CAPIF_Security_API

API for CAPIF security management.

OpenAPI

OpenAPI Version: 3.0.0

info

Title: CAPIF_Security_API

Description: This API enables the API publishing function to communicate with the CAPIF core function to publish the service API information and manage the published service API information. This API also enables the API exposing function to communicate with the CAPIF core function to retrieve the security information of an API invoker.

Version: "1.0.0"

externalDocs

Description: 3GPP TS 29.222 V15.2.0 Common API Framework for 3GPP Northbound APIs

URL: http://www.3gpp.org/ftp/Specs/archive/29_series/29.222/

servers

URL: '{apiRoot}/capif-security/v1'

Variables:

API Root:

Default: https://example.com

Description: apiRoot as defined in subclause 7.5 of 3GPP TS 29.222.

paths

/trustedInvokers/{apiInvokerId}

get:

Parameters:

- name: apiInvokerId

In: path

Description: Identifier of an individual API invoker

Required/Optional: true

Schema:

Type: string

- name: authenticationInfo

In: query

Description: When set to 'true', it indicates the CAPIF core function to send the authentication information of the API invoker. Set to false or omitted otherwise.

Schema:

Type: boolean

- name: authorizationInfo

In: query

Description: When set to 'true', it indicates the CAPIF core function to send the authorization information of the API invoker. Set to false or omitted otherwise.

Schema:

Type: boolean

Responses:

'200' The security related information of the API Invoker based on the request from the API exposing function.

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/ServiceSecurity'

'400': Reference 'TS29122_CommonData.yaml#/components/responses/400'

'401': Reference 'TS29122_CommonData.yaml#/components/responses/401'

'403': Reference 'TS29122_CommonData.yaml#/components/responses/403'

'404': Reference 'TS29122_CommonData.yaml#/components/responses/404'

'406': Reference 'TS29122_CommonData.yaml#/components/responses/406'

'414': Reference 'TS29122_CommonData.yaml#/components/responses/414'

'429': Reference 'TS29122_CommonData.yaml#/components/responses/429'

'500': Reference 'TS29122_CommonData.yaml#/components/responses/500'

'503': Reference 'TS29122_CommonData.yaml#/components/responses/503'

default: Reference 'TS29122_CommonData.yaml#/components/responses/default'

put:

Parameters:

- name: apiInvokerId

In: path

Description: Identifier of an individual API invoker

Required/Optional: true

Schema:

Type: string

Request Body:

Description: create a security context for an API invoker

Required/Optional: true

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/ServiceSecurity'

Callbacks:

notificationDestination:

'{request.body#/notificationDestination}':

Method: Post

Request Body:

Required/Optional: true

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/SecurityNotification'

Responses:

'204' No Content (successful notification)

'400': Reference 'TS29122_CommonData.yaml#/components/responses/400'

'401': Reference 'TS29122_CommonData.yaml#/components/responses/401'

'403': Reference 'TS29122_CommonData.yaml#/components/responses/403'

'404': Reference 'TS29122_CommonData.yaml#/components/responses/404'

'411': Reference 'TS29122_CommonData.yaml#/components/responses/411'

'413': Reference 'TS29122_CommonData.yaml#/components/responses/413'

'415': Reference 'TS29122_CommonData.yaml#/components/responses/415'

'429': Reference 'TS29122_CommonData.yaml#/components/responses/429'

'500': Reference 'TS29122_CommonData.yaml#/components/responses/500'

'503': Reference 'TS29122_CommonData.yaml#/components/responses/503'

default: Reference 'TS29122_CommonData.yaml#/components/responses/default'

Responses:

'201' Successful created.

