openapi: 3.0.3
info:
title: Quality-On-Demand
description: |
The Quality-On-Demand (QoD) API provides a programmable interface for API consumers to request stable latency or throughput managed by networks without the necessity to have an in-depth knowledge of the underlying network complexity (e.g. the 4G/5G system in case of a mobile network).
# Introduction
Industrial (IoT), VR/Gaming, live video streaming, autonomous driving and many other scenarios demand network communication quality and are sensitive to any change in transmission conditions. Being able to request a stable latency (reduced jitter) or prioritized throughput from the network can improve user experience substantially.
The QoD API offers the API consumers the capability to request for stable latency (reduced jitter) or throughput for some specified application data flows between application clients (within a user device) and application servers (backend services). The API consumer has a pre-defined set of Quality of Service (QoS) profiles which they could choose from depending on their latency or throughput requirements.
The usage of the API is based on QoS session resources, which can be created (based on available QoS profiles), queried and deleted. The deletion of a requested session can be triggered by the API consumer or can be triggered automatically once the QoS session has reached its limit.
# Relevant terms and definitions
* **QOD service endpoint**:
The URL pointing to the RESTful resource of the QoD API.
* **Authentication**:
Security access keys such as OAuth 2.0 client credentials used by client applications to invoke the QoD API.
* **QoS profiles**:
Latency, throughput or priority requirements of the application mapped to relevant QoS profile values. The set of QoS Profiles that an API provider is offering may be retrieved via the `qos-profiles` API (cf. https://github.com/camaraproject/QualityOnDemand/) or will be agreed during the onboarding with the API provider.
* **Identifier for the device**:
At least one identifier for the device (user equipment) out of four options: IPv4 address, IPv6 address, Phone Number, or Network Access Identifier assigned by the mobile network operator for the device. Where more than one device identifier is provided, only one identifier will be selected by the implementation and this choice indicated to the API consumer in the session details. If only a single device identifier is provided, the implementation may or may not include the device identifier in the session details.
Note: Network Access Identifier is defined for future use and will not be supported with this version of the API.
* **Identifier for the application server**:
IPv4 and/or IPv6 address of the application server (application backend)
* **App-Flow (between the application client and application server)**:
The precise application data flow the API consumer wants to prioritize and have stable latency or throughput for. This flow is in the current API version determined by the identified device and the application server. And it can be further elaborated with details such as ports or port-ranges. Future version of the API might allow more detailed flow identification features.
* **Duration**:
Duration (in seconds) for which the QoS session (between application client and application server) should be created. Limits for session duration can be set by the implementation for the QoS profile. The user may request a termination before its expiration.
* **Notification URL and token**:
The API consumer may provide a callback URL (`sink`) on which notifications about all status change events (eg. session termination) can be received from the API provider. This is an optional parameter. The notification will be sent as a CloudEvent compliant message.
If `sink` is included, it is RECOMMENDED for the client to provide as well the `sinkCredential` property to protect the notification endpoint. In the current version, `sinkCredential.credentialType` MUST be set to `ACCESSTOKEN` if provided.
# API functionality
The usage of the QoD API is based on QoS profile classes and parameters which define App-Flows.
Based on the API, QoS session resources can be created, queried, and deleted. Once an offered QoS profile class is requested, application users get a prioritized service with stable latency or throughput even in the case of congestion. The QoD API has the following characteristics:
* A specified App-Flow is prioritized to ensure stable latency or throughput for that flow.
* The prioritized App-Flow is described by providing information such as device IP address (or other device identifier) & application server IP addresses and port/port-ranges.
* The API consumer specifies the duration for which they need the prioritized App-flow.
* Stable latency or throughput is requested by selecting from the list of QoS profiles made available by the service provider (e.g. QOS_E) to map latency and throughput requirements.
