8.31 API invoker obtaining authorization from resource owner

23.2223GPPCommon API Framework for 3GPP Northbound APIsRelease 18TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

8.31.1 General

CAPIF may authorize the API invoker to invoke the service API based on the authorization information from the resource owner given before the API invocation.

Clause 8.31.3 shows the procedure for obtaining the authorization information.

8.31.2 Information flows

NOTE: The security aspects of this procedure will be specified by SA3.

Editor’s Note: Reference to the appropriate SA3 specification is needed.

8.31.3 Procedure

Figure 8.31.3-1 illustrates the procedure for API invoker obtaining authorization from resource owner.

Pre-conditions:

1. The resource owner can communicate with the API invoker.

Figure 8.31.3-1: Procedure for API invoker obtaining authorization from resource owner

1. The API invoker requests authorization information to invoke the service API.

NOTE: The detailed procedure to obtain the authorization information will be specified by SA3.

Editor’s Note: Reference to the appropriate SA3 specification is needed.

2. The API invoker sends service API invocation request to the API exposing function with the authorization information received in step 1.