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/ServiceSecurity'

Headers:

Location:

Description: 'Contains the URI of the newly created resource, according to the structure: {apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}'

Required/Optional: true

Schema:

Type: string

'400': Reference 'TS29122_CommonData.yaml#/components/responses/400'

'401': Reference 'TS29122_CommonData.yaml#/components/responses/401'

'403': Reference 'TS29122_CommonData.yaml#/components/responses/403'

'411': Reference 'TS29122_CommonData.yaml#/components/responses/411'

'413': Reference 'TS29122_CommonData.yaml#/components/responses/413'

'414': Reference 'TS29122_CommonData.yaml#/components/responses/414'

'415': Reference 'TS29122_CommonData.yaml#/components/responses/415'

'429': Reference 'TS29122_CommonData.yaml#/components/responses/429'

'500': Reference 'TS29122_CommonData.yaml#/components/responses/500'

'503': Reference 'TS29122_CommonData.yaml#/components/responses/503'

default: Reference 'TS29122_CommonData.yaml#/components/responses/default'

delete:

Parameters:

- name: apiInvokerId

In: path

Description: Identifier of an individual API invoker

Required/Optional: true

Schema:

Type: string

Responses:

'204' No Content (Successful deletion of the existing subscription)

'400': Reference 'TS29122_CommonData.yaml#/components/responses/400'

'401': Reference 'TS29122_CommonData.yaml#/components/responses/401'

'403': Reference 'TS29122_CommonData.yaml#/components/responses/403'

'404': Reference 'TS29122_CommonData.yaml#/components/responses/404'

'429': Reference 'TS29122_CommonData.yaml#/components/responses/429'

'500': Reference 'TS29122_CommonData.yaml#/components/responses/500'

'503': Reference 'TS29122_CommonData.yaml#/components/responses/503'

default: Reference 'TS29122_CommonData.yaml#/components/responses/default'

/trustedInvokers/{apiInvokerId}/update

Method: Post

Parameters:

- name: apiInvokerId

In: path

Description: Identifier of an individual API invoker

Required/Optional: true

Schema:

Type: string

Request Body:

Description: Update the security context (e.g. re-negotiate the security methods).

Required/Optional: true

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/ServiceSecurity'

Responses:

'200' Successful updated.

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/ServiceSecurity'

'400': Reference 'TS29122_CommonData.yaml#/components/responses/400'

'401': Reference 'TS29122_CommonData.yaml#/components/responses/401'

'403': Reference 'TS29122_CommonData.yaml#/components/responses/403'

'404': Reference 'TS29122_CommonData.yaml#/components/responses/404'

'411': Reference 'TS29122_CommonData.yaml#/components/responses/411'

'413': Reference 'TS29122_CommonData.yaml#/components/responses/413'

'415': Reference 'TS29122_CommonData.yaml#/components/responses/415'

'429': Reference 'TS29122_CommonData.yaml#/components/responses/429'

'500': Reference 'TS29122_CommonData.yaml#/components/responses/500'

'503': Reference 'TS29122_CommonData.yaml#/components/responses/503'

default: Reference 'TS29122_CommonData.yaml#/components/responses/default'

/trustedInvokers/{apiInvokerId}/delete

Method: Post

Parameters:

- name: apiInvokerId

In: path

Description: Identifier of an individual API invoker

Required/Optional: true

Schema:

Type: string

Request Body:

Description: Revoke the authorization of the API invoker for APIs.

Required/Optional: true

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/SecurityNotification'

Responses:

'204' Successful revoked.

'400': Reference 'TS29122_CommonData.yaml#/components/responses/400'

'401': Reference 'TS29122_CommonData.yaml#/components/responses/401'

'403': Reference 'TS29122_CommonData.yaml#/components/responses/403'

'404': Reference 'TS29122_CommonData.yaml#/components/responses/404'

'411': Reference 'TS29122_CommonData.yaml#/components/responses/411'

'413': Reference 'TS29122_CommonData.yaml#/components/responses/413'

'415': Reference 'TS29122_CommonData.yaml#/components/responses/415'

'429': Reference 'TS29122_CommonData.yaml#/components/responses/429'

'500': Reference 'TS29122_CommonData.yaml#/components/responses/500'

'503': Reference 'TS29122_CommonData.yaml#/components/responses/503'

default: Reference 'TS29122_CommonData.yaml#/components/responses/default'

