openapi: 3.0.3
info:
title: Device Location Verification
description: |
This API provides the consumer with the ability to verify the location of a device.
# Introduction
API consumers are able to verify whether the location of certain user device is within the area specified. Currently the only area supported as input is a circle determined by a set of coordinates (latitude and longitude) and some expected accuracy (radius).
* If the provided area is out of the operator's coverage or it is not supported for any reason, an error `422 LOCATION_VERIFICATION.AREA_NOT_COVERED` will be returned.
* Legal restrictions regarding privacy, or other regulatory or implementation issues, may force the operator to set restrictions to the provided area, such as setting a minimum value to the accepted radius. In these cases, an error `422 LOCATION_VERIFICATION.INVALID_AREA` will be returned and the error message will refer to the reason of the limitation.
The verification result depends on the network's ability and accuracy to locate the device at the requested area.
* If the network's estimation of the device's location is fully contained within the requested area, the verification result is `TRUE`.
* If the network's estimation of the device's location does not overlap with the requested area at all, the verification result is `FALSE`.
* If the network's estimation of the device's location partially overlaps with the requested area, or it fully contains the requested area (because it is larger), the result is `PARTIAL`. In this case, a `match_rate` is included in the response, indicating an estimation of the likelihood of the match in percent.
* If the network cannot locate the device, an error with code `422 LOCATION_VERIFICATION.UNABLE_TO_LOCATE` is sent back.
* The client may optionally include a `maxAge` indication. If the location information known to the server is older than the specified `maxAge` or not known at all, an error with code `422 LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE` is sent back, independently of the verification result.
Location Verification could be useful in scenarios such as:
- Fraud protection, to ensure a given user is located in the location area claimed for financial transactions.
- Verification of GPS coordinates reported by the app on a device, to ensure the GPS was not faked, e.g. for content delivery with regional restrictions.
- Contextual-based advertising, to trigger advertising after verifying the device is in the area of interest.
- Smart mobility (vehicle / bikes renting), to confirm the location of the device and the location of the vehicle/bike to guarantee they are rented correctly.
# Relevant terms and definitions
* **Device**: A device refers to any physical entity that can connect to a network and participate in network communication.
* **Area**: It specifies the geographical surface where a device may be physically located.
* **Max Age**: Maximum age of the location information which is accepted for the location verification (in seconds).
* Absence of maxAge means "any age" is acceptable for the client. In other words, this is like maxAge=infinite. In this case the system will return `lastLocationTime`.
* maxAge=0 means a fresh calculation is requested by the client. If the system is not able to provide the fresh location, an error with code `422 LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE` is sent back.
* **Verification**: Process triggered in the API server to confirm or contradict the expectation assumed by the API client about the device location.
# API Functionality
The API exposes a single endpoint/operation:
- Verify whether the device location is within a requested area, currently a circle with center specified by the latitude and longitude, and radius specified by the accuracy. The operation returns a verification result and, optionally, a match rate estimation for the location verification in percent.
# Authorization and authentication
The "Camara Security and Interoperability Profile" provides details of how an API consumer requests an access token. Please refer to Identity and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the profile.
The specific authorization flows to be used will be agreed upon during the onboarding process, happening between the API consumer and the API provider, taking into account the declared purpose for accessing the API, whilst also being subject to the prevailing legal framework dictated by local legislation.
In cases where personal data is processed by the API and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of three-legged access tokens is mandatory. This ensures that the API remains in compliance with privacy regulations, upholding the principles of transparency and user-centric privacy-by-design.
# Identifying the device from the access token
This API requires the API consumer to identify a device as the subject of the API as follows:
- When the API is invoked using a two-legged access token, the subject will be identified from the optional `device` object, which therefore MUST be provided.
- When a three-legged access token is used however, this optional identifier MUST NOT be provided, as the subject will be uniquely identified from the access token.
This approach simplifies API usage for API consumers using a three-legged access token to invoke the API by relying on the information that is associated with the access token and was identified during the authentication process.
## Error handling:
- If the subject cannot be identified from the access token and the optional `device` object is not included in the request, then the server will return an error with the `422 MISSING_IDENTIFIER` error code.
- If the subject can be identified from the access token and the optional `device` object is also included in the request, then the server will return an error with the `422 UNNECESSARY_IDENTIFIER` error code. This will be the case even if the same device is identified by these two methods, as the server is unable to make this comparison.