* The API consumer can optionally also specify callback URL (`sink` param) on which notifications for the session can be sent. <br>
Following diagram shows the interaction between different components
# Authorization and authentication
The "Camara Security and Interoperability Profile" provides details of how an API consumer requests an access token. Please refer to Identity and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the profile.
The specific authorization flows to be used will be agreed upon during the onboarding process, happening between the API consumer and the API provider, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation.
In cases where personal data is processed by the API and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of three-legged access tokens is mandatory. This ensures that the API remains in compliance with privacy regulations, upholding the principles of transparency and user-centric privacy-by-design.
# Identifying the device from the access token
This API requires the API consumer to identify a device as the subject of the API as follows:
- When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided.
- When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token.
This approach simplifies API usage for API consumers using a three-legged access token to invoke the API by relying on the information that is associated with the access token and was identified during the authentication process.
## Error handling:
- If the subject cannot be identified from the access token and the optional `device` object is not included in the request, then the server will return an error with the `422 MISSING_IDENTIFIER` error code.
- If the subject can be identified from the access token and the optional `device` object is also included in the request, then the server will return an error with the `422 UNNECESSARY_IDENTIFIER` error code. This will be the case even if the same device is identified by these two methods, as the server is unable to make this comparison.
- If the requested `qosProfile` exists but is currently not available for creating a session (e.g., its status is INACTIVE or DEPRECATED), then the server will return an error with the `422 QUALITY_ON_DEMAND.QOS_PROFILE_NOT_APPLICABLE` error code.
# Multi-SIM scenario handling
In multi-SIM scenarios where more than one mobile device is associated with a phone number (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device to which the enhanced QoS profile should apply from that phone number. If the phone number is used as the device identifier when creating a QoS session in a multi-SIM scenario, the API may respond with an error, apply the enhanced QoS profile to all devices in the multi-SIM group, or apply the enhanced QoS profile to a single device in the multi-SIM group which may not be the intended device.
Possible solutions in such a scenario include:
- Using the authorisation code flow to obtain an access token, which will automatically identify the intended device
- Identifying the intended device from a unique identifier for that device, such as its source IP address and port
- Check with the SIM provider whether a unique "secondary" phone number is already associated with each device, and use the secondary phone number to identify the intended device if available
# Additional CAMARA error responses
The list of error codes in this API specification is not exhaustive. Therefore the API specification may not document some non-mandatory error statuses as indicated in `CAMARA API Design Guide`.
Please refer to the `CAMARA_common.yaml` of the Commonalities Release associated to this API version for a complete list of error responses. The applicable Commonalities Release can be identified in the `API Readiness Checklist` document associated to this API version.
As a specific rule, error `501 - NOT_IMPLEMENTED` can be only a possible error response if it is explicitly documented in the API.
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
version: wip
x-camara-commonalities: 0.6
externalDocs:
description: Product documentation at CAMARA
url: https://github.com/camaraproject/QualityOnDemand
servers:
- url: "{apiRoot}/quality-on-demand/vwip"
variables:
apiRoot:
default: http://localhost:9091
description: API root, defined by the service provider, e.g. `api.example.com` or `api.example.com/somepath`
tags:
- name: QoS Sessions
description: Manage QoS sessions
paths:
/sessions:
post:
tags:
- QoS Sessions
summary: Creates a new session
description: |
Create QoS Session to manage latency/throughput priorities
If the qosStatus in the API response is "AVAILABLE" and a notification callback is provided the API consumer will receive in addition to the response a
`QOS_STATUS_CHANGED` event notification with `qosStatus` as `AVAILABLE`.
If the `qosStatus` in the API response is `REQUESTED`, the client will receive either
- a `QOS_STATUS_CHANGED` event notification with `qosStatus` as `AVAILABLE` after the network notifies that it has created the requested session, or
- a `QOS_STATUS_CHANGED` event notification with `qosStatus` as `UNAVAILABLE` and `statusInfo` as `NETWORK_TERMINATED` after the network notifies that it has failed to provide the requested session.
