GSMA Camara Project Device Location Verification API

openapi: 3.0.3
info:
  title: Global System for Mobile Communications GSMA Camara Project Device Location Verification API
  description: >-
    Device Location Verification API checks if a mobile device is in proximity
    of a given location. The API request contains the location to be checked and
    an accuracy range in km (between 2km and 200km). The API response indicates
    whether the location is within the accuracy range of the last known location
    of the MSISDN.
  version: 1.0.0
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0.html
  x-camara-commonalities: 0.4.0
externalDocs:
  description: Project documentation at CAMARA
  url: https://github.com/camaraproject/DeviceLocation
servers:
  - url: '{apiRoot}/location-verification/v1'
    variables:
      apiRoot:
        default: http://localhost:9091
        description: API root
tags:
  - name: Location Verification
    description: Verification of the location of a device
paths:
  /verify:
    post:
      tags:
        - Location Verification
      summary: Global System for Mobile Communications Verify the location of a device
      description: >
        Verify whether the location of a device is within a requested area. The
        operation returns a verification result and, optionally, a match rate
        estimation for the location verification in percent.
      operationId: verifyLocation
      parameters:
        - $ref: '#/components/parameters/x-correlator'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/VerifyLocationRequest'
            examples:
              INPUT_PHONE_NUMBER_CIRCLE:
                summary: Phone number, circle and maxAge
                description: >-
                  Verify if device identified by a phone number is within a
                  circle, providing a maxAge
                value:
                  device:
                    phoneNumber: '+123456789'
                  area:
                    areaType: CIRCLE
                    center:
                      latitude: 50.735851
                      longitude: 7.10066
                    radius: 50000
                  maxAge: 120
              INPUT_IP_ADDRESS_V4_CIRCLE:
                summary: IPv4 address, circle, without maxAge
                description: >-
                  Verify if device identified by an IPv4 address is within a
                  circle, not indicating a maxAge
                value:
                  device:
                    ipv4Address:
                      publicAddress: 123.234.1.2
                      publicPort: 1234
                  area:
                    areaType: CIRCLE
                    center:
                      latitude: 50.735851
                      longitude: 7.10066
                    radius: 50000
              INPUT_NO_DEVICE:
                summary: Device not provided
                description: The device has to be deducted from token
                value:
                  area:
                    areaType: CIRCLE
                    center:
                      latitude: 50.735851
                      longitude: 7.10066
                    radius: 50000
                  maxAge: 120
      responses:
        '200':
          description: Location verification result
          headers:
            x-correlator:
              $ref: '#/components/headers/x-correlator'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/VerifyLocationResponse'
              examples:
                VERIFICATION_TRUE:
                  summary: Match
                  description: The network locates the device within the requested area
                  value:
                    verificationResult: 'TRUE'
                    lastLocationTime: '2023-09-07T10:40:52.000Z'
                VERIFICATION_FALSE:
                  summary: No match
                  description: >-
                    The requested area does not match the area where the network
                    locates the device
                  value:
                    verificationResult: 'FALSE'
                    lastLocationTime: '2023-09-07T10:40:52.000Z'
                VERIFICATION_UNKNOWN:
                  summary: Unknown
                  description: The network cannot locate the device
                  value:
                    verificationResult: UNKNOWN
                VERIFICATION_PARTIAL:
                  summary: Partial match
                  description: >-
                    The requested area partially matches the area where the
                    network locates the device
                  value:
                    verificationResult: PARTIAL
                    matchRate: 74
                    lastLocationTime: '2023-09-07T10:40:52.000Z'
        '400':
          $ref: '#/components/responses/Generic400'
        '401':
          $ref: '#/components/responses/Generic401'
        '403':
          $ref: '#/components/responses/Generic403'
        '404':
          $ref: '#/components/responses/Generic404'
        '422':
          $ref: '#/components/responses/VerifyLocationUnprocessableEntity422'
        '429':
          $ref: '#/components/responses/Generic429'
        '500':
          $ref: '#/components/responses/Generic500'
        '503':
          $ref: '#/components/responses/Generic503'
      security:
        - openId:
            - location-verification:verify
components:
  securitySchemes:
    openId:
      description: OpenID Connect authentication
      type: openIdConnect
      openIdConnectUrl: https://example.org/.well-known/openid-configuration
  parameters:
    x-correlator:
      name: x-correlator
      in: header
      description: Correlation id for the different services
      schema:
        type: string
  headers:
    x-correlator:
      description: Correlation id for the different services
      schema:
        type: string
  schemas:
    Area:
      description: Base schema for all areas
      type: object
      properties:
        areaType:
          $ref: '#/components/schemas/AreaType'
      required:
        - areaType
      discriminator:
        propertyName: areaType
        mapping:
          CIRCLE: '#/components/schemas/Circle'
    AreaType:
      type: string
      description: |
        Type of this area.
        CIRCLE - The area is defined as a circle.
      enum:
        - CIRCLE
    Circle:
      description: Circular area
      allOf:
        - $ref: '#/components/schemas/Area'
        - type: object
          properties:
            center:
              $ref: '#/components/schemas/Point'
            radius:
              type: integer
              description: Expected accuracy for the verification in meters, from center
              minimum: 2000
              maximum: 200000
          required:
            - center
            - radius
      example:
        areaType: CIRCLE
        center:
          latitude: 50.735851
          longitude: 7.10066
        radius: 50000
    Point:
      type: object
      description: Coordinates (latitude, longitude) defining a location in a map
      required:
        - latitude
        - longitude
      properties:
        latitude:
          $ref: '#/components/schemas/Latitude'
        longitude:
          $ref: '#/components/schemas/Longitude'
      example:
        latitude: 50.735851
        longitude: 7.10066
    Latitude:
      description: Latitude component of a location
      type: number
      format: double
      minimum: -90
      maximum: 90
      example: 50.735851
    Longitude:
      description: Longitude component of location
      type: number
      format: double
      minimum: -180
      maximum: 180
      example: 7.10066
    VerifyLocationRequest:
      description: >-
        Request to verify the location of a device. Device is not required when
        using a 3-legged access token, following the rules in the description.
      type: object
      properties:
        device:
          $ref: '#/components/schemas/Device'
        area:
          $ref: '#/components/schemas/Area'
        maxAge:
          $ref: '#/components/schemas/MaxAge'
      required:
        - area
    VerifyLocationResponse:
      description: Response to a location verification request
      type: object
      required:
        - verificationResult
      properties:
        lastLocationTime:
          $ref: '#/components/schemas/LastLocationTime'
        verificationResult:
          $ref: '#/components/schemas/VerificationResult'
        matchRate:
          $ref: '#/components/schemas/MatchRate'
    Device:
      description: >
        End-user equipment able to connect to a mobile network. Examples of
        devices include smartphones or IoT sensors/actuators.


