GSMA Open Gateway API Descriptions

Unlocking Connectivity: Comprehensive descriptions of GSMA Open Gateway APIs

The GSMA Open Gateway initiative launched with eight network APIs in 2023. Open Gateway portfolio of APIs has since continued to expand. All APIs can be found in the CAMARA repository here: https://github.com/camaraproject

Anti Fraud

API Product Family: Subscriber Identity 

Call Forwarding Signal

API Description

Call Forwarding Signal API can be used to determine if a specific mobile Phone Number has an active call forwarding setup. 

https://github.com/camaraproject/CallForwardingSignal/releases/latest

Use cases

  • The Call Forwarding Signal API can be used by a bank to verify if a “call forwarding” option is active on the customer’s phone to avoid frauds. A call from the bank to the customers can be forwarded to a different number during a fraud attempt.  

Benefits

  • Frauds can be avoided improving the customer experience and the security for assistance services offered via incoming phone calls.  

Device Roaming Status

API Description

Device Roaming Status API checks whether a certain user device is roaming and if so, the country it is in.

https://github.com/camaraproject/DeviceStatus/releases/latest

Use cases

  • Service delivery: a content provider may need to enforce territory restrictions for their content. For instance, a broadcaster, streaming or gaming service may only have rights to broadcast a piece of content in their domestic market, or may want to deliver different services according to the country. Through the Device status API, the content provider can check that the end-user is located in the content provider domestic market.  
  • Fraud prevention (e.g. banking, payments, commerce): a bank may query the API upon detecting a transaction from an unexpected country. The roaming information feeds into the bank risk decision engine and security measures are applied accordingly by the bank.  
  • Regulatory compliance: a customer may need to be within a certain jurisdiction for transactions to be authorised. 
  • Tourism and hospitality: an international hotel franchise or a travel agency may want to personalise their service according to the country or to their customers displacements. 

Benefits

  • Remote monitoring of IoT devices enables device management and performance. 
  • Decreased fraud risk without additional friction for the user. 
  • Personalisation of services. 
  • Control of the delivery of digital and physical services. 

Device Roaming Status Subscriptions

API Description

Device Roaming Status Subscriptions API is used to receive notifications if the user’s device roaming status changes. A device roaming status is defined as whether the user’s device is roaming, i.e. not connected to its home mobile network.

https://github.com/camaraproject/DeviceStatus/releases/latest

Use cases

  • Service delivery: a content provider may need to enforce territory restrictions during consumption their content. For instance, a broadcaster, streaming or gaming service may only have rights to broadcast a piece of content in their domestic market, or may want to deliver different services according to the country. Through the Device Status Subscriptions API, the content provider can check that if end-user roams away from the content provider domestic market.  
  • Remote control of machines and vehicles (e.g. Automated Guided Vehicles, drones, robotic arms, factory production lines): applications requiring remote control of machines or vehicles my require to be notified about their connectivity status to ensure their service and/or that they are properly manageable from the corresponding control point.  

Benefits

  • Remote monitoring of IoT devices enables device management and performance. 
  • Personalisation of services. 
  • Control of the delivery of digital and physical services. 

KYC Fill-In

API Description

KYC Fill-In API is used to request and receive information that has been verified by the end user’s Mobile Operator in their KYC records. The information can include mobile phone number, name, postal code, address, birthdate, email address etc. 

https://github.com/camaraproject/KnowYourCustomer/releases/latest

Use cases

  • One-click checkout (e-commerce), automatic form-fill for user’s information e.g. mobile phone number, birthdate, address, on registration (varied verticals)  
  • User identification to call centre (to be confirmed) 
  • Confirm recipient’s mobile number for sending e-goods and e-presents like SMS gift code  
  • Check user’s age with birthdate information for e.g. alcohol and tobacco sale  

Benefits

  • The Service Provider can optimise the user experience while capturing the accurate user information its service requires. 
  • Simplified user experience increasing conversion for service providers at user registration 
  • More accurate registration form information through avoiding data entry errors 

KYC Match

API Description

KYC Match API provides the ability to compare the information the API customer has for a particular user with that on file and verified by the user’s Mobile Network Operator in their own KYC records.  

The information can include mobile phone number, name, postal code, address, birthdate, email address etc. No Personal Identifiable Information (PII) is returned. 

https://github.com/camaraproject/KnowYourCustomer/releases/latest

Use cases

  • User identity verification for any service provider checking new users or performance of a regular refresh.  
  • Especially depending on Market/Country regulations, identity verification for compliance with regulations, e.g. KYC regulations in banking demanding check for new users and for regular refresh.  