A `QOS_STATUS_CHANGED` event notification with `qosStatus` as `UNAVAILABLE` will also be send if the network terminates the session before the requested duration expired
**NOTES:**
- In case of a `QOS_STATUS_CHANGED` event with `qosStatus` as `UNAVAILABLE` and `statusInfo` as `NETWORK_TERMINATED` the resources of the QoS session are not directly released, but will get deleted automatically at earliest 360 seconds after the event.
This behavior allows API consumers which are not receiving notification events but are polling to get the session information with the `qosStatus` `UNAVAILABLE` and `statusInfo` `NETWORK_TERMINATED`. Before a API consumer can attempt to create a new QoD session for the same device and flow period they must release the session resources with an explicit `delete` operation if not yet automatically deleted.
- The access token may be either 2-legged or 3-legged. See "Identifying the device from the access token" for further information
- When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided.
- When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token.
operationId: createSession
security:
- openId:
- quality-on-demand:sessions:create
parameters:
- $ref: "#/components/parameters/x-correlator"
requestBody:
description: Parameters to create a new session
content:
application/json:
schema:
$ref: "#/components/schemas/CreateSession"
required: true
callbacks:
notifications:
"{$request.body#/sink}":
post:
tags:
- Session notifications callback
summary: "Session notifications callback"
description: |
Important: this endpoint is to be implemented by the API consumer.
The API provider will call this endpoint whenever any QoS session change (e.g. network termination) related event occurs.
Currently only QOS_STATUS_CHANGED event is defined.
operationId: postNotification
parameters:
- $ref: "#/components/parameters/x-correlator"
requestBody:
required: true
content:
application/cloudevents+json:
schema:
$ref: "#/components/schemas/CloudEvent"
examples:
QOS_STATUS_CHANGED_EXAMPLE:
$ref: "#/components/examples/QOS_STATUS_CHANGED_EXAMPLE"
responses:
"204":
description: Successful notification
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
"400":
$ref: "#/components/responses/Generic400"
"401":
$ref: "#/components/responses/Generic401"
"403":
$ref: "#/components/responses/Generic403"
"410":
$ref: "#/components/responses/Generic410"
security:
- {}
- notificationsBearerAuth: []
responses:
"201":
description: Session created
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
content:
application/json:
schema:
$ref: "#/components/schemas/SessionInfo"
examples:
Successful Session Creation:
$ref: "#/components/examples/SESSION_CREATION_EXAMPLE"
Successful Session Creation With Device Disambiguation:
$ref: "#/components/examples/SESSION_CREATION_EXAMPLE_WITH_DEVICE_RESPONSE"
"400":
$ref: "#/components/responses/CreateSessionBadRequest400"
"401":
$ref: "#/components/responses/Generic401"
"403":
$ref: "#/components/responses/Generic403"
"404":
$ref: "#/components/responses/GenericDevice404"
"409":
$ref: "#/components/responses/SessionInConflict409"
"422":
$ref: "#/components/responses/CreateSessionUnprocessableEntity422"
"429":
$ref: "#/components/responses/Generic429"
/sessions/{sessionId}:
get:
tags:
- QoS Sessions
summary: Get QoS session information
description: |
Querying for QoS session resource information details
**NOTES:**
- The access token may be either 2-legged or 3-legged.
- If a 3-legged access token is used, the end user (and device) associated with the session must also be associated with the access token.
