CAMARA Call Forwarding Signal API

---
openapi: 3.0.3
############################################################################
#                                     API info                             #
############################################################################
info:
  title: Call Forwarding Signal
  description: |
    # Overview
    The Call Forwarding Signal API provides the API Consumer with
    information about the status of the Call Forwarding Service on a specific
    phone number. The main scope of the Call Forwarding Signal API is "anti
    Fraud" to avoid fraudsters to use the Call Forwarding Service to carry
    on a scam. Other use cases are anyway supported by the Call Forwarding
    Signal API that also
    provides additional endpoints to detect the general Call Forwarding
    Service settings.
    # Introduction
    The Call Forwarding Service is provided by the Network to a phone
    number. This service redirects the incoming call to that phone number
    to an alternative destination such as another phone number or a voice mail
    system. There are two main types of call forwarding settings:
    unconditional and conditional.
    The Call Forwarding Signal API can be invoked to detect if the unconditional
    call forwarding service is active. The Call Forwarding Signal API can also
    be invoked to
    get the general status of the Call Forwarding Service (inactive,
    conditional, unconditional). If conditional call forwarding is active,
    the different type of settings are returned ('conditional_busy',
    'conditional_not_reachable', 'conditional_no_answer').

    **Example use cases:**

    [**Bank Frauds**](https://github.com/camaraproject/CallForwardingSignal/discussions/3#discussioncomment-8694420)

    [**Alert Interception**](https://github.com/camaraproject/CallForwardingSignal/discussions/3#discussioncomment-8701847)

    [**Call Forwarding Verification**](https://github.com/camaraproject/CallForwarding\Signal/discussions/3#discussioncomment-8915595)
    # Quick Start
    The Call Forwarding Signal API is a REST API based on the
    CreateCallForwardingSignal resource.
    This resource can be used, by the API Consumer, to specify the phone number
    on which the Call Forwarding Service status must be verified, in case of
    two-legged authentication. If three-legged authentication is used the phone
    number is instead detected, by the API Producer, from the access token.

    Before starting to use the Call Forwarding API, the developer needs to know
    about the below specified details:

    **phoneNumber**
    This is the end user phone number. The Call Forwarding Signal API verifies
    if a call forwarding
    service is active on this phone number. Note: this parameter must be
    must be provided/valued only in case of two-legged authentication.
    In case of three-legged authentication the phone number is retrieved by
    the access token.

    **CreateCallForwardingSignal**
    This is the resource the API Consumer uses to define the phone number to
    be verified about the status of the Network Call Forwarding service.

    **UnconditionalCallForwardingSignal**
    This is the resource the API Consumer gets back, containing the information
    about the Unconditional Call Forwarding Service status for the given phone
    number (PhoneNumber).

    **CallForwardingSignal**
    This is the resource the API Consumer gets back, containing the information
    about the general status of the Network Call Forwarding service for the
    specified phone number.

    The Call Forwarding Signal API provides two endpoints fulfilling the
    following intents:
    - **unconditional-call-forwardings**: Is the unconditional call fwd service
    active on a specific phone number?
    - **call-forwardings**: Which is the status of the call forwarding for a
    specific phone number?
    # API Documentation
    ## Details
    The Call Forwarding Signal API is invoked by an API Consumer after the
    Consent Management flow.

    The API Consumer can request the API Producer for the status of the
    Unconditional Call Forwarding service using the
    unconditional-call-forwardings POST method. A boolean, with the information
    about the activation status of the call forwarding service, will be
    provided back via the UnconditionalCallForwardingSignal resource.

    The API Consumer can also request the API Producer for the generic status of
    the Call Forwarding service using the call-forwardings POST method. An array
    of strings with the information of the type of active call forwarding
    services will be provided back via the CallForwardingSignal resource.
    # Authorization and authentication
    The "Camara Security and Interoperability Profile" provides details of how
    an API consumer requests an access token. Please refer to Identity and
    Consent Management
    (https://github.com/camaraproject/IdentityAndConsentManagement/)
    for the released version of the profile.

    The specific authorization flows to be used will be agreed upon during the
    onboarding process, happening between the API consumer and the API
    provider, taking into account the declared purpose for accessing the API,
    whilst also being subject to the prevailing legal framework dictated by
    local legislation.

