openapi: 3.0.0
info:
title: CAPIF_Security_API
description: This API enables the API publishing function to communicate with the CAPIF core function to publish the service API information and manage the published service API information. This API also enables the API exposing function to communicate with the CAPIF core function to retrieve the security information of an API invoker.
version: "1.0.0"
externalDocs:
description: 3GPP TS 29.222 V15.2.0 Common API Framework for 3GPP Northbound APIs
url: http://www.3gpp.org/ftp/Specs/archive/29_series/29.222/
servers:
- url: '{apiRoot}/capif-security/v1'
variables:
apiRoot:
default: https://example.com
description: apiRoot as defined in subclause 7.5 of 3GPP TS 29.222.
paths:
/trustedInvokers/{apiInvokerId}:
get:
parameters:
- name: apiInvokerId
in: path
description: Identifier of an individual API invoker
required: true
schema:
type: string
- name: authenticationInfo
in: query
description: When set to 'true', it indicates the CAPIF core function to send the authentication information of the API invoker. Set to false or omitted otherwise.
schema:
type: boolean
- name: authorizationInfo
in: query
description: When set to 'true', it indicates the CAPIF core function to send the authorization information of the API invoker. Set to false or omitted otherwise.
schema:
type: boolean
responses:
'200':
description: The security related information of the API Invoker based on the request from the API exposing function.
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceSecurity'
'400':
$ref: 'TS29122_CommonData.yaml#/components/responses/400'
'401':
$ref: 'TS29122_CommonData.yaml#/components/responses/401'
'403':
$ref: 'TS29122_CommonData.yaml#/components/responses/403'
'404':
$ref: 'TS29122_CommonData.yaml#/components/responses/404'
'406':
$ref: 'TS29122_CommonData.yaml#/components/responses/406'
'414':
$ref: 'TS29122_CommonData.yaml#/components/responses/414'
'429':
$ref: 'TS29122_CommonData.yaml#/components/responses/429'
'500':
$ref: 'TS29122_CommonData.yaml#/components/responses/500'
'503':
$ref: 'TS29122_CommonData.yaml#/components/responses/503'
default:
$ref: 'TS29122_CommonData.yaml#/components/responses/default'
put:
parameters:
- name: apiInvokerId
in: path
description: Identifier of an individual API invoker
required: true
schema:
type: string
requestBody:
description: create a security context for an API invoker
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceSecurity'
callbacks:
notificationDestination:
'{request.body#/notificationDestination}':
post:
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SecurityNotification'
responses:
'204':
description: No Content (successful notification)
'400':
$ref: 'TS29122_CommonData.yaml#/components/responses/400'
'401':
$ref: 'TS29122_CommonData.yaml#/components/responses/401'
'403':
$ref: 'TS29122_CommonData.yaml#/components/responses/403'
'404':
$ref: 'TS29122_CommonData.yaml#/components/responses/404'
'411':
$ref: 'TS29122_CommonData.yaml#/components/responses/411'
'413':
$ref: 'TS29122_CommonData.yaml#/components/responses/413'
'415':
$ref: 'TS29122_CommonData.yaml#/components/responses/415'
'429':
$ref: 'TS29122_CommonData.yaml#/components/responses/429'
'500':
$ref: 'TS29122_CommonData.yaml#/components/responses/500'
'503':
$ref: 'TS29122_CommonData.yaml#/components/responses/503'
default:
$ref: 'TS29122_CommonData.yaml#/components/responses/default'
responses:
'201':
description: Successful created.
