
← Back to GSMA Open Gateway Home
The GSMA Open Gateway initiative launches with eight network APIs, including SIM Swap, Quality on Demand, Device Status, Number Verification, Simple Edge Discovery, One Time Password SMS, Carrier Billing – Check Out and Device Location. The initiative plans to launch further APIs throughout 2023.
They can be found in the CAMARA repository here https://github.com/camaraproject
SIM swap
API description |
The API checks the last time that the SIM card associated with a mobile number (MSISDN) has changed. The response may be a timestamp or a yes/no for a defined period (e.g. last 24h). |
Use cases (examples) |
Benefits |
- Fraud prevention in banking: a bank may query the API when a transaction appears suspicious. The SIM swap information feeds into the bank risk decision engine and security measures are applied accordingly by the bank
- Fraud prevention for password reset (various sectors): password reset is often protected via a mobile verification e.g. SMS One Time Password. The online service provider may query the API to secure the mobile verification. A recent SIM swap may indicate a risk of account takeover fraud and the service provider can adapt the security measures accordingly.
|
Increased security without additional friction for the user |
Quality On Demand
API description |
The API allows an application developer to request stable latency (reduced jitter) or throughput for specified application data flows between application clients and application servers. The developer chooses from a predefined set of Quality of Service Profiles (i.e. stable latency or different levels of throughput). The API response confirms whether the network can fulfill the request. |
Use cases (examples) |
Benefits |
- Remote control of machines and vehicles (e.g. Automated Guided Vehicles, drones, robotic arm, factory production line): applications requiring remote control of machines or vehicles require stable data throughput and low latency. The requirements may change dynamically (e.g. piloting a drone vs drone transmitting video data) or not (e.g.specialised robotic arm or remote maintenance). The application requests the required Quality On Demand from the mobile network via the API each time the requirements change. The API can also apply over private networks and network slices.
- Real-time media and entertainment (e.g. gaming, real-time streaming): online gamers and viewers of real-time streaming media require a guaranteed level of quality to ensure good user experience. The application requests the required Quality on Demand from the mobile network via the API.
|
Improved performance for applications.
Minimised production line downtime. Factory floor flexibility.
Guaranteed quality may be critical for safety reasons (moving objects or vehicles).
Enhanced end-user experience. |
Device status
API description |
The API checks connectivity status for a user equipment. In its current version, the API only checks the roaming status of a device. The response confirms whether the device is roaming and the country it is in. |
Use cases (examples) |
Benefits |
- Service delivery: a content provider may need to enforce territory restrictions for their content. For instance a broadcaster or streaming service may only have rights to broadcast a piece of content in their domestic market. Through the Device status API, the content provider can check that the end-user is located in the content provider domestic market.
- Fraud prevention (e.g. banking, payments, commerce): a bank may query the API upon detecting a transaction from an unexpected country. The roaming information feeds into the bank risk decision engine and security measures are applied accordingly by the bank.
- Regulatory compliance: a customer may need to be within a certain jurisdiction, or outwith others, in order for transactions to be authorised
|
Remote monitoring of IoT devices enables device management and performance.
Decreased fraud risk without additional friction for the user. |
Number Verification
API description |
The API enables the seamless authentication of the mobile device by the mobile network. The developer requests a check of the phone number of the device being used to access its service. The API either confirms the comparison result (i.e. whether the user is using a device with the same mobile phone number as is declared), or returns the phone number. |
Use cases (examples) |
Benefits |
- App onboarding (banking app, social media, ride share, mobile wallet, …): SMS One Time Password is widely used to prove that the user is in possession of the mobile device associated with the mobile number used for registration. However it adds friction to the user journey. The application can instead request a seamless authentication of the mobile device via the API.
- App login: in place of username/password, the application can request seamless authentication of the mobile device.