/securities/{securityId}/token

Method: Post

Parameters:

- name: securityId

In: path

Description: Identifier of an individual security instance

Required/Optional: true

Schema:

Type: string

Request Body:

Required/Optional: true

Content:

application/x-www-form-urlencoded:

Schema:

Reference: '#/components/schemas/AccessTokenReq'

Responses:

'200' Successful Access Token Request

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/AccessTokenRsp'

'400' Error in the Access Token Request

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/AccessTokenErr'

components

schemas

ServiceSecurity

Type: object

Properties:

securityInfo:

Type: array

Items:

Reference: '#/components/schemas/SecurityInformation'

Minimum: 1

notificationDestination:

Reference: 'TS29122_CommonData.yaml#/components/schemas/Uri'

requestTestNotification:

Type: boolean

Description: Set to true by API invoker to request the CAPIF core function to send a test notification as defined in in subclause 7.6. Set to false or omitted otherwise.

websockNotifConfig:

Reference: 'TS29122_CommonData.yaml#/components/schemas/WebsockNotifConfig'

supportedFeatures:

Reference: 'TS29571_CommonData.yaml#/components/schemas/SupportedFeatures'

Required:

- securityInfo

- securityNotificationDestination

SecurityInformation

Type: object

Properties:

interfaceDetails:

Reference: 'TS29222_CAPIF_Publish_Service_API.yaml#/components/schemas/InterfaceDescription'

aefId:

Type: string

Description: Identifier of the API exposing function

prefSecurityMethods:

Type: array

Items:

Reference: 'TS29222_CAPIF_Publish_Service_API.yaml#/components/schemas/SecurityMethod'

minItems: 1

Description: Security methods preferred by the API invoker for the API interface.

selSecurityMethod:

Reference: 'TS29222_CAPIF_Publish_Service_API.yaml#/components/schemas/SecurityMethod'

authenticationInfo:

Type: string

Description: Authentication related information

authorizationInfo:

Type: string

Description: Authorization related information

Required:

- prefSecurityMethods

oneOf:

- required: [interfaceDetails]

- required: [aefId]

SecurityNotification

Type: object

Properties:

apiInvokerId:

Type: string

Description: String identifying the API invoker assigned by the CAPIF core function

aefId:

Type: string

Description: String identifying the AEF.

apiIds:

Type: array

Items:

Type: string

minItems: 1

Description: Identifier of the service API

cause:

Reference: '#/components/schemas/Cause'

Required:

- apiInvokerId

- apiIds

- cause

AccessTokenReq

format: x-www-form-urlencoded

Properties:

grant_type:

Type: string

enum:

- client_credentials

client_id:

Type: string

client_secret:

Type: string

scope:

Type: string

Required:

- grant_type

- client_id

AccessTokenRsp

Type: object

Properties:

access_token:

Type: string

Description: JWS Compact Serialized representation of JWS signed JSON object (AccessTokenClaims)

token_type:

Type: string

enum:

- Bearer

expires_in:

Reference: 'TS29122_CommonData.yaml#/components/schemas/DurationSec'

scope:

Type: string

Required:

- access_token

- token_type

- expires_in

AccessTokenClaims

Type: object

Properties:

iss:

Type: string

scope:

Type: string

exp:

Reference: 'TS29122_CommonData.yaml#/components/schemas/DurationSec'

Required:

- iss

- scope

- exp

AccessTokenErr

Type: object

Properties:

error:

Type: string

enum:

- invalid_request

- invalid_client

- invalid_grant

- unauthorized_client

- unsupported_grant_type

- invalid_scope

error_description:

Type: string

error_uri:

Type: string

Required:

- error

Cause

anyOf:

- type: string

This string provides forward-compatibility with future

extensions to the enumeration but is not used to encode

content defined in the present version of this API.

Possible values are

- OVERLIMIT_USAGE: The revocation of the authorization of the API invoker is due to the overlimit usage of the service API

- UNEXPECTED_REASON: The revocation of the authorization of the API invoker is due to unexpected reason.