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceSecurity'
headers:
Location:
description: 'Contains the URI of the newly created resource, according to the structure: {apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}'
required: true
schema:
type: string
'400':
$ref: 'TS29122_CommonData.yaml#/components/responses/400'
'401':
$ref: 'TS29122_CommonData.yaml#/components/responses/401'
'403':
$ref: 'TS29122_CommonData.yaml#/components/responses/403'
'411':
$ref: 'TS29122_CommonData.yaml#/components/responses/411'
'413':
$ref: 'TS29122_CommonData.yaml#/components/responses/413'
'414':
$ref: 'TS29122_CommonData.yaml#/components/responses/414'
'415':
$ref: 'TS29122_CommonData.yaml#/components/responses/415'
'429':
$ref: 'TS29122_CommonData.yaml#/components/responses/429'
'500':
$ref: 'TS29122_CommonData.yaml#/components/responses/500'
'503':
$ref: 'TS29122_CommonData.yaml#/components/responses/503'
default:
$ref: 'TS29122_CommonData.yaml#/components/responses/default'
delete:
parameters:
- name: apiInvokerId
in: path
description: Identifier of an individual API invoker
required: true
schema:
type: string
responses:
'204':
description: No Content (Successful deletion of the existing subscription)
'400':
$ref: 'TS29122_CommonData.yaml#/components/responses/400'
'401':
$ref: 'TS29122_CommonData.yaml#/components/responses/401'
'403':
$ref: 'TS29122_CommonData.yaml#/components/responses/403'
'404':
$ref: 'TS29122_CommonData.yaml#/components/responses/404'
'429':
$ref: 'TS29122_CommonData.yaml#/components/responses/429'
'500':
$ref: 'TS29122_CommonData.yaml#/components/responses/500'
'503':
$ref: 'TS29122_CommonData.yaml#/components/responses/503'
default:
$ref: 'TS29122_CommonData.yaml#/components/responses/default'
/trustedInvokers/{apiInvokerId}/update:
post:
parameters:
- name: apiInvokerId
in: path
description: Identifier of an individual API invoker
required: true
schema:
type: string
requestBody:
description: Update the security context (e.g. re-negotiate the security methods).
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceSecurity'
responses:
'200':
description: Successful updated.
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceSecurity'
'400':
$ref: 'TS29122_CommonData.yaml#/components/responses/400'
'401':
$ref: 'TS29122_CommonData.yaml#/components/responses/401'
'403':
$ref: 'TS29122_CommonData.yaml#/components/responses/403'
'404':
$ref: 'TS29122_CommonData.yaml#/components/responses/404'
'411':
$ref: 'TS29122_CommonData.yaml#/components/responses/411'
'413':
$ref: 'TS29122_CommonData.yaml#/components/responses/413'
'415':
$ref: 'TS29122_CommonData.yaml#/components/responses/415'
'429':
$ref: 'TS29122_CommonData.yaml#/components/responses/429'
'500':
$ref: 'TS29122_CommonData.yaml#/components/responses/500'
'503':
$ref: 'TS29122_CommonData.yaml#/components/responses/503'
default:
$ref: 'TS29122_CommonData.yaml#/components/responses/default'
/trustedInvokers/{apiInvokerId}/delete:
post:
parameters:
- name: apiInvokerId
in: path
description: Identifier of an individual API invoker
required: true
schema:
type: string
requestBody:
description: Revoke the authorization of the API invoker for APIs.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SecurityNotification'
responses:
'204':
description: Successful revoked.
'400':
$ref: 'TS29122_CommonData.yaml#/components/responses/400'
'401':
$ref: 'TS29122_CommonData.yaml#/components/responses/401'
'403':
$ref: 'TS29122_CommonData.yaml#/components/responses/403'
'404':
$ref: 'TS29122_CommonData.yaml#/components/responses/404'
'411':
$ref: 'TS29122_CommonData.yaml#/components/responses/411'
'413':
$ref: 'TS29122_CommonData.yaml#/components/responses/413'
'415':
$ref: 'TS29122_CommonData.yaml#/components/responses/415'
'429':
$ref: 'TS29122_CommonData.yaml#/components/responses/429'
'500':
$ref: 'TS29122_CommonData.yaml#/components/responses/500'
'503':
$ref: 'TS29122_CommonData.yaml#/components/responses/503'
default:
$ref: 'TS29122_CommonData.yaml#/components/responses/default'
/securities/{securityId}/token:
post:
parameters:
- name: securityId
in: path
description: Identifier of an individual security instance
required: true
schema:
type: string
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/AccessTokenReq'
responses:
'200':
description: Successful Access Token Request
content:
application/json:
schema:
$ref: '#/components/schemas/AccessTokenRsp'
'400':
description: Error in the Access Token Request
content:
application/json:
schema:
$ref: '#/components/schemas/AccessTokenErr'
components:
schemas:
ServiceSecurity:
type: object
properties:
securityInfo:
type: array
items:
$ref: '#/components/schemas/SecurityInformation'
minimum: 1
notificationDestination:
$ref: 'TS29122_CommonData.yaml#/components/schemas/Uri'
requestTestNotification:
type: boolean
description: Set to true by API invoker to request the CAPIF core function to send a test notification as defined in in subclause 7.6. Set to false or omitted otherwise.