        The developer can choose to provide the below specified device
        identifiers:


        * `ipv4Address`

        * `ipv6Address`

        * `phoneNumber`

        * `networkAccessIdentifier`


        NOTE1: the MNO might support only a subset of these options. The API
        invoker can provide multiple identifiers to be compatible across
        different MNOs. In this case the identifiers MUST belong to the same
        device

        NOTE2: for the Commonalities release v0.4, we are enforcing that the
        networkAccessIdentifier is only part of the schema for future-proofing,
        and CAMARA does not currently allow its use. After the CAMARA
        meta-release work is concluded and the relevant issues are resolved, its
        use will need to be explicitly documented in the guidelines.
      type: object
      properties:
        phoneNumber:
          $ref: '#/components/schemas/PhoneNumber'
        networkAccessIdentifier:
          $ref: '#/components/schemas/NetworkAccessIdentifier'
        ipv4Address:
          $ref: '#/components/schemas/DeviceIpv4Addr'
        ipv6Address:
          $ref: '#/components/schemas/DeviceIpv6Address'
      minProperties: 1
    PhoneNumber:
      description: >-
        A public identifier addressing a telephone subscription. In mobile
        networks it corresponds to the MSISDN (Mobile Station International
        Subscriber Directory Number). In order to be globally unique it has to
        be formatted in international format, according to E.164 standard,
        prefixed with '+'.
      type: string
      pattern: ^\+[1-9][0-9]{4,14}$
      example: '+123456789'
    NetworkAccessIdentifier:
      description: >-
        A public identifier addressing a subscription in a mobile network. In
        3GPP terminology, it corresponds to the GPSI formatted with the External
        Identifier ({Local Identifier}@{Domain Identifier}). Unlike the
        telephone number, the network access identifier is not subjected to
        portability ruling in force, and is individually managed by each
        operator.
      type: string
      example: [email protected]
    DeviceIpv4Addr:
      type: object
      description: >
        The device should be identified by either the public (observed) IP
        address and port as seen by the application server, or the private
        (local) and any public (observed) IP addresses in use by the device
        (this information can be obtained by various means, for example from
        some DNS servers).


        If the allocated and observed IP addresses are the same (i.e. NAT is not
        in use) then  the same address should be specified for both
        publicAddress and privateAddress.


