAddress. If NAT64 is in use, the device should be identified by its publicAddress and publicPort, or separately by its allocated IPv6 address (field ipv6Address of the Device object) In all cases, publicAddress must be specified, along with at least one of either privateAddress or publicPort, dependent upon which is known. In general, mobile devices cannot be identified by their public IPv4 address alone. properties: publicAddress: $ref: "#/components/schemas/SingleIpv4Addr" privateAddress: $ref: "#/components/schemas/SingleIpv4Addr" publicPort: $ref: "#/components/schemas/Port" anyOf: - required: [publicAddress, privateAddress] - required: [publicAddress, publicPort] example: publicAddress: "84.125.93.10" publicPort: 59765 SingleIpv4Addr: description: A single IPv4 address with no subnet mask type: string format: ipv4 example: "84.125.93.10" Port: description: TCP or UDP port number type: integer minimum: 0 maximum: 65535 DeviceIpv6Address: description: | The device should be identified by the observed IPv6 address, or by any single IPv6 address from within the subnet allocated to the device (e.g. adding ::0 to the /64 prefix). type: string format: ipv6 example: 2001:db8:85a3:8d3:1319:8a2e:370:7344 DeviceResponse: description: | An identifier for the end-user equipment able to connect to the network that the response refers to. This parameter is only returned when the API consumer includes the `device` parameter in their request (i.e. they are using a two-legged access token), and is relevant when more than one device identifier is specified, as only one of those device identifiers is allowed in the response. If the API consumer provides more than one device identifier in their request, the API provider must return a single identifier which is the one they are using to fulfil the request, even if the identifiers do not match the same device. API provider does not perform any logic to validate/correlate that the indicated device identifiers match the same device. No error should be returned if the identifiers are otherwise valid to prevent API consumers correlating different identifiers with a given end user. allOf: - $ref: "#/components/schemas/Device" - maxProperties: 1 MaxAge: description: The maximum age (in seconds) for the location known by the implementation, which is accepted for the verification. Absence of maxAge means "any age" and maxAge=0 means a fresh calculation. type: integer minimum: 0 example: 120 VerificationResult: description: | Result of a verification request: - `TRUE`: when the network locates the device within the requested area, - `FALSE`: when the requested area does not match the area where the network locates the device, - `PARTIAL`: when the requested area partially match the area where the network locates the device. A `match_rate` is included in the response. type: string enum: - "TRUE" - "FALSE" - "PARTIAL" MatchRate: description: Estimation of the match rate between the area in the request (R), and area where the network locates the device (N), calculated as the percent value of the intersection of both areas divided by the network area, that is (R ∩ N) / N * 100. Included only if VerificationResult is PARTIAL. type: integer minimum: 1 maximum: 99 LastLocationTime: description: Timestamp of the last location information. It must follow [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) and must have time zone. example: "2023-09-07T10:40:52Z" format: date-time type: string ErrorInfo: description: Common schema for errors type: object required: - status - code - message properties: status: type: integer description: HTTP response status code code: type: string description: A human-readable code to describe the error message: type: string description: A human-readable description of what the event represents responses: Generic400: description: Bad Request headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 400 code: enum: - INVALID_ARGUMENT - OUT_OF_RANGE examples: GENERIC_400_INVALID_ARGUMENT: description: Invalid Argument. Generic Syntax Exception value: status: 400 code: INVALID_ARGUMENT message: Client specified an invalid argument, request body or query param. GENERIC_400_OUT_OF_RANGE: description: Out of Range. Specific Syntax Exception used when a given field has a pre-defined range or a invalid filter criteria combination is requested value: status: 400 code: OUT_OF_RANGE message: Client specified an invalid range. Generic401: description: Unauthorized headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 401 code: enum: - UNAUTHENTICATED examples: GENERIC_401_UNAUTHENTICATED: description: Request cannot be authenticated and a new authentication is required value: status: 401 code: UNAUTHENTICATED message: Request not authenticated due to missing, invalid, or expired credentials. A new authentication is required. Generic403: description: Forbidden headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 403 code: enum: - PERMISSION_DENIED examples: GENERIC_403_PERMISSION_DENIED: description: Permission denied. OAuth2 token access does not have the required scope or when the user fails operational security value: status: 403 code: PERMISSION_DENIED message: Client does not have sufficient permissions to perform this action. VerifyLocationNotFound404: description: Not found headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 404 code: enum: - IDENTIFIER_NOT_FOUND examples: GENERIC_404_IDENTIFIER_NOT_FOUND: description: Some identifier cannot be matched to a device value: status: 404 code: IDENTIFIER_NOT_FOUND message: Device identifier not found. VerifyLocationUnprocessableEntity422: description: Unprocessable Content headers: x-correlator: $ref: "#/components/headers/x-correlator" content: application/json: schema: allOf: - $ref: "#/components/schemas/ErrorInfo" - type: object properties: status: enum: - 422 code: enum: - SERVICE_NOT_APPLICABLE - MISSING_IDENTIFIER - UNSUPPORTED_IDENTIFIER - UNNECESSARY_IDENTIFIER - LOCATION_VERIFICATION.AREA_NOT_COVERED - LOCATION_VERIFICATION.INVALID_AREA - LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE - LOCATION_VERIFICATION.UNABLE_TO_LOCATE examples: GENERIC_422_SERVICE_NOT_APPLICABLE: description: Service not applicable for the provided identifier value: status: 422 code: SERVICE_NOT_APPLICABLE message: The service is not available for the provided identifier. GENERIC_422_MISSING_IDENTIFIER: description: An identifier is not included in the request and the device or phone number identification cannot be derived from the 3-legged access token value: status: 422 code: MISSING_IDENTIFIER message: The device cannot be identified. GENERIC_422_UNSUPPORTED_IDENTIFIER: description: None of the provided identifiers is supported by the implementation value: status: 422 code: UNSUPPORTED_IDENTIFIER message: The identifier provided is not supported. GENERIC_422_UNNECESSARY_IDENTIFIER: description: An explicit identifier is provided when a device or phone number has already been identified from the access token value: status: 422 code: UNNECESSARY_IDENTIFIER message: The device is already identified by the access token. LOCATION_VERIFICATION_422_AREA_NOT_COVERED: summary: The area cannot be covered description: The system is not able cover the requested area value: status: 422 code: LOCATION_VERIFICATION.AREA_NOT_COVERED message: "Unable to cover the requested area" LOCATION_VERIFICATION_422_INVALID_AREA: summary: Invalid area description: The requested area is too small to be supported by the system. value: status: 422 code: LOCATION_VERIFICATION.INVALID_AREA message: "The requested area is too small" LOCATION_VERIFICATION_422_UNABLE_TO_FULFILL_MAX_AGE: summary: Unable to fulfill maxAge description: The system is not able to provide the fresh location required by the client value: status: 422 code: LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE message: "Unable to provide expected freshness for location" LOCATION_VERIFICATION_422_UNABLE_TO_LOCATE: summary: Unable to locate device description: The network cannot locate the device value: status: 422 code: LOCATION_VERIFICATION.UNABLE_TO_LOCATE message: "The network is unable to locate the device"