Benefits

  • The Service Provider can confirm the accuracy of the user information required by its service without inconveniencing the user. 
  • Mitigate risks related to different types of identity fraud like the use of synthetic identities. 
  • Maximise the conversion rate and the quality of the onboarding procedures. 
  • Avoids data entry errors and mitigates fraud by utilising verified user information from the user’s Mobile Network Operator  

Number verification

API Description

Number Verification API enables the seamless authentication of a mobile device by verifying that the provided mobile phone number is the one used in the device.

https://github.com/camaraproject/NumberVerification/releases/latest

Use cases

  • App Onboarding: The App can request a seamless authentication of the mobile device via the API.  
  • App login: in place of username/password, the application can request seamless authentication of the mobile device via the API.  
  • Application password reset: As in the app onboarding use case, the application can request a seamless authentication of the mobile device via the API.  

Benefits

  • Improved seamless and faster user experience, hence improved conversion rates & customer satisfaction 
  • Lower risk of compromise (by social engineering or interception) 

One Time Password

API Description

One Time Password API delivers a short-lived one-time password to a mobile phone number via SMS. The API then validates the code as input by the end-user into the service, to verify proof of possession.  

https://github.com/camaraproject/OTPValidation/releases/latest

Use cases

  • App Onboarding: The App can request a SMS One Time Password (OTP) to prove that the user is in possession of the mobile device associated with the mobile number used for onboarding. This increases confidence for future uses of the mobile number and reduces instances of fake accounts creation.  
  • High-value transactions: to reduce payment fraud, the user may be asked to enter the OTP code sent to their registered mobile number.  
  • Account management e.g. password reset: to protect against account takeover, sensitive account management actions can be protected by requesting a second factor authentication by the end-user. 

Benefits

  • End user familiarity.  
  • Increased security over single-factor authentication (username/password) or in card-not-present scenarios.  
  • Prevent fake accounts creation (bots).

Sim Swap

API Description

SIM Swap API checks the last date that the SIM card associated with a mobile phone number has changed. The response may be a timestamp or a yes/no for a defined period (e.g. last 24h).  

https://github.com/camaraproject/SimSwap/releases/latest

Use cases

  • Fraud prevention in banking: a bank may query the API when a transaction appears suspicious. The SIM swap information feeds into the bank risk decision engine and security measures are applied accordingly by the bank.  
  • Fraud prevention for password reset: password reset is often protected via a mobile verification e.g. SMS One Time Password. The online service provider may query the API to secure the mobile verification. A recent SIM swap may indicate a risk of account takeover fraud, and the service provider can adapt the security measures accordingly. 

Benefits

  • Increased security without additional friction for the user 
  • Prevention of account takeover is a benefit for both the business and the end customer, since end customers are protected for being involved in uncomfortable situations. 

Sim Swap Notification Subscription

API Description

SIM Swap Notification Subscription enables subscription to notifications related to SIM Swap events, reporting a change in the SIM card associated with a mobile phone number. A SIM Swap event often responds to legitimate device upgrades or replacements but is also susceptible to abuse through fraudulent activities. 

In comparison with the base SIM Swap API, this service ensures that the application receives the information in real-time when the SIM Swap event occurs, instead of actively requesting the information when it is required by the application. 

https://github.com/camaraproject/SimSwap/releases/latest

Use cases

  • Fraud prevention in banking: Strange behaviours or accumulation of SIM Swap notifications may help banks detect fraud scenarios in advance. 
  • Digital security services: Applications can be notified about possible security threats in the customer account which can be used by to improve security. Antifraud systems will be enhanced with real-time information. 

Benefits

  • Antifraud mechanism that will notify when a SIM is affected by a swap procedure, implementing different mechanisms to avoid fraud (e.g., warn or confirm with the user).

Scam Signal

API Description

Scam Signal API allows businesses to protect their customers from impersonation scams, particularly Authorized Pushed Payment (APP) fraud. 

 APP fraud involves a criminal tricking someone into sending them money, often through impersonating representatives from banks, government departments, or even a family member. They can also deceive a victim into making advance payments for fraudulent investments, counterfeit goods and services, or even extort money through a seemingly genuine romance or friendship. 

URL: Please contact the mobile operators in your market for more details 

Use cases

  • APP Fraud prevention: a client may query the API when a money transaction appears suspicious. The API will inform about different indicators leveraging advanced analysis of real-time network data to identify and prevent APP fraud activities. 

Benefits

  • APP fraud detection through real-time traffic analysis 
  • Protecting both the business and the end customer 

Mobile Connectivity / VAS

API Product Family: Location

Device Location Verification

API Description

Device Location Verification API checks if a mobile device is in proximity of a given location. The API request contains the location to be checked and an accuracy range in km (between 2km and 200km). The API response indicates whether the location is within the accuracy range of the last known location of the MSISDN. 