        If NAT64 is in use, the device should be identified by its publicAddress
        and publicPort, or separately by its allocated IPv6 address (field
        ipv6Address of the Device object)


        In all cases, publicAddress must be specified, along with at least one
        of either privateAddress or publicPort, dependent upon which is known.
        In general, mobile devices cannot be identified by their public IPv4
        address alone.
      properties:
        publicAddress:
          $ref: '#/components/schemas/SingleIpv4Addr'
        privateAddress:
          $ref: '#/components/schemas/SingleIpv4Addr'
        publicPort:
          $ref: '#/components/schemas/Port'
      anyOf:
        - required:
            - publicAddress
            - privateAddress
        - required:
            - publicAddress
            - publicPort
      example:
        publicAddress: 84.125.93.10
        publicPort: 59765
    SingleIpv4Addr:
      description: A single IPv4 address with no subnet mask
      type: string
      format: ipv4
      example: 84.125.93.10
    Port:
      description: TCP or UDP port number
      type: integer
      minimum: 0
      maximum: 65535
    DeviceIpv6Address:
      description: >
        The device should be identified by the observed IPv6 address, or by any
        single IPv6 address from within the subnet allocated to the device (e.g.
        adding ::0 to the /64 prefix).
      type: string
      format: ipv6
      example: 2001:db8:85a3:8d3:1319:8a2e:370:7344
    MaxAge:
      description: >-
        The maximum age (in seconds) for the location known by the
        implementation, which is accepted for the verification. Absence of
        maxAge means "any age" and maxAge=0 means a fresh calculation.
      type: integer
      example: 120
    VerificationResult:
      description: |
        Result of a verification request:
          - `TRUE`: when the network locates the device within the requested area,
          - `FALSE`: when the requested area does not match the area where the network locates the device,
          - `UNKNOWN`: when the network cannot locate the device,
          - `PARTIAL`: when the requested area partially match the area where the network locates the device. A `match_rate` is included in the response.
      type: string
      enum:
        - 'TRUE'
        - 'FALSE'
        - UNKNOWN
        - PARTIAL
    MatchRate:
      description: >-
        Estimation of the match rate between the area in the request (R), and
        area where the network locates the device (N), calculated as the percent
        value of the intersection of both areas divided by the network area,
        that is (R ) N) / N * 100. Included only if VerificationResult is
        PARTIAL.
      type: integer
      minimum: 1
      maximum: 99
    LastLocationTime:
      description: >-
        Timestamp of the last location information. It must follow RFC 3339 and
        must have time zone. Recommended format is yyyy-MM-dd'T'HH:mm:ss.SSSZ
        (i.e. which allows 2023-07-03T14:27:08.312+02:00 or
        2023-07-03T12:27:08.312Z)
      example: '2023-09-07T10:40:52Z'
      format: date-time
      type: string
    ErrorInfo:
      description: Common schema for errors
      type: object
      required:
        - status
        - code
        - message
      properties:
        status:
          type: integer
          description: HTTP status code returned along with this error response
        code:
          type: string
          description: Code given to this error
        message:
          type: string
          description: Detailed error description
  responses:
    Generic400:
      description: Bad Request
      headers:
        x-correlator:
          $ref: '#/components/headers/x-correlator'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorInfo'
          examples:
            GENERIC_400_INVALID_ARGUMENT:
              summary: Generic Invalid Argument
              description: Invalid Argument. Generic Syntax Exception
              value:
                status: 400
                code: INVALID_ARGUMENT
                message: >-
                  Client specified an invalid argument, request body or query
                  param.
            GENERIC_400_OUT_OF_RANGE:
              summary: Generic Out of Range
              description: >-
                Out of Range. Specific Syntax Exception used when a given field
                has a pre-defined range or a invalid filter criteria combination
                is requested
              value:
                status: 400
                code: OUT_OF_RANGE
                message: Client specified an invalid range.
    Generic401:
      description: Unauthorized
      headers:
        x-correlator:
          $ref: '#/components/headers/x-correlator'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorInfo'
          examples:
            GENERIC_401_UNAUTHENTICATED:
              summary: Generic Unauthenticated
              description: Request cannot be authenticated
              value:
                status: 401
                code: UNAUTHENTICATED
                message: >-
                  Request not authenticated due to missing, invalid, or expired
                  credentials.
            GENERIC_401_AUTHENTICATION_REQUIRED:
              summary: Generic Authentication Required
              description: New authentication is needed, authentication is no longer valid
              value:
                status: 401
                code: AUTHENTICATION_REQUIRED
                message: New authentication is required.
    Generic403:
      description: Forbidden
      headers:
        x-correlator:
          $ref: '#/components/headers/x-correlator'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorInfo'
          examples:
            GENERIC_403_PERMISSION_DENIED:
              summary: Generic Permission Denied
              description: >-
                Permission denied. OAuth2 token access does not have the
                required scope or when the user fails operational security
              value:
                status: 403