# Multi-SIM scenario handling
In multi-SIM scenarios, where more than one mobile device is associated with the phone number given as input in the API call (e.g. a smartphone with an associated smartwatch), it might not be possible to uniquely identify the device whose location is to be verified. Check with the API provider what is the expected behaviour when a phone number belonging to a multi-SIM group is used as the device identifier, as the API may response with:
- an error indicating that that phone number is not supported for this API, or
- the verification for a single device in the multi-SIM group, if one of the devices is considered linked to the main SIM and this concept is supported by the operator, or
- a verification value that combines the location verification of all the SIMs associated to the requested phone number.
Possible solutions to make the scenario more deterministic include:
- Using preferably the authorisation code flow to obtain an access token, which will automatically identify the intended device.
- Identifying the intended device from a unique identifier for that device, such as its source IP address and port.
- Check with the API provider whether a unique "secondary" phone number is already associated with each device and use the secondary phone number to identify the intended device if available.
# Additional CAMARA error responses
The list of error codes in this API specification is not exhaustive. Therefore the API specification may not document some non-mandatory error statuses as indicated in `CAMARA API Design Guide`.
Please refer to the `CAMARA_common.yaml` of the Commonalities Release associated to this API version for a complete list of error responses. The applicable Commonalities Release can be identified in the `API Readiness Checklist` document associated to this API version.
As a specific rule, error `501 - NOT_IMPLEMENTED` can be only a possible error response if it is explicitly documented in the API.
# Further info and support
(FAQs will be added in a later version of the documentation)
version: wip
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0.html
x-camara-commonalities: tbd
externalDocs:
description: Project documentation at CAMARA
url: https://github.com/camaraproject/DeviceLocation
servers:
- url: "{apiRoot}/location-verification/vwip"
variables:
apiRoot:
default: http://localhost:9091
description: API root
tags:
- name: Location verification
description: Verification of the location of a device
paths:
/verify:
post:
tags:
- Location verification
summary: Verify the location of a device
description: |
Verify whether the location of a device is within a requested area. The operation returns a verification result and, optionally, a match rate estimation for the location verification in percent.
operationId: verifyLocation
parameters:
- $ref: "#/components/parameters/x-correlator"
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/VerifyLocationRequest"
examples:
INPUT_PHONE_NUMBER_CIRCLE:
summary: Phone number, circle and maxAge
description: Verify if device identified by a phone number is within a circle, providing a maxAge
value:
device:
phoneNumber: "+123456789"
area:
areaType: CIRCLE
center:
latitude: 50.735851
longitude: 7.10066
radius: 50000
maxAge: 120
INPUT_IP_ADDRESS_V4_CIRCLE:
summary: IPv4 address, circle, without maxAge
description: Verify if device identified by an IPv4 address is within a circle, not indicating a maxAge
value:
device:
ipv4Address:
publicAddress: 123.234.1.2
publicPort: 1234
area:
areaType: CIRCLE
center:
latitude: 50.735851
longitude: 7.10066
radius: 50000
INPUT_PHONE_NUMBER_IP_ADDRESS_V4_CIRCLE:
summary: Both phone number and IPv4 address, circle and maxAge
description: Verify if device identified both by a phone number and an IPv4 address is within a circle, providing a maxAge
value:
device:
phoneNumber: "+123456789"
ipv4Address:
publicAddress: 123.234.1.2
publicPort: 1234
area:
areaType: CIRCLE
center:
latitude: 50.735851
longitude: 7.10066
radius: 50000
maxAge: 120
INPUT_NO_DEVICE:
summary: Device not provided
description: The device has to be deducted from token
value:
area:
areaType: CIRCLE
center:
latitude: 50.735851
longitude: 7.10066
radius: 50000
maxAge: 120
responses:
"200":
description: Location verification result
headers:
x-correlator:
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
$ref: "#/components/schemas/VerifyLocationResponse"
examples:
VERIFICATION_TRUE:
summary: Match
description: The network locates the device within the requested area
value:
verificationResult: "TRUE"
lastLocationTime: "2023-09-07T10:40:52Z"
VERIFICATION_TRUE_WITH_DEVICE:
summary: Match returning the device identifier used by the implementation
description: The network locates the device within the requested area. Response when the request used a 2-legged access token with multiple device identifiers, or possibly only a single device identifier
value:
verificationResult: "TRUE"
lastLocationTime: "2023-09-07T10:40:52Z"
device:
phoneNumber: "+123456789"
VERIFICATION_FALSE:
summary: No match
description: The requested area does not match the area where the network locates the device
value:
verificationResult: "FALSE"
lastLocationTime: "2023-09-07T10:40:52Z"
VERIFICATION_PARTIAL:
summary: Partial match
description: The requested area partially matches the area where the network locates the device
value:
verificationResult: "PARTIAL"
matchRate: 74
lastLocationTime: "2023-09-07T10:40:52Z"
"400":
$ref: "#/components/responses/Generic400"
"401":
$ref: "#/components/responses/Generic401"
"403":
$ref: "#/components/responses/Generic403"
"404":
$ref: "#/components/responses/VerifyLocationNotFound404"
"422":
$ref: "#/components/responses/VerifyLocationUnprocessableEntity422"
security:
- openId:
- location-verification:verify
components:
securitySchemes:
openId:
description: OpenID Connect authentication
type: openIdConnect
openIdConnectUrl: https://example.org/.well-known/openid-configuration
parameters:
x-correlator:
name: x-correlator
in: header
description: Correlation id for the different services
schema:
$ref: "#/components/schemas/XCorrelator"
headers:
x-correlator:
description: Correlation id for the different services
schema:
$ref: "#/components/schemas/XCorrelator"
schemas:
XCorrelator:
type: string
pattern: ^[a-zA-Z0-9-_:;.\/<>{}]{0,256}$
example: "b4333c46-49c0-4f62-80d7-f0ef930f1c46"
Area:
description: Base schema for all areas
type: object
properties:
areaType:
$ref: "#/components/schemas/AreaType"
required:
- areaType
discriminator:
propertyName: areaType
mapping:
CIRCLE: "#/components/schemas/Circle"
AreaType:
type: string
description: |
Type of this area.
