Getting started
Disclaimer (sandboxed version)
This CAMARA Sandbox - SimSwap - Orange lab API is a sandboxed version of the production-grade CAMARA - SimSwap API.
It is running in our lab, against a small list of lab-specific mobile devices (see list of phone number available for test below).
This API could be suspended or upgraded any time without any notice.
Introduction
The CAMARA SimSwap API performs real-time checks on the activation date of a SIM card on the Orange mobile network. It reveals if an individual mobile line has been ported to another SIM card.
Subscribe to the API
You get the Authorization header credentials when you register your application on the Orange Developer Console.
API Authentication
Note: In production environment the SimSwap API will require a 3-Legged OAuth 2.0 flow but as this implementation is provided on Orange Lab, the API works with a 2-Legged OAuth.
HTTPS requests to the REST API are protected with 2-Legged OAuth. To learn more about how Orange Developer handles authentication, please refer to our documentation.
In short, you will use your Orange Developer Authorization header as authorization_header for the Basic authentication with Orange Developer.
curl -X POST \
-H "Authorization: {{ authorization_header }}" \
-d "grant_type=client_credentials" \
https://api.orange.com/oauth/v3/token
In response, you will get an access_token.
{
"token_type": "Bearer",
"access_token": "66AeYJF8eJQ...2SjkFg9LB1LePC",
"expires_in": "3600"
}
API Description
Summary of resources
This API has two resource check and retrieve-date
Only check resource is available in Orange Lab implementation
Summary of methods and URL
| Use case of operation | URL method |
|---|---|
| I want to check if the mobile line (identified with a msisdn) has changed sim from now -(max-age) to now. | POST "https://api.orange.com/camara/sim-swap/ofr/v0/check |
| I want to get last sim swap date for a mobile line (identified with a msisdn) - Not provided in current implementation | POST "https://api.orange.com/camara/sim-swap/ofr/v0/retrieve-date |
Summary of request body parameters
As only check resource is provided, following documentation will only cover this resource.
| Name | Description | Type | Mandatory |
|---|---|---|---|
| phoneNumber | Subscriber number in E.164 format (starting with country code). Optionally prefixed with '+' | string | Yes |
| maxAge | Defines the period to be checked; This period is from now - max_age to now. If 240 is passed, server will check if a sim swap was performed on this last during last 10 days (240 hours) | integer | No |
Lab implementation specific:
Following phone number must be used (other will not work). Additionally in order to get interesting test case the sim swap latest date is hard-coded in our system.
| Phone Number | sim swap date |
|---|---|
| 33699901031 | current time -2 hours |
| 33699901032 | current time -12 hours |
| 33699901033 | current time -5 years |
| 33699901034 | current time -5 years |
| 33699901035 | current time -50 hours |
| 33699901036 | current time -50 hours |
| 33699901037 | current time -100 days |
| 33699901038 | current time -100 days |
| 33699901039 | current time -5 years |
| 33699901040 | current time -5 years |
Request mobile sim swap check (from msisdn)
Request
curl -X POST "https://api.orange.com/camara/sim-swap/ofr/v0/check"
-H "Authorization: Bearer {your access token}"
-H "Cache-Control: no-cache"
-H 'accept: application/json'
-H 'Content-Type: application/json'
-d '{
"phoneNumber": "33699901031",
"maxAge": 240
}
Response
200
Content-Type: application/json
{
"swapped": false
}
Fields description
The response features only one attribute: swapped.
This attribute is boolean indicating if a sim swap has been done during the provided checking period.
Most frequent errors
If invalid or incomplete input are provided - in particular for the max_age (should between 1 to 2160) a 400 error is triggered.
HTTP/1.1 400 Error: bad Request
Content-Type: application/json
{
"code": "INVALID_INPUT",
"status": "400",
"message": "[checkSimSwap.createCheckSimSwap.maxAge: must be less than or equal to 2160]"
}
If the msisdn is not managed by Orange lab, error code 404 is retrieved.
HTTP/1.1 404 Error: Resource Not Found
Content-Type: application/json
{
"code": "SIM_SWAP.UNKNOWN_PHONE_NUMBER",
"status": "404",
"message": "SIM Swap can't be checked because the phone number is unknown."
}
There are some cases where your client application will no longer gain access to API resources, and get an error back.
Please check the following points:
- Here, you attempt to use an expired or revoked access_token and you get an invalid token error. You will have to request a new access_token. As an example:
HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
"code": "UNAUTHORIZED",
"message": "Authorization failed: ..."
}
- Here, you removed your subscription to the API so that the capability to generate an access_token is not allowed anymore. As an example:
HTTP/1.1 403 Forbidden
Content-Type: application/json
{
"code": "FORBIDDEN",
"message": "Operation not allowed: ..."
}
Looking for support ?
Facing technical issue when using this API ? please contact us
History of document
| Version of the document | modification date | description of modifications |
|---|---|---|
| 1.0 | 28/11/2023 | initialization by Orange CAMARA APIs team |