- The session must have been created by the same API client given in the access token
operationId: getSession
security:
- openId:
- quality-on-demand:sessions:read
parameters:
- name: sessionId
in: path
description: Session ID that was obtained from the createSession operation
required: true
schema:
$ref: "#/components/schemas/SessionId"
- $ref: "#/components/parameters/x-correlator"
responses:
"200":
description: Contains information about active session
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
content:
application/json:
schema:
$ref: "#/components/schemas/SessionInfo"
examples:
SESSION_AVAILABLE:
$ref: '#/components/examples/SESSION_AVAILABLE_EXAMPLE'
SESSION_UNAVAILABLE:
$ref: '#/components/examples/SESSION_UNAVAILABLE_EXAMPLE'
"400":
$ref: "#/components/responses/Generic400"
"401":
$ref: "#/components/responses/Generic401"
"403":
$ref: "#/components/responses/Generic403"
"404":
$ref: "#/components/responses/Generic404"
"429":
$ref: "#/components/responses/Generic429"
delete:
tags:
- QoS Sessions
summary: Delete a QoS session
description: |
Release resources related to QoS session
If the notification callback is provided and the `qosStatus` of the session was `AVAILABLE` the client will receive in addition to the response a `QOS_STATUS_CHANGED` event with
- `qosStatus` as `UNAVAILABLE` and
- `statusInfo` as `DELETE_REQUESTED`
There will be no notification event if the `qosStatus` was already `UNAVAILABLE`.
**NOTES:**
- The access token may be either 2-legged or 3-legged.
- If a 3-legged access token is used, the subject associated with the session must also be associated with the access token.
- The session must must have been created by the same API consumer given in the access token
operationId: deleteSession
security:
- openId:
- quality-on-demand:sessions:delete
parameters:
- name: sessionId
in: path
description: Session ID that was obtained from the createSession operation
required: true
schema:
$ref: "#/components/schemas/SessionId"
- $ref: "#/components/parameters/x-correlator"
responses:
"204":
description: Session deleted
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
"400":
$ref: "#/components/responses/Generic400"
"401":
$ref: "#/components/responses/Generic401"
"403":
$ref: "#/components/responses/Generic403"
"404":
$ref: "#/components/responses/Generic404"
"429":
$ref: "#/components/responses/Generic429"
/sessions/{sessionId}/extend:
post:
tags:
- QoS Sessions
summary: "Extend the duration of an active session"
description: |
Extend the overall session duration of an active QoS session (with qosStatus = AVAILABLE).
The overall duration of the QoS session, including the additional extended duration, shall not exceed the maximum duration limit fixed for the QoS Profile. If the current duration plus the value of `requestedAdditionalDuration` exceeds the maximum limit, the new overall duration shall be capped to the maximum value allowed.
An example: For a QoS profile limited to a `maxDuration` of 50,000 seconds, a QoD session was originally created with duration 30,000 seconds. Before the session expires, the API consumer requests to extend the session by another 30,000 seconds:
- Previous duration: 30,000 seconds
- Requested additional duration: 30,000 seconds
- New overall session duration: 50,000 seconds (the maximum allowed)
**NOTES:**
- The access token may be either 2-legged or 3-legged.
- If a 3-legged access token is used, the subject associated with the session must also be associated with the access token.
- The session must must have been created by the same API consumer given in the access token
operationId: extendQosSessionDuration
security:
- openId:
- quality-on-demand:sessions:update
parameters:
- name: sessionId
in: path
description: Session ID that was obtained from the createSession operation
required: true
schema:
$ref: "#/components/schemas/SessionId"
- $ref: "#/components/parameters/x-correlator"
requestBody:
description: Parameters to extend the duration of an active session
content:
application/json:
schema:
$ref: "#/components/schemas/ExtendSessionDuration"
required: true
responses:
"200":
description: Contains information about active session
headers:
x-correlator:
$ref: '#/components/headers/x-correlator'
content:
application/json:
schema:
$ref: "#/components/schemas/SessionInfo"
examples:
SESSION_EXTENDED:
$ref: "#/components/examples/SESSION_EXTENDED_EXAMPLE"
SESSION_EXTENDED_WITH_DEVICE_RESPONSE:
$ref: "#/components/examples/SESSION_EXTENDED_EXAMPLE_WITH_DEVICE_RESPONSE"
"400":
$ref: "#/components/responses/GenericExtendSessionDuration400"
"401":
$ref: "#/components/responses/Generic401"
"403":
$ref: "#/components/responses/Generic403"
"404":
$ref: "#/components/responses/Generic404"
"409":
$ref: "#/components/responses/SessionStatusConflict409"
"429":
$ref: "#/components/responses/Generic429"
/retrieve-sessions:
post:
tags:
- QoS Sessions
summary: Get QoS session information for a device
description: |
Querying for QoS session resource information details for a device
**NOTES:**
- The access token may be either 2-legged or 3-legged.