CIRCLE - The area is defined as a circle.
enum:
- CIRCLE
Circle:
description: Circular area
allOf:
- $ref: "#/components/schemas/Area"
- type: object
properties:
center:
$ref: "#/components/schemas/Point"
radius:
type: number
description: |
Expected accuracy for the verification, in meters from `center`.
Note: The area surface could be restricted locally depending on regulations. Implementations may enforce a larger minimum radius (e.g. 1000 meters).
minimum: 1
required:
- center
- radius
example:
areaType: CIRCLE
center:
latitude: 50.735851
longitude: 7.10066
radius: 50000
Point:
type: object
description: Coordinates (latitude, longitude) defining a location in a map
required:
- latitude
- longitude
properties:
latitude:
$ref: "#/components/schemas/Latitude"
longitude:
$ref: "#/components/schemas/Longitude"
example:
latitude: 50.735851
longitude: 7.10066
Latitude:
description: Latitude component of a location
type: number
format: double
minimum: -90
maximum: 90
example: 50.735851
Longitude:
description: Longitude component of location
type: number
format: double
minimum: -180
maximum: 180
example: 7.10066
VerifyLocationRequest:
description: Request to verify the location of a device. Device is not required when using a 3-legged access token, following the rules in the description.
type: object
properties:
device:
$ref: "#/components/schemas/Device"
area:
$ref: "#/components/schemas/Area"
maxAge:
$ref: "#/components/schemas/MaxAge"
required:
- area
VerifyLocationResponse:
description: Response to a location verification request
type: object
required:
- verificationResult
- lastLocationTime
properties:
verificationResult:
$ref: "#/components/schemas/VerificationResult"
lastLocationTime:
$ref: "#/components/schemas/LastLocationTime"
matchRate:
$ref: "#/components/schemas/MatchRate"
device:
$ref: "#/components/schemas/DeviceResponse"
Device:
description: |
End-user device able to connect to a mobile network. Examples of devices include smartphones or IoT sensors/actuators.
The developer can choose to provide the below specified device identifiers:
* `ipv4Address`
* `ipv6Address`
* `phoneNumber`
* `networkAccessIdentifier`
NOTE1: the API provider might support only a subset of these options. The API consumer can provide multiple identifiers to be compatible across different API providers. In this case the identifiers MUST belong to the same device. Where more than one device identifier is provided, only one identifier will be selected by the implementation and this choice indicated to the API consumer in the response.
NOTE2: as for this Commonalities release, we are enforcing that the networkAccessIdentifier is only part of the schema for future-proofing, and CAMARA does not currently allow its use. After the CAMARA meta-release work is concluded and the relevant issues are resolved, its use will need to be explicitly documented in the guidelines.
type: object
properties:
phoneNumber:
$ref: "#/components/schemas/PhoneNumber"
networkAccessIdentifier:
$ref: "#/components/schemas/NetworkAccessIdentifier"
ipv4Address:
$ref: "#/components/schemas/DeviceIpv4Addr"
ipv6Address:
$ref: "#/components/schemas/DeviceIpv6Address"
minProperties: 1
PhoneNumber:
description: A public identifier addressing a telephone subscription. In mobile networks it corresponds to the MSISDN (Mobile Station International Subscriber Directory Number). In order to be globally unique it has to be formatted in international format, according to E.164 standard, prefixed with '+'.