- Application password reset: the user journey often relies on SMS One Time Password. As in the app onboarding use case, the application can instead request a seamless authentication of the mobile device via the API.
|
Improved seamless and faster user experience, hence improved conversion rates & customer satisfaction
Lower risk of compromise (by social engineering or interception) |
Simple Edge Discovery
API description |
The API allows an application to discover the nearest Edge-Cloud node for it to connect to (may be telco edge cloud or hyperscaler edge cloud, whichever is required). |
Use cases (examples) |
Benefits |
- All edge cloud use cases e.g. automotive, mixed/augmented reality, high resolution video streaming, cloud gaming, remote control of moving objects or vehicles: for an application deployed in telco edge cloud or hyperscaler edge cloud, the device needs to be informed of the Edge-Cloud node to access. The application queries the API and is informed of the nearest Edge-Cloud node to connect to. It can then perform a DNS lookup to route traffic to this node.
|
Enables selection of and routing towards the nearest edge cloud node, generally optimising network performance by minimising propagation delay.
More accurate selection based on Operator network topology rather than geolocation.
|
One Time Password SMS
API description |
The API delivers a short-lived one time password to a mobile phone number via SMS. The API then validates the code as input by the end-user into the service, in order to provide a proof of possession of the phone number. |
Use cases (examples) |
Benefits |
- Onboarding to digital service (banking, social media, gig economy, retail, …): SMS One Time Password is used to prove that the user is in possession of the mobile device associated with the mobile number used for onboarding. This increases confidence for future uses of the mobile number and reduces instances of fake accounts creation.
- High-value transactions: in order to reduce payment fraud, the user may be asked to enter the OTP code sent to their registered mobile number.
- Account management e.g. password reset: to protect against account takeover, sensitive account management actions can be protected by requesting a second factor authentication by the end-user.
|
End user familiarity.
Increased security over single-factor authentication (username/password) or in card-not-present scenarios.
Prevent fake accounts creation (bots). |
Carrier Billing – Check Out
API description |
The API allows an online merchant to enable the purchase of third-party digital goods and to request payment against the user’s Operator carrier billing system. The API enables several related operations to the purchase (triggering purchase and consulting information to follow up on fulfilment); and to the payment, in one step by requesting carrier billing payment or with additional steps to prepare the payment before confirming or cancelling it. The Operator takes care of the billing. Usually the payment amount is added to the user’s phone bill or deducted from their prepaid balance and funds are paid to the merchant by the Operator. |
Use cases (examples) |
Benefits |
- Mobile payments across media, gaming, mobile services, ticketing, content, and other digital services: when reaching checkout online, the user gets the option to pay by mobile. If chosen, the merchant requests payment via the Carrier Billing API. The payment amount is added to the user’s phone bill or deducted from their prepaid balance. The settlement from the mobile operator to the merchant takes place to cover all users’ payments over a defined period.
|
Convenient and secure online payment solution for unbanked / underbanked users who cannot pay by credit card
Increased conversion for merchants |
Device Location
API description |
The API allows an application to check if a mobile device is in proximity of a given location. The API request contains the location to be checked and an accuracy range in km (between 2km and 200km). The API response indicates whether the location is within the accuracy range of the last known location of the MSISDN. |
Use cases (examples) |
Benefits |
- Fraud prevention (banking, payments): a bank may query the API upon detecting a cash withdrawal or credit card use attempt from an unexpected location. The location verification feeds into the bank risk decision engine and security measures are applied accordingly by the bank.
- Traffic management of drones: the Uncrewed Aircraft System Traffic Management or the drone operator can obtain drone location information from its GPS data, however this is vulnerable to jamming or spoofing. They can query the API to verify the drone location, e.g. for law enforcement purposes or to check compliance with approved flight plan.
- Retail marketing: a retailer Edge Application may query the API to verify that a user is close enough to a physical location before pushing a notification to them.
- Protection of assets e.g. logistics, indoors factory tools (depending on available accuracy): the fleet manager can check if assets are in their expected location.
|
Decreased fraud risk without additional friction for the user.
Independent and reliable verification of the location reported by a drone GPS.
Geotargeted marketing |
GSMA privacy policy