- If a 3-legged access token is used, the subject associated with the session must also be associated with the access token. In this case the optional `device` parameter MUST NOT be provided in the request.
- If a 2-legged access token is used, the device parameter must be provided and identify a device.
- The session must have been created by the same API consumer given in the access token
- If no QoS session is found for the requested device, an empty array is returned.
- This call uses the POST method instead of GET to comply with the CAMARA Commonalities guidelines for sending sensitive or complex data in API calls. Since the device field may contain personally identifiable information, it should not be sent via GET.
[CAMARA API Design Guidelines](https://github.com/camaraproject/Commonalities/blob/r3.3/documentation/CAMARA-API-Design-Guide.md#65-post-or-get-for-transferring-sensitive-or-complex-data)
operationId: retrieveSessionsByDevice
parameters:
- $ref: "#/components/parameters/x-correlator"
requestBody:
description: Parameters to get QoS session information by device
content:
application/json:
schema:
$ref: "#/components/schemas/RetrieveSessionsInput"
required: true
responses:
"200":
description: Returns the QoS sessions information for a given device. A device may have multiple sessions, thus the response is an array. An empty array is returned if no sessions are found.
headers:
x-correlator:
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/RetrieveSessionsOutput"
examples:
RETRIEVE_SESSIONS_ONE_ITEM:
$ref: "#/components/examples/RETRIEVE_SESSIONS_EXAMPLE"
RETRIEVE_SESSIONS_ONE_ITEM_WITH_DEVICE_DISAMBIGUATION_REQUIRED:
$ref: "#/components/examples/RETRIEVE_SESSIONS_EXAMPLE_WITH_DEVICE_RESPONSE"
RETRIEVE_SESSIONS_NO_ITEMS:
$ref: "#/components/examples/RETRIEVE_SESSIONS_EMPTY_EXAMPLE"
"400":
$ref: "#/components/responses/Generic400"
"401":
$ref: "#/components/responses/Generic401"
"403":
$ref: "#/components/responses/Generic403"
"404":
$ref: "#/components/responses/GenericDevice404"
"422":
$ref: "#/components/responses/Generic422"
"429":
$ref: "#/components/responses/Generic429"
security:
- openId:
- "quality-on-demand:sessions:retrieve-by-device"
components:
securitySchemes:
openId:
type: openIdConnect
openIdConnectUrl: https://example.com/.well-known/openid-configuration
notificationsBearerAuth:
description: Bearer authentication for notifications
type: http
scheme: bearer
bearerFormat: "{$request.body#sinkCredential.credentialType}"
parameters:
x-correlator:
name: x-correlator
in: header
description: Correlation id for the different services
schema:
$ref: "#/components/schemas/XCorrelator"
headers:
x-correlator:
description: Correlation id for the different services
schema:
$ref: "#/components/schemas/XCorrelator"
schemas:
XCorrelator:
description: Value for the x-correlator
type: string
pattern: ^[a-zA-Z0-9-_:;.\/<>{}]{0,256}$
example: "b4333c46-49c0-4f62-80d7-f0ef930f1c46"
SessionId:
description: Session ID in UUID format
type: string
format: uuid
BaseSessionInfo:
description: Common attributes of a QoD session
type: object
properties:
applicationServer:
$ref: "#/components/schemas/ApplicationServer"
devicePorts:
description: The ports used locally by the device for flows to which the requested QoS profile should apply. If omitted, then the qosProfile will apply to all flows between the device and the specified application server address and ports
allOf:
- $ref: "#/components/schemas/PortsSpec"
applicationServerPorts:
description: A list of single ports or port ranges on the application server
allOf:
- $ref: "#/components/schemas/PortsSpec"
qosProfile:
$ref: "#/components/schemas/QosProfileName"
sink:
type: string
format: uri
pattern: ^https:\/\/.+$
description: The address to which events about all status changes of the session (e.g. session termination) shall be delivered using the selected protocol.
