.wpb_animate_when_almost_visible { opacity: 1; }

Device Swap - CAMARA - Spain 0.1

  • Network APIs
  • Anti-Fraud

Provide real-time insights into whether a SIM card associated with a user’s phone number has been transferred to a different physical device

Use this API Contact us
Download

Device Swap
 0.1.0 
OAS 3.0

https://developer.orange.com/ope-contents/channels/87afd7365baec589/offers/7gX0K4DiaryjxIbI/products/f3etC85dWL8AasqX/contents/swagger/VXdarYFE5G4tSAJw/device-swap 0.1.yaml

This API allows to check the last time that the phone (device) - phone number association has changed

Introduction

The Device Swap API performs real-time checks on the last Device Swap event, providing real-time information about whether the SIM card associated with a user's phone number has been transferred to a different physical device.

Device Swap information can be invaluable for enhancing security, fraud detection, and ensuring compliance with regulatory requirements in various applications, apart from providing useful information of device upgrade trends in user segments.

This API is used by an application to get information about a mobile line's latest Device Swap date. It can be easily integrated and used through this secured API and allows SPs (Service Providers) to get this information in an easy and secured way. The API provides management of 2 endpoints answering 2 distinct questions:

  • When did the last Device Swap occur?
  • Has a Device Swap occurred during the last n hours?

Relevant terms and definitions

Device Swap: A Device Swap is a process in which the association between a user's mobile phone number (MSISDN) and a device (IMEI) is created for the first time or changes for any reasons.

API Functionality

The Device Swap API provides a programmable interface for developers and other users (capabilities consumers) to request the last date of a device swap performed on the mobile line, or, to check whether a device swap has been performed during a past period.

The API provides 2 operations:

  • POST retrieve-date: Provides timestamp of latest device swap for a given phone number. If no device swap has been performed, the API will return the first phone number usage in the device (the timestamp of the first time that the phone number was connected to the network, it is, the first time that the SIM is installed in the device) by default. It will return an empty string in case is not possible to retrieve the date (e.g. in case local regulations are preventing the safekeeping of the information for longer than the stated period, or in some edge error cases). In case no data is available in the operators records (e.g. no recorded event), API will return a 422 error.
  • POST check: Checks if device swap has been performed during a past period (defined in the request with 'maxAge' attribute) for a given phone number, the API will return boolean response (true/false), indicating that the device has been swapped or not in the specified period. In case the phone number has never been installed in a device, or no data is available in the operators records (e.g. database error), API will return a 422 error.

So, when consuming this operation, the following scenarios will exist:

The API is consumed in 3-legged:

  • If no phoneNumber is provided in the body, the API will return in the response the information of the phoneNumber that is associated to the access token.
  • If the phoneNumber is provided in the body, the API will return in the response the information of that phone number if it matches the one associated to the access token.
  • If the phoneNumber provided in the body does not match the one associated to the access token, the API will respond with HTTP 403 INVALID_TOKEN_CONTEXT.

The API is consumed in 2-legged:

  • If no phoneNumber is provided in the body, the API will respond with HTTP 400 INVALID_ARGUMENT.
  • If the phoneNumber is provided in the body, the API will return in the response the information of the phoneNumber provided in the body.

Resources and Operations overview

The API provides the following endpoints:

  • An operation to retrieve last date in which the device of the end-user was swapped.
  • An operation to check if the SIM of the end-user has been installed in a different device during a past period

Authorization and authentication

The "Camara Security and Interoperability Profile" provides details on how a client requests an access token. Please refer to Identify and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the Profile.

Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.

It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.

