Quality-On-Demand 0.11.0
OAS 3.0
https://developer.orange.com/ope-contents/channels/87afd7365baec589/offers/gVHeb0HAZD5yZpVV/products/ogE9s4HxIFVvcu4u/contents/swagger/WbtRJk2OgGgSRx5S/quality-on-demand.v0.11.0.OD.yamlThe Quality-On-Demand (QoD) API provides programmable interface for developers and other users (capabilities consumers) to request stable latency or throughput managed by Telco networks without the necessity to have an in-depth knowledge of the 4G/5G system or the overall complexity of the Telecom Systems.
Introduction
Industrial (IoT), VR/Gaming, live video streaming, autonomous driving and many other scenarios demand network communication quality and are sensitive to any change in transmission conditions. Being able to request a stable latency (reduced jitter) or prioritized throughput from the network can improve user experience substantially.
The QoD API offers the application developers the capability to request for stable latency (reduced jitter) or throughput for some specified application data flows between application clients (within a user device) and Application Servers (backend services). The developer has a pre-defined set of Quality of Service (QoS) profiles which they could choose from depending on their latency or throughput requirements.
The usage of the API is based on QoS session resources, which can be created (based on available QoS profiles), queried and deleted. The deletion of a requested session can be triggered by the API consumer or can be triggered automatically once the QoS session has reached its limit.
Relevant terms and definitions
QOD service endpoint: The URL pointing to the RESTful resource of the QoD API.
Authentication: Security access keys such as OAuth 2.0 client credentials used by client applications to invoke the QoD API.
QoS profiles and QoS profile labels: Latency, throughput or priority requirements of the application mapped to relevant QoS profile values. The set of QoS Profiles that a network operator is offering may be retrieved via the
qos-profilesAPI (cf. https://github.com/camaraproject/QualityOnDemand/) or will be agreed during the onboarding with the API service provider.Identifier for the device: At least one identifier for the device (user equipment) out of four options: IPv4 address, IPv6 address, Phone number, or Network Access Identifier assigned by the mobile network operator for the device. Note: Network Access Identifier is defined for future use and will not be supported with v0.11.0 of the API.
Identifier for the application server: IPv4 and/or IPv6 address of the application server (application backend)
App-Flow (between the application client and application server): The precise application data flow the developer wants to prioritize and have stable latency or throughput for. This flow is in the current API version determined by the identifiers used for the device and the application server. And it can be further elaborated with details such as ports or port-ranges. Future version of the API might allow more detailed flow identification features.
Duration: Duration (in seconds) for which the QoS session (between application client and application server) should be created. Limits for session duration can be set by the implementation for the QoS profile. The user may request a termination before its expiration.
Notification URL and token: Developers may provide a callback URL (
sink) on which notifications about all status change events (eg. provisioning termination) can be received from the service provider. This is an optional parameter. The notification will be sent as a CloudEvent compliant message. Ifsinkis included, it is RECOMMENDED for the client to provide as well thesinkCredentialproperty to protect the notification endpoint. In the current version,sinkCredential.credentialTypeMUST be set toACCESSTOKENif provided.
API functionality
The usage of the QoD API is based on QoS profile classes and parameters which define App-Flows. Based on the API, QoS session resources can be created, queried, and deleted. Once an offered QoS profile class is requested, application users get a prioritized service with stable latency or throughput even in the case of congestion. The QoD API has the following characteristics:
- A specified App-Flow is prioritized to ensure stable latency or throughput for that flow.
- The prioritized App-Flow is described by providing information such as device IP address (or other device identifier) & application server IP addresses and port/port-ranges.
- The developer specifies the duration for which they need the prioritized App-flow.
- Stable latency or throughput is requested by selecting from the list of QoS profiles made available by the service provider (e.g. QOS_E) to map latency and throughput requirements.
- The developer can optionally also specify callback URL (
sinkparam) on which notifications for the session can be sent.
Following diagram shows the interaction between different components
Authorization and Authentication
Camara Security and Interoperability Profile provides details on how a client requests an access token.
Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
Identifying a device from the access token
This specification defines the device object field as optional in API requests, specifically in cases where the API is accessed using a 3-legged access token, and the device can be uniquely identified by the token. This approach simplifies API usage for API consumers by relying on the device information associated with the access token used to invoke the API.
Handling of device information:
Optional device object for 3-legged tokens:
- When using a 3-legged access token, the device associated with the access token must be considered as the device for the API request. This means that the device object is not required in the request, and if included it must identify the same device, therefore it is recommended NOT to include it in these scenarios to simplify the API usage and avoid additional validations.
Validation mechanism:
- The server will extract the device identification from the access token, if available.
- If the API request additionally includes a
deviceobject when using a 3-legged access token, the API will validate that the device identifier provided matches the one associated with the access token. - If there is a mismatch, the API will respond with a 403 - INVALID_TOKEN_CONTEXT error, indicating that the device information in the request does not match the token.
Error handling for unidentifiable devices:
- If the
deviceobject is not included in the request and the device information cannot be derived from the 3-legged access token, the server will return a 422UNIDENTIFIABLE_DEVICEerror.
Restrictions for tokens without an associated authenticated identifier:
- For scenarios which do not have a single device identifier associated to the token during the authentication flow, e.g. 2-legged access tokens, the
deviceobject MUST be provided in the API request. This ensures that the device identification is explicit and valid for each API call made with these tokens.
Further info and support
(FAQs will be added in a later version of the documentation)
https://api.orange.com/camara/orange-lab/quality-on-demand/v0.11Server variables
| apiRoot | |
| basePath |
QoS SessionsManage QoS sessions
Manage QoS sessions