diff --git a/code/API_definitions/device-reachability-status.yaml b/code/API_definitions/device-reachability-status.yaml index 948fbcf..07243a2 100644 --- a/code/API_definitions/device-reachability-status.yaml +++ b/code/API_definitions/device-reachability-status.yaml @@ -2,7 +2,7 @@ openapi: 3.0.3 info: title: Device Reachability Status description: | - This API provides the customer with the ability to query device reachability status. + This API provides the API consumer with the ability to query device reachability status. # Introduction @@ -13,7 +13,7 @@ info: ## Relevant terms and definitions * **Device**: A device refers to any physical entity that can connect to a network and participate in network communication. - At least one identifier for the device (user equipment) out of four options: IPv4 address, IPv6 address, Phone number, or Network Access Identifier assigned by the mobile network operator for the device. + At least one identifier for the device (user equipment) out of four options: IPv4 address, IPv6 address, Phone number, or Network Access Identifier (not supported for this API version) assigned by the mobile network operator for the device. * **Reachability** : Reachability status. - `CONNECTED_SMS`, if device is connected to the network only via SMS usage @@ -30,14 +30,14 @@ info: The endpoint `POST /retrieve` allows to get current connectivity status information synchronously. - # Authorization and authentication + ### Authorization and authentication - [Camara Security and Interoperability Profile](https://github.com/camaraproject/IdentityAndConsentManagement/blob/main/documentation/CAMARA-Security-Interoperability.md) provides details on how a client requests an access token. + The "Camara Security and Interoperability Profile" provides details on how a client requests an access token. Please refer to Identify and Consent Management (https://github.com/camaraproject/IdentityAndConsentManagement/) for the released version of the Profile. Which specific authorization flows are to be used will be determined during onboarding process, happening between the API Client and the Telco Operator exposing the API, taking into account the declared purpose for accessing the API, while also being subject to the prevailing legal framework dictated by local legislation. It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control. - + # Identifying a device from the access token This specification defines the `device` object field as optional in API requests, specifically in cases where the API is accessed using a 3-legged access token, and the device can be uniquely identified by the token. This approach simplifies API usage for API consumers by relying on the device information associated with the access token used to invoke the API.