type: string
pattern: '^\+[1-9][0-9]{4,14}$'
example: "+123456789"
NetworkAccessIdentifier:
description: A public identifier addressing a subscription in a mobile network. In 3GPP terminology, it corresponds to the GPSI formatted with the External Identifier ({Local Identifier}@{Domain Identifier}). Unlike the telephone number, the network access identifier is not subjected to portability ruling in force, and is individually managed by each operator.
type: string
example: "[email protected]"
DeviceIpv4Addr:
type: object
description: |
The device should be identified by either the public (observed) IP address and port as seen by the application server, or the private (local) and any public (observed) IP addresses in use by the device (this information can be obtained by various means, for example from some DNS servers).
If the allocated and observed IP addresses are the same (i.e. NAT is not in use) then the same address should be specified for both publicAddress and privateAddress.
If NAT64 is in use, the device should be identified by its publicAddress and publicPort, or separately by its allocated IPv6 address (field ipv6Address of the Device object)
In all cases, publicAddress must be specified, along with at least one of either privateAddress or publicPort, dependent upon which is known. In general, mobile devices cannot be identified by their public IPv4 address alone.
properties:
publicAddress:
$ref: "#/components/schemas/SingleIpv4Addr"
privateAddress:
$ref: "#/components/schemas/SingleIpv4Addr"
publicPort:
$ref: "#/components/schemas/Port"
anyOf:
- required: [publicAddress, privateAddress]
- required: [publicAddress, publicPort]
example:
publicAddress: "84.125.93.10"
publicPort: 59765
SingleIpv4Addr:
description: A single IPv4 address with no subnet mask
type: string
format: ipv4
example: "84.125.93.10"
Port:
description: TCP or UDP port number
type: integer
minimum: 0
maximum: 65535
DeviceIpv6Address:
description: |
The device should be identified by the observed IPv6 address, or by any single IPv6 address from within the subnet allocated to the device (e.g. adding ::0 to the /64 prefix).
type: string
format: ipv6
example: 2001:db8:85a3:8d3:1319:8a2e:370:7344
DeviceResponse:
description: |
An identifier for the end-user equipment able to connect to the network that the response refers to. This parameter is only returned when the API consumer includes the `device` parameter in their request (i.e. they are using a two-legged access token), and is relevant when more than one device identifier is specified, as only one of those device identifiers is allowed in the response.
If the API consumer provides more than one device identifier in their request, the API provider must return a single identifier which is the one they are using to fulfil the request, even if the identifiers do not match the same device. API provider does not perform any logic to validate/correlate that the indicated device identifiers match the same device. No error should be returned if the identifiers are otherwise valid to prevent API consumers correlating different identifiers with a given end user.
allOf:
- $ref: "#/components/schemas/Device"
- maxProperties: 1
MaxAge:
description: The maximum age (in seconds) for the location known by the implementation, which is accepted for the verification. Absence of maxAge means "any age" and maxAge=0 means a fresh calculation.
type: integer
minimum: 0
example: 120
VerificationResult:
description: |
Result of a verification request:
- `TRUE`: when the network locates the device within the requested area,
- `FALSE`: when the requested area does not match the area where the network locates the device,
- `PARTIAL`: when the requested area partially match the area where the network locates the device. A `match_rate` is included in the response.
type: string
enum:
- "TRUE"
- "FALSE"
- "PARTIAL"
MatchRate:
description: Estimation of the match rate between the area in the request (R), and area where the network locates the device (N), calculated as the percent value of the intersection of both areas divided by the network area, that is (R ∩ N) / N * 100. Included only if VerificationResult is PARTIAL.
type: integer
minimum: 1
maximum: 99
LastLocationTime:
description: Timestamp of the last location information. It must follow [RFC 3339](https://datatracker.ietf.org/doc/html/rfc3339#section-5.6) and must have time zone.
example: "2023-09-07T10:40:52Z"
format: date-time
type: string
ErrorInfo:
description: Common schema for errors
type: object
required:
- status
- code
- message
properties:
status:
type: integer
description: HTTP response status code
code:
type: string
description: A human-readable code to describe the error
message:
type: string
description: A human-readable description of what the event represents
responses:
Generic400:
description: Bad Request
headers:
x-correlator:
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
allOf:
- $ref: "#/components/schemas/ErrorInfo"
- type: object
properties:
status:
enum:
- 400
code:
enum:
- INVALID_ARGUMENT
- OUT_OF_RANGE
examples:
GENERIC_400_INVALID_ARGUMENT:
description: Invalid Argument. Generic Syntax Exception
value:
status: 400
code: INVALID_ARGUMENT
message: Client specified an invalid argument, request body or query param.
