Device Location Retrieval 0.3.0
OAS 3.0
https://developer.orange.com/ope-contents/channels/87afd7365baec589/offers/kDSbOYCTWnAg6QJb/products/LiEVDSD2qJ7CCOFd/contents/swagger/WfOR2a8FcfWJAPZ1/location-retrieval.v0.3.0.OD.yamlThis API provides the ability to retrieve a device location.
Introduction
With this API, API consumers can retrieve the area where a certain user device is localized. The area provided in the response could be described:
- by a circle determined by coordinates (latitude and longitude) and a radius.
- by a simple polygon delimited by segments connecting consecutively an array of coordinates (points). The last point connects to the first point to delimit a closed shape bounded with straight sides.
The retrieved shape depends on the network conditions at the device's location and any of the supported shapes could be received.
The requester could optionally ask for a freshness of the localization information by providing a maxAge ("I want a location not older than 600 seconds").
The result accuracy depends on the network's ability and accuracy to locate the device.
Additionally to location information, the answer will also provide indication about the location time.
Location retrieval API could be useful in scenarios such as:
Fraud protection to ensure a given user is located in the region, country or location authorized for financial transactions
Verify the GPS coordinates reported by the app on a device to ensure the GPS was not faked e.g. for content delivery with regional restrictions
Contextual-based advertising, to trigger advertising after verifying the device is in the area of interest
Smart Mobility (Vehicle/bikes renting): obtain the location of a vehicle/bike to guarantee they are rented correctly
Note: Location is in most jurisdictions considered to be sensitive data and thereby consent by device owner/user must be verified before providing it to the developer.
Relevant terms and definitions
Device: A device refers to any physical entity that can connect to a network and participate in network communication.
Area: It specifies the geographical surface where a device may be physically located.
Max Age: Maximum age of the location information which is accepted for the location retrieval (in seconds).
- Absence of
maxAgemeans that "any age" is acceptable for the client. In other words, this is likemaxAge=infinite. The system will returnlastLocationTimein the response. If the system is not able to provide location, an error 404 with code LOCATION_RETRIEVAL.DEVICE_NOT_FOUND is sent back. maxAge=0 means that a fresh calculation is requested by the client. If the system is not able to provide the fresh location, an error 422 with code LOCATION_RETRIEVAL.UNABLE_TO_FULFILL_MAX_AGE is sent back.
- Absence of
Last Location Time : Last date and time when the device was localized.
API Functionality
The API exposes a single endpoint/operation:
/retrieve: Retrieve where the device is localized. The operation returns:- a localization defined either as a circle, with the center specified by the latitude and longitude, and a radius for answer accuracy, or as polygon defined by the array of points delimiting its boundary.
- a timestamp with the location information freshness.
Authorization and authentication
The "Camara Security and Interoperability Profile" provides details on how a client requests an access token. Please refer to Identify and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the Profile.
Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the API Provider, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
Identifying a device from the access token
This specification defines the device object field as optional in API requests, specifically in cases where the API is accessed using a 3-legged access token, and the device can be uniquely identified by the token. This approach simplifies API usage for API consumers by relying on the device information associated with the access token used to invoke the API.
Handling of device information:
Optional device object for 3-legged tokens:
- When using a 3-legged access token, the device associated with the access token must be considered as the device for the API request. This means that the device object is not required in the request, and if included it must identify the same device, therefore it is recommended NOT to include it in these scenarios to simplify the API usage and avoid additional validations.
Validation mechanism:
- The server will extract the device identification from the access token, if available.
- If the API request additionally includes a
deviceobject when using a 3-legged access token, the API will validate that the device identifier provided matches the one associated with the access token. - If there is a mismatch, the API will respond with a 403 - INVALID_TOKEN_CONTEXT error, indicating that the device information in the request does not match the token.
Error handling for unidentifiable devices:
- If the
deviceobject is not included in the request and the device information cannot be derived from the 3-legged access token, the server will return a 422UNIDENTIFIABLE_DEVICEerror.
Restrictions for tokens without an associated authenticated identifier:
- For scenarios which do not have a single device identifier associated to the token during the authentication flow, e.g. 2-legged access tokens, the
deviceobject MUST be provided in the API request. This ensures that the device identification is explicit and valid for each API call made with these tokens.
Further info and support
(FAQs will be added in a later version of the documentation)
https://api.orange.com/camara/orange-lab/location-retrieval/v0.3Server variables
| apiRoot | |
| basePath |
Location retrievalRetrieve the location of a device
Retrieve the location of a device