    In cases where personal data is processed by the API and users can
    exercise their rights through mechanisms such as opt-in and/or opt-out,
    the use of three-legged access tokens is mandatory. This ensures that
    the API remains in compliance with privacy regulations, upholding the
    principles of transparency and user-centric privacy-by-design.
    # Identifying the phone number from the access token
    This API requires the API consumer to identify a phone number as the
    subject of the API as follows:
    - When the API is invoked using a two-legged access token, the subject
    will be identified from the optional `phoneNumber` object field, which
    therefore MUST be provided.
    - When a three-legged access token is used however, this optional
    identifier MUST NOT be provided, as the subject will be uniquely
    identified from the access token.

    This approach simplifies API usage for API consumers using a
    three-legged access token to invoke the API by relying on the
    information that is associated with the access token and was
    identified during the authentication process.
    ## Error handling:

    - If the subject cannot be identified from the access token and the
    optional `phoneNumber` object field is not included in the request, then
    the server will return an error with the
    `422 MISSING_IDENTIFIER` error code.

    - If the subject can be identified from the access token and the
    optional `phoneNumber` object field is also included in the request, then
    the server will return an error with the `422 UNNECESSARY_IDENTIFIER`
    error code. This will be the case even if the same device is
    identified by these two methods, as the server is unable to make
    this comparison.

    # Additional CAMARA error responses
    The list of error codes in this API specification is not exhaustive.
    Therefore the API specification may not document some non-mandatory error
    statuses as indicated in `CAMARA API Design Guide`.

    Please refer to the `CAMARA_common.yaml` of the Commonalities Release
    associated to this API version for a complete list of error responses.
    The applicable Commonalities Release can be identified in the
    `API Readiness Checklist` document associated to this API version.

    As a specific rule, error `501 - NOT_IMPLEMENTED` can be only a possible
    error response if it is explicitly documented in the API.
    # FAQ's
    (FAQs will be added in a later version of the documentation)

