8.22 Auditing service API invocation

23.2223GPPCommon API Framework for 3GPP Northbound APIsRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

8.22.1 General

The procedure in this subclause corresponds to the architectural requirements for auditing service API invocation. This procedure can be used for auditing of other CAPIF interactions i.e. service API invocation events, API invoker onboarding events and API invoker interactions with the CAPIF (e.g. authentication, authorization, discover service APIs) as well. The API management function can be within PLMN trust domain or within 3^rd party trust domain.

8.22.2 Information flows

8.22.2.1 Query service API log request

Table 8.22.2.1-1 describes the information flow query service API log request from the API management function to the CAPIF core function.

Table 8.22.2.1-1: Query service API log request

Information element	Status	Description
Identity information	M	Identity information of the entity querying service API log request
Query information	M	List of query filters such as invoker’s ID and IP address, service API name and version, input parameters, and invocation result

8.22.2.2 Query service API log response

Table 8.22.2.2-1 describes the information flow query service API log response from the CAPIF core function to the API management function.

Table 8.22.2.2-1: Query service API log response

Information element	Status	Description
Result	M	Indicates the success or failure of query service API log request
API invocation log information	O (see NOTE)	API invocation log information such as API invoker’s ID, IP address, service API name, version, invoked operation, input parameters, invocation result, time stamp information
NOTE: Information element shall be present when result indicates success.

8.22.3 Procedure

Figure 8.22.3-1 illustrates the procedure for auditing service API invocation.

Pre-conditions:

1. Service API invocation logs are available at the CAPIF core function.

2. Authorization details of the AMF are available with the CAPIF core function.

Figure 8.22.3-1: Procedure for auditing service API invocation

1. For auditing service API invocations, the API management function triggers query service API log request to the CAPIF core function.

2. Upon receiving the query service API log request, the CAPIF core function accesses the necessary service API log information for auditing purposes.

3. The CAPIF core function returns the log information to the API management function in the query service API log response.

NOTE: The API management function detecting abuse of the service API invocation and actions, subsequent to query service API log response, are out-of-scope of this specification.