Apache 2.0
Servers
Computed URL:https://api.orange.com/camara/oes/device-swap/v0.1

Server variables

apiRoot

Retrieve Device Swap Date

Receive the last date in which the device of the end-user was swapped

Check Device Swap

Validate if the SIM of the end-user has been installed in a different device during a past period

HTTP status code Reason Response model
400 List of supported error codes:
- 20: Invalid URL parameter value
- 21: Missing body
- 22: Invalid body
- 23: Missing body field
- 24: Invalid body field
- 25: Missing header
- 26: Invalid header value
- 27: Missing query-string parameter
- 28: Invalid query-string parameter value		 
{
  "code": 28,
  "message": "Invalid query-string parameter value",
  "description": "One or more query-string parameters contain invalid values."
}
401 List of supported error codes:
- 40: Missing credentials
- 41: Invalid credentials
- 42: Expired credentials		 
{
  "code": 42,
  "message": "Expired credentials",
  "description": "The requested service needs credentials, and the ones provided were out-of-date."
}
403 List of supported error codes:
- 50: Access denied
- 51: Forbidden requester
- 52: Forbidden user
- 53: Too many requests		 
{
  "code": 53,
  "message": "Too many requests",
  "description": "The application has made too many calls and has exceeded the rate limit for this service."
}
404 List of supported error codes:
- 60: Resource not found		 
{
  "code": 60,
  "message": "Resource not found",
  "description": "The requested URI or the requested resource does not exist."
}
405 List of supported error codes:
- 61: Method not allowed		 
{
  "code": 61,
  "message": "Method not allowed",
  "description": "The URI does not support the requested method. The available methods should be set in the response header 'Allow'"
}
406 List of supported error codes:
- 62: Not acceptable		 
{
  "code": 62,
  "message": "Not acceptable",
  "description": "The Accept incoming header does not match any available content-type."
}
408 List of supported error codes:
- 63: Request time-out		 
{
  "code": 63,
  "message": "Request time-out",
  "description": "The server timed out waiting for the incoming request."
}
409 List of supported error codes:
- 69: Conflict		 
{
  "code": 69,
  "message": "Conflict",
  "description": "The request could not be completed due to a conflict with the current state of the resource."
}
411 List of supported error codes:
- 64: Length required		 
{
  "code": 64,
  "message": "Length required",
  "description": "The request did not specify a Content-Length header, which is required by the requested resource."
}
412 List of supported error codes:
- 65: Precondition failed		 
{
  "code": 65,
  "message": "Precondition failed",
  "description": "One of the precondition request headers (aka. 'If-None-Match', 'If-Match', 'If-Modified-Since', and 'If-Unmodified-Since') failed to match."
}
413 List of supported error codes:
- 66: Request entity too large		 
{
  "code": 66,
  "message": "Request entity too large",
  "description": "The body of the request/response (PATCH, POST and PUT methods) is larger than the server is willing or able to process."
}
414 List of supported error codes:
- 67: Request-URI too long		 
{
  "code": 67,
  "message": "Request-URI too long",
  "description": "The URI provided was too long for the server to process."
}
415 List of supported error codes:
- 68: Unsupported Media Type		 
{
  "code": 68,
  "message": "Unsupported Media Type",
  "description": "The format of the posted body is not supported by the endpoint."
}
429 List of supported error codes:
- 53: Too many requests		 
{
  "code": 53,
  "message": "Too many requests",
  "description": "The application has made too many calls and has exceeded the rate limit for this service."
}
500 List of supported error codes:
- 1: Internal error		 
{
  "code": 1,
  "message": "Internal error",
  "description": "Generic failure message, used if no more precise code can be provided."
}
502 List of supported error codes:
- 1: Internal error
- 3: Bad gateway		 
{
  "code": 1,
  "message": "Bad gateway",
  "description": "A runtime execution error occurs (RaiseFault)."
}
503 List of supported error codes:
- 5: The service is temporarily unavailable
- 6: Orange API is over capacity, retry later !		 
{
  "code": 6,
  "message": "Orange API is over capacity, retry later !",
  "description": "The service faces too much requests and can not handle the call."
}
504 List of supported error codes:
- 6: Gateway timeout		 
{
  "code": 6,
  "message": "Gateway timeout",
  "description": "No response was received in time from a backend server acting as gateway or proxy."
}