Device Roaming Status 0.6.1
OAS 3.0
https://developer.orange.com/ope-contents/channels/87afd7365baec589/offers/Bhk934AZGTDXWDcY/products/oclzIlChgaLUaIWl/contents/swagger/y3iWxyCvvnWZy77X/device-roaming-status.yamlThis API provides the API consumer with the ability to query device roaming Status
Introduction
Roaming Status
API consumer is able to verify whether a certain user device is in roaming situation (or not).
The verification of the roaming situation depends on the network's ability. Additionally to the roaming status, when the device is in roaming situation, visited country information could be returned in the response.
Possible Use-Cases
Roaming status verification could be useful in scenario such as (not exhaustive):
- For regulatory reasons, where a customer may need to be within a certain jurisdiction, or out with others, in order for transactions to be authorized
- For security / fraud reasons, to establish that a customer is located where they claim to be
- For service delivery reasons, to ensure that the customer has access to particular service, and will not incur roaming charges in accessing them
Relevant terms and definitions
Device: A device refers to any physical entity that can connect to a network and participate in network communication. At least one identifier for the device (user equipment) out of four options: IPv4 address, IPv6 address, Phone number, or Network Access Identifier (not supported for this API version) assigned by the mobile network operator for the device.
Roaming : Roaming status -
true
, if device is in roaming situation -false
else.Country : Country code and name - visited country information, provided if the device is in roaming situation.
LastStatusTime : This property specifies the time when the status was last updated. Its presence in the response indicates the freshness of the information, while its absence implies the information may be outdated or its freshness is uncertain.
API Functionality
The API exposes following capabilities:
Device roaming situation
The endpoint POST /retrieve
allows to get roaming status and country information (if device in roaming situation) synchronously.
Authorization and authentication
The "Camara Security and Interoperability Profile" provides details on how a client requests an access token. Please refer to Identify and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the Profile.
Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
Identifying a device from the access token
This specification defines the device
object field as optional in API requests, specifically in cases where the API is accessed using a 3-legged access token, and the device can be uniquely identified by the token. This approach simplifies API usage for API consumers by relying on the device information associated with the access token used to invoke the API.
Handling of device information:
Optional device object for 3-legged tokens:
- When using a 3-legged access token, the device associated with the access token must be considered as the device for the API request. This means that the device object is not required in the request, and if included it must identify the same device, therefore it is recommended NOT to include it in these scenarios to simplify the API usage and avoid additional validations.
Validation mechanism:
- The server will extract the device identification from the access token, if available.
- If the API request additionally includes a
device
object when using a 3-legged access token, the API will validate that the device identifier provided matches the one associated with the access token. - If there is a mismatch, the API will respond with a 403 - INVALID_TOKEN_CONTEXT error, indicating that the device information in the request does not match the token.
Error handling for unidentifiable devices:
- If the
device
object is not included in the request and the device information cannot be derived from the 3-legged access token, the server will return a 422UNIDENTIFIABLE_DEVICE
error.
Restrictions for tokens without an associated authenticated identifier:
- For scenarios which do not have a single device identifier associated to the token during the authentication flow, e.g. 2-legged access tokens, the
device
object MUST be provided in the API request. This ensures that the device identification is explicit and valid for each API call made with these tokens.
Further info and support
(FAQs will be added in a later version of the documentation)
https://api.orange.com/camara/playground/api/device-reachability-status/v0.6/device-roaming-status/v0.6
Server variables
apiRoot |
Roaming status retrievalOperation to get device roaming status and country information (if roaming) synchronously
Operation to get device roaming status and country information (if roaming) synchronously