  version: wip
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  x-camara-commonalities: 0.6
externalDocs:
  description: Product documentation at CAMARA
  url: https://github.com/camaraproject/CallForwardingSignal
############################################################################
#                                     Servers                              #
############################################################################
servers:
  - url: "{apiRoot}/call-forwarding-signal/vwip"
    variables:
      apiRoot:
        default: http://localhost:9091
        description: API root, defined by the service provider, e.g. `api.example.com` or `api.example.com/somepath`
############################################################################
#                                     Tags                                #
############################################################################
tags:
  - name: Unconditional Call Forwarding information retrieval
    description: Provides information on Unconditional Call Forwarding
     settings for the provided phone number (PhoneNumber)
  - name: Call Forwarding information retrieval
    description: Provides information on Call Forwarding settings for the
     provided phone number (PhoneNumber).
############################################################################
#                                     Paths                                #
############################################################################
paths:
  /unconditional-call-forwardings:
    post:
      tags:
        - Unconditional Call Forwarding information retrieval
      security:
        - openId:
            - 'call-forwarding-signal:unconditional-call-forwardings:read'
      summary: Retrieve the information about the status of the
       unconditional call forwarding service on a phone number (PhoneNumber)
      description: This endpoint provides information about the status
       of the unconditional call forwarding, being active or not.
      operationId: retrieveUnconditionalCallForwarding
      parameters:
        - $ref: '#/components/parameters/x-correlator'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateCallForwardingSignal'
        required: true
      responses:
        '200':
          description: OK.
          headers:
            x-correlator:
              $ref: '#/components/headers/x-correlator'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UnconditionalCallForwardingSignal'
        "400":
          $ref: "#/components/responses/Generic400"
        '404':
          $ref: '#/components/responses/Generic404'
        "401":
          $ref: "#/components/responses/Generic401"
        "403":
          $ref: "#/components/responses/Generic403"
        "422":
          $ref: "#/components/responses/Generic422"
        "429":
          $ref: "#/components/responses/Generic429"
  /call-forwardings:
    post:
      tags:
        - Call Forwarding information retrieval
      security:
        - openId:
            - 'call-forwarding-signal:call-forwardings:read'
      summary: Retrieve the information about the type of call forwarding
       service active on a phone number (PhoneNumber)
      description: This endpoint provides information about which type of
       call forwarding service is active. More than one service can be
       active, e.g. conditional and unconditional. This endpoint exceeds
       the main scope of the Call Forwarding Signal API, for this reason
       an error code 501 can be returned.
      operationId: retrieveCallForwarding
      parameters:
        - $ref: '#/components/parameters/x-correlator'
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateCallForwardingSignal'
        required: true
      responses:
        '200':
          description: OK.
          headers:
            x-correlator:
              $ref: '#/components/headers/x-correlator'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CallForwardingSignal'
        "400":
          $ref: "#/components/responses/Generic400"
        '404':
          $ref: '#/components/responses/Generic404'
        "401":
          $ref: "#/components/responses/Generic401"
        "403":
          $ref: "#/components/responses/Generic403"
        "422":
          $ref: "#/components/responses/Generic422"
        "429":
          $ref: "#/components/responses/Generic429"
        "501":
          $ref: "#/components/responses/Generic501"
############################################################################
#                                 Components                               #
############################################################################
components:
  securitySchemes:
    openId:
      description: to support Consent Management
      type: openIdConnect
      openIdConnectUrl: https://example.com/.well-known/openid-configuration
  parameters:
    x-correlator:
      name: x-correlator
      in: header
      description: Correlation id for the different services
      schema:
        $ref: "#/components/schemas/XCorrelator"
  headers:
    x-correlator:
      description: Correlation id for the different services
      schema:
        $ref: "#/components/schemas/XCorrelator"
  ############################################################################
  #                                 Resources                                #
  ############################################################################
  schemas:
    UnconditionalCallForwardingSignal:
      description: resource containing the information about the Unconditional
       Call Forwarding Service for the given phone number (PhoneNumber)
      type: object
      properties:
        active:
          type: boolean
          description: Indicates if the unconditional call forwarding service
           is active.
    CallForwardingSignal:
      description: resource containing the list of the Call
       Forwarding Services active for the given phone number (PhoneNumber). The
       possible states are, 'inactive' (no call forwarding service activated),
       'unconditional' (call forwarded independently from the device status),
       'conditional_busy' (call forwarded if the device is on an active call),
       'conditional_not_reachable' (call forwarded if the device is not
       reachable), 'conditional_no_answer' (call forwarded if the device doesn't
       answer the incoming call).
      type: array
      items:
        type: string
        enum:
          - 'inactive'
          - 'unconditional'
          - 'conditional_busy'
          - 'conditional_not_reachable'
          - 'conditional_no_answer'
      example:
        - 'unconditional'
        - 'conditional_busy'
        - 'conditional_no_answer'
      minItems: 1
    XCorrelator:
      type: string
      pattern: ^[a-zA-Z0-9-_:;.\/<>{}]{0,256}$
      example: "b4333c46-49c0-4f62-80d7-f0ef930f1c46"
    ############################################################################
    #                                 Request                                  #
    ############################################################################
    CreateCallForwardingSignal:
      description: resource containing the phone number (PhoneNumber) regarding
       which the Call Forwarding Service must be checked. To be provided/valued
       only in case of two-legged authentication. If provided/valued with
       three-legged authentication a 422-UNNECESSARY_IDENTIFIER error code is
       returned.
      type: object
      properties:
        phoneNumber:
          $ref: "#/components/schemas/PhoneNumber"
    ############################################################################
    #                                 Types                                    #
    ############################################################################
    PhoneNumber:
      description: A public identifier addressing a telephone subscription.
       In mobile networks it corresponds to the MSISDN (Mobile Station
       International Subscriber Directory Number). In order to be globally
       unique it has to be formatted in international format, according to E.164
       standard, prefixed with '+'.
      type: string
      pattern: '^\+[1-9][0-9]{4,14}$'