example: "https://endpoint.example.com/sink"
sinkCredential:
description: A sink credential provides authentication or authorization information necessary to enable delivery of events to a target.
allOf:
- $ref: "#/components/schemas/SinkCredential"
required:
- applicationServer
- qosProfile
SessionInfo:
description: |
Session related information returned in responses.
Note that the device object is defined as optional and will only to be returned if provided in createSession. If more than one type of device identifier was provided, only one identifier will be returned (at implementation choice and with the original value provided in createSession).
Please note that IP addresses of devices can change and get reused, so the original values may no longer identify the same device. They identified the device at the time of session creation.
allOf:
- type: object
properties:
device:
description: Disambiguates the device to which the session applies when multiple device identifiers were provided
allOf:
- $ref: "#/components/schemas/DeviceResponse"
- example: {"phoneNumber": "+123456789"}
- $ref: "#/components/schemas/BaseSessionInfo"
- type: object
properties:
sessionId:
$ref: "#/components/schemas/SessionId"
duration:
description: |
Session duration in seconds. Implementations can grant the requested session duration or set a different duration, based on network policies or conditions.
- When `qosStatus` is "REQUESTED", the value is the duration to be scheduled, granted by the implementation.
- When `qosStatus` is AVAILABLE", the value is the overall duration since `startedAt. When the session is extended, the value is the new overall duration of the session.
- When `qosStatus` is "UNAVAILABLE", the value is the overall effective duration since `startedAt` until the session was terminated.
type: integer
format: int32
minimum: 1
example: 3600
startedAt:
description: Date and time when the QoS status became "AVAILABLE". Not to be returned when `qosStatus` is "REQUESTED". It must follow [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) and must have time zone.
type: string
format: date-time
example: "2024-06-01T12:00:00Z"
expiresAt:
description: |
Date and time of the QoS session expiration. It must follow [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) and must have time zone.
- When `qosStatus` is "AVAILABLE", it is the limit time when the session is scheduled to finnish, if not terminated by other means.
- When `qosStatus` is "UNAVAILABLE", it is the time when the session was terminated.
- Not to be returned when `qosStatus` is "REQUESTED".
When the session is extended, the value is the new expiration time of the session.
type: string
format: date-time
example: "2024-06-01T13:00:00Z"
qosStatus:
$ref: "#/components/schemas/QosStatus"
statusInfo:
$ref: "#/components/schemas/StatusInfo"
required:
- sessionId
- duration
- qosStatus
CreateSession:
description: Attributes required to create a session
allOf:
- type: object
properties:
device:
$ref: "#/components/schemas/Device"
- $ref: "#/components/schemas/BaseSessionInfo"
- type: object
properties:
duration:
description: |
Requested session duration in seconds. Value may be explicitly limited for the QoS profile, as specified in the Qos Profile (see qos-profile API). Implementations can grant the requested session duration or set a different duration, based on network policies or conditions.
type: integer
format: int32
minimum: 1
example: 3600
required:
- duration
Port:
description: TCP or UDP port number
type: integer
minimum: 0
maximum: 65535
PortsSpec:
description: Specification of several TCP or UDP ports
type: object
minProperties: 1
properties:
ranges:
description: Range of TCP or UDP ports
type: array
minItems: 1
items:
type: object
required:
- from
- to
properties:
from:
$ref: "#/components/schemas/Port"
to:
# --- truncated at 32 KB (71 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/camara-project/refs/heads/main/openapi/quality-on-demand-openapi.yml