Network Info Spain
Protect your business against identity theft and fraud by cross-checking users’ device and network details with Mobile Connect.

The Network Info Spain API gives you information for Orange customers authenticating on your service through the Orange Authentication API. Orange provides a transactional confidence score based on contextual risk factors. Rationale:

  • Better SP decision making and growing scale of business
  • Provision of basic signals that can help an SP in spotting potential fraudulent behaviour
  • Allows SP to process more transactions that would otherwise have failed a risk assessment

Applicable user stories:

  • Conditional authentication for banking
  • Conditional authorization for payment

You will need the end-user's consent in order to access his information. A dedicated UI is provided with the Orange Authentication API.

Before starting

Our Network Info Spain API requires a 3-legged authentication with our OpenID Connect platform. Please follow the method described here, with network_info scope, in order to get an access token that will be granted to retrieve end-user's claims.

Retrieve Orange customer's information

You need a valid access token to invoke the Network Info Spain API. This access token must be provided in the HTTP Authorization header:

curl -X GET \
    -H "Authorization: {authorization_header}" \

As an example:

curl -X GET -H "Authorization: Bearer OES-948ef...d5de1f4" 
a/ If the transaction succeed

In the context of the Network Info Spain API, the network_info scope gives permissions to the following claims only:

substringSubject - Issuer identifier for the end-user.
updated_atnumberTime the end-user's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
localestringThe native language of the user [BCP47]. E.g: en-US.
subscriber_msisdnstringUser's mobile number linked to his Orange subscription [E.164].
phone_numberstringEnd-user's preferred telephone number (E.164).
phone_number_country_codeintegerE.164 Country Code for the user’s phone number.
MNO_namestringMNO name.
MNO_typestringMNO type: MNO or MVNO.
MNO_idstringMCC/MNC format.
line_typestringLine type: Mobile or Landline.
customer_typestringCustomer type: Corporate or Personal.
contract_startstringAccount registration date [YYYY-MM-DD].
account_statusstringAccount status: Active or Inactive or Suspended.
device_changestring(optional) Indicates if the device has been changed in the last 48hrs and whether the reason is known. Supported values: Verified, Unverified or False.
device_vendorstringDevice vendor.
device_modelstringDevice model; option of also providing device model year.
device_firmwarestring(optional) Device firmware.
device_TACinteger(optional) Device TAC code.
device_capabilitiesstring(optional) Range of device capabilities (screen size/resolution, 3G/4G, SMS enabled, MMS enabled, etc.).
IMEI_hashdouble(optional) Numeric hash of IMEI number.

On success, the PremiumInfo request returns a 200 OK HTTP status code with JSON data containing requested claims about the end-user.

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 486
Cache-Control: no-store
Pragma: no-cache

  "sub": "PBYJJF-200-DwltrLnXq+7jwTQEkOx9Z9jelg0t0NQrxWFasUgUgEs=",
  "updated_at": 1433551702,
  "locale": "es-ES",
  "subscriber_msisdn": "+34712345678",
  "phone_number": "+34712345678"
  "phone_number_country_code": 34,
  "MNO_name": "Orange"
  "MNO_type": "MNO",
  "MNO_id": "214/03",
  "line_type": "Mobile"
  "customer_type": "Personal",
  "contract_start": "2012-04-15",
  "account_status": "Active",
  "device_vendor": "Nokia",
  "device_model": "Lumia 735"
b/ If the transaction failed

In case of error, the PremiumInfo endpoint returns an error response (JSON format) with the following information:

  • code (required): single ASCII error code
  • message (required): short localized string that describes the error.
  • description (optional): human-readable ASCII text providing additional information, used to assist the developer in understanding the error that occurred.

If the access_token is missing, a 401 Unauthorized HTTP status code is returned.

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8

   "code": 40,
   "message": "Missing or invalid credentials",
   "description": "The requested service needs credentials, but the ones provided were invalid or missing."

If the access_token is expired, revoked or invalid, a 401 Unauthorized HTTP status code is returned. In that case, you'll have to renew the access token.

HTTP/1.1 401 Unauthorized
Content-Type: application/json; charset=utf-8

    "code": 41, 
    "message": "Invalid credentials", 
    "description": "access token resource OES-948ef...d5de1f4 not found"

See API Reference section for the exhaustive list of error codes.