      example: "+123456789"
    ############################################################################
    #                                 Responces                                #
    ############################################################################
    ErrorInfo:
      type: object
      required:
        - status
        - code
        - message
      properties:
        status:
          type: integer
          description: HTTP response status code
        code:
          type: string
          description: A human-readable code to describe the error
        message:
          type: string
          description: A human-readable description of what the event represents
  responses:
    Generic400:
      description: Bad Request
      headers:
        x-correlator:
          $ref: "#/components/headers/x-correlator"
      content:
        application/json:
          schema:
            allOf:
              - $ref: "#/components/schemas/ErrorInfo"
              - type: object
                properties:
                  status:
                    enum:
                      - 400
                  code:
                    enum:
                      - INVALID_ARGUMENT
          examples:
            GENERIC_400_INVALID_ARGUMENT:
              description: Invalid Argument. Generic Syntax Exception
              value:
                status: 400
                code: INVALID_ARGUMENT
                message: Client specified an invalid argument, request body or
                  query param.
    Generic401:
      description: Unauthorized
      headers:
        x-correlator:
          $ref: "#/components/headers/x-correlator"
      content:
        application/json:
          schema:
            allOf:
              - $ref: "#/components/schemas/ErrorInfo"
              - type: object
                properties:
                  status:
                    enum:
                      - 401
                  code:
                    enum:
                      - UNAUTHENTICATED
          examples:
            GENERIC_401_UNAUTHENTICATED:
              description: Request cannot be authenticated and a new authentication
                is required
              value:
                status: 401
                code: UNAUTHENTICATED
                message: Request not authenticated due to missing, invalid, or expired
                  credentials. A new authentication is required.
    Generic403:
      description: Forbidden
      headers:
        x-correlator:
          $ref: "#/components/headers/x-correlator"
      content:
        application/json:
          schema:
            allOf:
              - $ref: "#/components/schemas/ErrorInfo"
              - type: object
                properties:
                  status:
                    enum:
                      - 403
                  code:
                    enum:
                      - PERMISSION_DENIED
          examples:
            GENERIC_403_PERMISSION_DENIED:
              description: Permission denied. OAuth2 token access does not have
                the required scope or when the user fails operational security
              value:
                status: 403
                code: PERMISSION_DENIED
                message: Client does not have sufficient permissions to perform
                  this action.
    Generic404:
      description: Not found
      headers:
        x-correlator:
          $ref: "#/components/headers/x-correlator"
      content:
        application/json:
          schema:
            allOf:
              - $ref: "#/components/schemas/ErrorInfo"
              - type: object
                properties:
                  status:
                    enum:
                      - 404
                  code:
                    enum:
                      - NOT_FOUND
                      - IDENTIFIER_NOT_FOUND
          examples:
            GENERIC_404_NOT_FOUND:
              description: Resource is not found
              value:
                status: 404
                code: NOT_FOUND
                message: The specified resource is not found.
            GENERIC_404_IDENTIFIER_NOT_FOUND:
              description: Call forwarding check can't be done because the
                  phone number is unknown.
              value:
                status: 404
                code: IDENTIFIER_NOT_FOUND
                message: Device identifier not found.
    Generic422:
      description: Unprocessable Content
      headers:
        x-correlator:
          $ref: "#/components/headers/x-correlator"
      content:
        application/json:
          schema:
            allOf:
              - $ref: "#/components/schemas/ErrorInfo"
              - type: object
                properties:
                  status:
                    enum:
                      - 422
                  code:
                    enum:
                      - SERVICE_NOT_APPLICABLE
                      - MISSING_IDENTIFIER
                      - UNNECESSARY_IDENTIFIER
          examples:
            GENERIC_422_SERVICE_NOT_APPLICABLE:
              description: Service not applicable for the provided
                identifier
              value:
                status: 422
                code: SERVICE_NOT_APPLICABLE
                message: The service is not available for the
                  provided identifier.
            GENERIC_422_MISSING_IDENTIFIER:
              description: An identifier is not included in the
                request and the device or phone number identification
                cannot be derived from the 3-legged access token
              value:
                status: 422
                code: MISSING_IDENTIFIER
                message: The phone number cannot be identified.
            GENERIC_422_UNNECESSARY_IDENTIFIER:
              description: An explicit identifier is provided when
                a device or phone number has already been identified
                from the access token
              value:
                status: 422
                code: UNNECESSARY_IDENTIFIER
                message: The phone number is already identified by the
                  access token.
    Generic429:
      description: Too Many Requests
      headers:
        x-correlator:
          $ref: "#/components/headers/x-correlator"
      content:
        application/json:
          schema:
            allOf:
              - $ref: "#/components/schemas/ErrorInfo"
              - type: object
                properties:
                  status:
                    enum:
                      - 429
                  code:
                    enum:
                      - QUOTA_EXCEEDED
                      - TOO_MANY_REQUESTS
          examples:
            GENERIC_429_QUOTA_EXCEEDED:
              description: Request is rejected due to exceeding a
                business quota limit
              value:
                status: 429
                code: QUOTA_EXCEEDED
                message: Out of resource quota.
            GENERIC_429_TOO_MANY_REQUESTS:
              description: Access to the API has been temporarily
                blocked due to rate or spike arrest limits being reached
              value:
                status: 429
                code: TOO_MANY_REQUESTS
                message: Rate limit reached.
    Generic501:
      description: Not Implemented
      headers:
        x-correlator:
          $ref: "#/components/headers/x-correlator"
      content:
        application/json:
          schema:
            allOf:
              - $ref: "#/components/schemas/ErrorInfo"
              - type: object
                properties:
                  status:
                    enum:
                      - 501
                  code:
                    enum:
                      - NOT_IMPLEMENTED
          examples:
            GENERIC_501_NOT_IMPLEMENTED:
              description: Service not implemented. The use of this code
                should be avoided as far as possible to get the objective
                to reach aligned implementations
              value:
                status: 501
                code: NOT_IMPLEMENTED
                message: This functionality is not implemented yet.