                code: PERMISSION_DENIED
                message: >-
                  Client does not have sufficient permissions to perform this
                  action.
            GENERIC_403_INVALID_TOKEN_CONTEXT:
              summary: Invalid access token context
              description: >-
                Reflects some inconsistency between information in some field of
                the API and the related OAuth2 Token
              value:
                status: 403
                code: INVALID_TOKEN_CONTEXT
                message: '{{field}} is not consistent with access token.'
    Generic404:
      description: Not found
      headers:
        x-correlator:
          $ref: '#/components/headers/x-correlator'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorInfo'
          examples:
            GENERIC_404_NOT_FOUND:
              summary: Generic Not Found
              description: Resource is not found
              value:
                status: 404
                code: NOT_FOUND
                message: '{{resource}} is not found'
            GENERIC_404_DEVICE_NOT_FOUND:
              summary: Some identifier cannot be matched to a device
              description: >-
                One or more of the provided device identifiers do not match any
                device
              value:
                status: 404
                code: DEVICE_NOT_FOUND
                message: No device found for a provided identifier
    VerifyLocationUnprocessableEntity422:
      description: Unprocessable Entity
      headers:
        x-correlator:
          $ref: '#/components/headers/x-correlator'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorInfo'
          examples:
            LOCATION_VERIFICATION_422_UNABLE_TO_FULFILL_MAX_AGE:
              summary: Unable to fulfill maxAge
              description: >-
                The system is not able to provide the fresh location required by
                the client
              value:
                status: 422
                code: LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE
                message: Unable to provide expected freshness for location
            GENERIC_422_UNPROCESSABLE_ENTITY:
              summary: Unprocessable entity
              description: >-
                The request was well-formed but was unable to be processed due
                to semantic errors or not applicable values. This is the generic
                error code for 422 responses.
              value:
                status: 422
                code: UNPROCESSABLE_ENTITY
                message: 'Value not acceptable: ...'
            GENERIC_422_DEVICE_NOT_APPLICABLE:
              summary: Service not applicable to the device
              description: >-
                The provided device is not compatible with the requested
                operation, according to the service provider rules.
              value:
                status: 422
                code: DEVICE_NOT_APPLICABLE
                message: The device is not applicable for the requested operation
            GENERIC_422_DEVICE_IDENTIFIERS_MISMATCH:
              summary: Device identifiers mismatch
              description: >-
                Several device identifiers are provided but do not match the
                same device
              value:
                status: 422
                code: DEVICE_IDENTIFIERS_MISMATCH
                message: The provided device identifiers do not match the same device
            GENERIC_422_UNSUPPORTED_DEVICE_IDENTIFIERS:
              summary: >-
                None of the provided device identifiers is supported by the
                implementation
              description: Message may list the supported device identifiers
              value:
                status: 422
                code: UNSUPPORTED_DEVICE_IDENTIFIERS
                message: 'Supported device supported are: ...'
            GENERIC_422_UNIDENTIFIABLE_DEVICE:
              summary: No identifier provided
              description: No device identifier provided for the device to be located
              value:
                status: 422
                code: UNIDENTIFIABLE_DEVICE
                message: A device must be provided
    Generic429:
      description: Too Many Requests
      headers:
        x-correlator:
          $ref: '#/components/headers/x-correlator'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorInfo'
          examples:
            GENERIC_429_QUOTA_EXCEEDED:
              description: Request is rejected due to exceeding a business quota limit
              value:
                status: 429
                code: QUOTA_EXCEEDED
                message: Either out of resource quota or reaching rate limiting.
            GENERIC_429_TOO_MANY_REQUESTS:
              description: API Server request limit is overpassed
              value:
                status: 429
                code: TOO_MANY_REQUESTS
                message: Either out of resource quota or reaching rate limiting.
    Generic500:
      description: Internal server error
      headers:
        x-correlator:
          $ref: '#/components/headers/x-correlator'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorInfo'
          examples:
            GENERIC_500_INTERNAL:
              summary: Generic Internal
              description: Problem in Server side. Regular Server Exception
              value:
                status: 500
                code: INTERNAL
                message: Internal server error
    Generic503:
      description: Service unavailable
      headers:
        x-correlator:
          $ref: '#/components/headers/x-correlator'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorInfo'
          examples:
            GENERIC_503_UNAVAILABLE:
              summary: Generic Unavailable
              description: >-
                Service is not available. Temporary situation usually related to
                maintenance process in the server side
              value:
                status: 503
                code: UNAVAILABLE
                message: Service unavailable