8.11 API invoker obtaining authorization to access service API

23.2223GPPCommon API Framework for 3GPP Northbound APIsRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

8.11.1 General

The API invoker requires to execute this procedure when it needs to obtain or re-obtain (e.g. upon expiry of the authorization information) the authorization to access the service API. Once the API invoker receives the authorization to access the service API, the API invoker can perform one or multiple service API invocations as per the permission limit. This procedure may be performed during the API invoker onboarding process.

8.11.2 Information flows

NOTE: The security aspects of this procedure are specified in subclause 6.5.2.3 of 3GPP TS 33.122 [12].

8.11.3 Procedure

Figure 8.11.3-1 illustrates the procedure for obtaining authorization to access the service API.

Pre-condition:

1. The API invoker is onboarded and has received an API invoker identity.

Figure 8.11.3-1: Procedure for the API invoker obtaining authorization for service API access

1. The API invoker sends an obtain service API authorization request to the CAPIF core function for obtaining permission to access the service API by including the API invoker identity information and any information required for authentication of the API invoker.

2. The CAPIF core function validates the authentication of the API invoker (using authentication information) and checks whether the API invoker is permitted to access the requested service API.

NOTE 1: The authentication process is specified in subclause 6.5.2.3 of 3GPP TS 33.122 [12].

3. Based on the API invoker’s subscription information the authorization information to access the service APIs is sent to the API invoker in the obtain service API authorization response.

NOTE 2: The mechanism for distribution of the authorization information for the API invoker to the API exposing function is specified in subclause 6.5.2.3 of 3GPP TS 33.122 [12].