GENERIC_400_OUT_OF_RANGE:
description: Out of Range. Specific Syntax Exception used when a given field has a pre-defined range or a invalid filter criteria combination is requested
value:
status: 400
code: OUT_OF_RANGE
message: Client specified an invalid range.
Generic401:
description: Unauthorized
headers:
x-correlator:
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
allOf:
- $ref: "#/components/schemas/ErrorInfo"
- type: object
properties:
status:
enum:
- 401
code:
enum:
- UNAUTHENTICATED
examples:
GENERIC_401_UNAUTHENTICATED:
description: Request cannot be authenticated and a new authentication is required
value:
status: 401
code: UNAUTHENTICATED
message: Request not authenticated due to missing, invalid, or expired credentials. A new authentication is required.
Generic403:
description: Forbidden
headers:
x-correlator:
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
allOf:
- $ref: "#/components/schemas/ErrorInfo"
- type: object
properties:
status:
enum:
- 403
code:
enum:
- PERMISSION_DENIED
examples:
GENERIC_403_PERMISSION_DENIED:
description: Permission denied. OAuth2 token access does not have the required scope or when the user fails operational security
value:
status: 403
code: PERMISSION_DENIED
message: Client does not have sufficient permissions to perform this action.
VerifyLocationNotFound404:
description: Not found
headers:
x-correlator:
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
allOf:
- $ref: "#/components/schemas/ErrorInfo"
- type: object
properties:
status:
enum:
- 404
code:
enum:
- IDENTIFIER_NOT_FOUND
examples:
GENERIC_404_IDENTIFIER_NOT_FOUND:
description: Some identifier cannot be matched to a device
value:
status: 404
code: IDENTIFIER_NOT_FOUND
message: Device identifier not found.
VerifyLocationUnprocessableEntity422:
description: Unprocessable Content
headers:
x-correlator:
$ref: "#/components/headers/x-correlator"
content:
application/json:
schema:
allOf:
- $ref: "#/components/schemas/ErrorInfo"
- type: object
properties:
status:
enum:
- 422
code:
enum:
- SERVICE_NOT_APPLICABLE
- MISSING_IDENTIFIER
- UNSUPPORTED_IDENTIFIER
- UNNECESSARY_IDENTIFIER
- LOCATION_VERIFICATION.AREA_NOT_COVERED
- LOCATION_VERIFICATION.INVALID_AREA
- LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE
- LOCATION_VERIFICATION.UNABLE_TO_LOCATE
examples:
GENERIC_422_SERVICE_NOT_APPLICABLE:
description: Service not applicable for the provided identifier
value:
status: 422
code: SERVICE_NOT_APPLICABLE
message: The service is not available for the provided identifier.
GENERIC_422_MISSING_IDENTIFIER:
description: An identifier is not included in the request and the device or phone number identification cannot be derived from the 3-legged access token
value:
status: 422
code: MISSING_IDENTIFIER
message: The device cannot be identified.
GENERIC_422_UNSUPPORTED_IDENTIFIER:
description: None of the provided identifiers is supported by the implementation
value:
status: 422
code: UNSUPPORTED_IDENTIFIER
message: The identifier provided is not supported.
GENERIC_422_UNNECESSARY_IDENTIFIER:
description: An explicit identifier is provided when a device or phone number has already been identified from the access token
value:
status: 422
code: UNNECESSARY_IDENTIFIER
message: The device is already identified by the access token.
LOCATION_VERIFICATION_422_AREA_NOT_COVERED:
summary: The area cannot be covered
description: The system is not able cover the requested area
value:
status: 422
code: LOCATION_VERIFICATION.AREA_NOT_COVERED
message: "Unable to cover the requested area"
LOCATION_VERIFICATION_422_INVALID_AREA:
summary: Invalid area
description: The requested area is too small to be supported by the system.
value:
status: 422
code: LOCATION_VERIFICATION.INVALID_AREA
message: "The requested area is too small"
LOCATION_VERIFICATION_422_UNABLE_TO_FULFILL_MAX_AGE:
summary: Unable to fulfill maxAge
description: The system is not able to provide the fresh location required by the client
value:
status: 422
code: LOCATION_VERIFICATION.UNABLE_TO_FULFILL_MAX_AGE
message: "Unable to provide expected freshness for location"
LOCATION_VERIFICATION_422_UNABLE_TO_LOCATE:
summary: Unable to locate device
description: The network cannot locate the device
value:
status: 422
code: LOCATION_VERIFICATION.UNABLE_TO_LOCATE
message: "The network is unable to locate the device"