Know Your Customer Match wip
OAS 3.0
https://developer.orange.com/ope-contents/channels/87afd7365baec589/offers/1WTJVGFbyquIo5K8/products/F916o32i81C30cH7/contents/swagger/7hLp6TF0mb1vMos3/KYC-Match.Orange-Orange sandbox v0.2.0.yamlThis API provides the customer with the ability to compare the information it (Service Provider, SP) has for a particular mobile phone user with that on file (and verified) by the mobile phone user's Operator in their own KYC records, in order for the SP to confirm the accuracy of the information and provide a specific service to the mobile phone user.
Relevant Definitions and concepts
KYC: stands for Know Your Customer and it is the process of a business verifying the identity of their clients and assessing their suitability, along with the potential risks of illegal intentions towards the business relationship.
Match Score: a numerical value that quantifies the similarity between two pieces of text based on the words they contain. This score is often used in various applications like text comparison, plagiarism detection, information retrieval, and natural language processing. The score typically reflects how well the words in one text match the words in another text. In the context of this API, this score will be used to determine how much does the input information looks like the information stored in the Operator's system. The algorithm used to calculate this value is the Jaro-Winkler Distance Algorithm.
API Functionality
This API allows API clients to verify the matching of a number of attributes related to a customer identity against the account data bound to their phone number. The API is intended to be used in the following scenarios, for example:
To verify the user personal data during the digital registration of an account to a 3rd party service.
To prevent fraud, wrong or imprecise information, and/or facilitate the onboarding of a mobile phone user to a 3rd party service.
The following figure is the generic high-level flows of this API.
Note:
Before calling this API, 3rd parties / enterprise customers who want to use this API should make contact with API provider/ MNO for use of this API. As that will depend on each API provider / MNO's business process as well as GSMA Open Gateway standard process, it is out of scope of this API definition.
When calling this API, at the beginning, there should be required processes for Authentication / Authorisation / End User Consent capturing. As those processes are defined as CAMARA commonality standards, they are out of scope of this API definition, however, use of the OpenID Connect (OIDC) is stated as security scheme.
Resources and Operations overview
The API provides the following endpoint:
- An endpoint to verify the matching of a number of attributes related to a mobile phone user identity against the account data bound to their phone number.
Authorization and authentication
Camara Security and Interoperability Profile provides details on how a client requests an access token.
Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation.
It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
https://camara/orange-lab/kyc-match/v0Server variables
| apiRoot | |
| basePath |
MatchOperations to match a customer identity against the account data bound to their phone number.
Operations to match a customer identity against the account data bound to their phone number.