websockNotifConfig:
$ref: 'TS29122_CommonData.yaml#/components/schemas/WebsockNotifConfig'
supportedFeatures:
$ref: 'TS29571_CommonData.yaml#/components/schemas/SupportedFeatures'
required:
- securityInfo
- securityNotificationDestination
SecurityInformation:
type: object
properties:
interfaceDetails:
$ref: 'TS29222_CAPIF_Publish_Service_API.yaml#/components/schemas/InterfaceDescription'
aefId:
type: string
description: Identifier of the API exposing function
prefSecurityMethods:
type: array
items:
$ref: 'TS29222_CAPIF_Publish_Service_API.yaml#/components/schemas/SecurityMethod'
minItems: 1
description: Security methods preferred by the API invoker for the API interface.
selSecurityMethod:
$ref: 'TS29222_CAPIF_Publish_Service_API.yaml#/components/schemas/SecurityMethod'
authenticationInfo:
type: string
description: Authentication related information
authorizationInfo:
type: string
description: Authorization related information
required:
- prefSecurityMethods
oneOf:
- required: [interfaceDetails]
- required: [aefId]
SecurityNotification:
type: object
properties:
apiInvokerId:
type: string
description: String identifying the API invoker assigned by the CAPIF core function
aefId:
type: string
description: String identifying the AEF.
apiIds:
type: array
items:
type: string
minItems: 1
description: Identifier of the service API
cause:
$ref: '#/components/schemas/Cause'
required:
- apiInvokerId
- apiIds
- cause
AccessTokenReq:
format: x-www-form-urlencoded
properties:
grant_type:
type: string
enum:
- client_credentials
client_id:
type: string
client_secret:
type: string
scope:
type: string
required:
- grant_type
- client_id
AccessTokenRsp:
type: object
properties:
access_token:
type: string
description: JWS Compact Serialized representation of JWS signed JSON object (AccessTokenClaims)
token_type:
type: string
enum:
- Bearer
expires_in:
$ref: 'TS29122_CommonData.yaml#/components/schemas/DurationSec'
scope:
type: string
required:
- access_token
- token_type
- expires_in
AccessTokenClaims:
type: object
properties:
iss:
type: string
scope:
type: string
exp:
$ref: 'TS29122_CommonData.yaml#/components/schemas/DurationSec'
required:
- iss
- scope
- exp
AccessTokenErr:
type: object
properties:
error:
type: string
enum:
- invalid_request
- invalid_client
- invalid_grant
- unauthorized_client
- unsupported_grant_type
- invalid_scope
error_description:
type: string
error_uri:
type: string
required:
- error
Cause:
anyOf:
- type: string
enum:
- OVERLIMIT_USAGE
- UNEXPECTED_REASON
- type: string
description: >
This string provides forward-compatibility with future
extensions to the enumeration but is not used to encode
content defined in the present version of this API.
description: >
Possible values are
- OVERLIMIT_USAGE: The revocation of the authorization of the API invoker is due to the overlimit usage of the service API
- UNEXPECTED_REASON: The revocation of the authorization of the API invoker is due to unexpected reason.