In its simplest version, the API can be used to verify a location expressed as latitude, longitude, and a radius. 

https://github.com/camaraproject/DeviceLocation/releases/latest

Use cases

  • Fraud prevention (banking, payments): a bank may query the API upon detecting a cash withdrawal or credit card use attempt from an unexpected location. The location verification feeds into the bank risk decision engine and security measures are applied accordingly by the bank.  
  • Traffic management of drones: the Uncrewed Aircraft System Traffic Management or the drone operator can obtain drone location information from its GPS data, however this is vulnerable to jamming or spoofing. They can query the API to verify the drone location, e.g. for law enforcement purposes or to check compliance with approved flight plan.  
  • Retail marketing: a retailer Edge Application may query the API to verify that a user is close enough to a physical location before pushing a notification to them.  
  • Protection of assets e.g. logistics, indoors factory tools (depending on available accuracy): the fleet manager can check if assets are in their expected location. 
  • Special digital services in big events: the organizers of a big sports or entertaining event (football match, music festival, car or motorcycle races, etc.) can provide their audience with special digital services in the place of the event, e.g., access to private web zone of the event, eligibility for special fan experiences, access to premium content during and after the event, etc. 
  • Delivery of services under control: content-based business (streaming, cloud gaming) and location-based business (delivery of food or other goods, etc.) can keep under control how and where their services are being delivered: eligibility to enjoy a content/game/service, control the transport by which the goods are being delivered, etc. 

Benefits

  • Decreased fraud risk without additional friction for the user. 
  • Independent and reliable verification of the location reported by the GPS functionality of a drone or device.  
  • Geotargeted marketing. 
  • Personalization of services. 
  • Control of the delivery of digital and physical services. 
  • Control and protection of assets 

Device Geofencing Subscriptions 

API Description

Device Geofencing Subscriptions API enables the subscription to geographical position changes. With this API, customers can create subscriptions for their devices to receive notifications when a device enters or exits a specified area. If the geofencing-state of a device changes, the event subscriber will be notified back.

https://github.com/camaraproject/DeviceLocation/releases/latest

Use cases

  • Retail and e-commerce personalization and advertising: a retailer wants to launch personalization or advertising campaigns to its customers when they enter the area of influence of its department stores.  
  • Tourism and other location-based services: travel agencies, airlines, hotel companies, etc. want to give personalized experiences when their customers enter specific areas where they can provide added value. E.g., an airline welcoming a traveller to the airport and reminding them the possibility of using the VIP room, a Public Administration giving tourism information to registered tourists.  
  • Assets safekeeping and tracking: ensuring that assets (parcels, fleet, services of shared vehicles, IoT, etc.) enter the right areas in the right moments, or they do not leave the areas where they must be. 

Benefits

  • New use cases are enabled based on network location information and the events and mobility of the devices. The subscription mechanism enabling geofencing allows developers to enhance their product with a push mode model, improving the resource’s usage and increasing the value of the information.

Device Location Retrieval

API Description

Device Location Retrieval API provides the ability to retrieve the location of a device. The retrieved area depends on the network conditions at the subscriber’s location. 

The retrieved area provided in the response could be described: 

  • by a circle determined by coordinates (latitude and longitude) and a radius. 
  • by a simple polygon delimited by segments connecting consecutively an array of coordinates (points).  

https://github.com/camaraproject/DeviceLocation/releases/latest

Use cases

Location Retrieval could be useful in scenarios such as: 

  • For use cases between mobile users when it is required to check proximity, we first need to retrieve mobile location of one of the mobile (with this Location Retrieval API)  and then check tge other mobile location (via Location Retrieval api). This is applicable for people-to-people payment for example. 
  • In logistic use cases, this API is used to retrieve container location by exception (when shipment is not at the expected place). This is particularly useful for tracking IoT device. 
  • Globally, it is worth noting that the Location Retrieval API is often requested as a complement to GPS tracking for sensitive based-location use cases as GPS could be spoofed on a phone. 

Benefits

  • Provide location service based on mobile network as complementary option of the GPS

Population Density Data 

API Description

Population Density Data API enables the retrieval of population density estimations for a specific area at a future date and time, considering historical anonymised information of the network connected devices in the requested area. 

https://github.com/camaraproject/PopulationDensityData/releases/latest

Use cases

  • Providing BVLOS (Beyond Visual Line of Sight) flights with the information to meet SORA 2.5 (Specific Operation Risk Assessment) requirements in terms of intrinsic Ground Risk Class (iGRC).  
  • Providing information to identify if the ground risk class for a given drone flight path is acceptable for the time of the flight, or an alternative time should be considered to lower the risk. 
  • Sustainable Urban Planning. Enabling urban planners to specify the area of interest and a future time period. 
  • Environmental monitoring at mass events, such as concerts or festivals.  

Benefits

  • Safe Drone Flights: by providing a people density data for Drone Operators to avoid flight routes over areas with crowds on the ground.  
  • Achieve SORA approval: by providing services that help Drone Operators to perform the regulatory Ground Risk Assessment and to identify if there is a need of developing appropriate operational procedures and mitigations.  
  • Drone Route Planning: by identifying the best route and timing in terms of ground risk.  
  • Improving long-term planning and city sustainability: by enabling urban planners to identify specific areas and forecast their future development. 
  • Facilitates the monitoring of the environment during events: by ensuring safety and environmental sustainability in large gatherings. 

API Product Family: Network Quality / Optimisation 

Quality on Demand

API Description

Quality on Demand API offers the application developer the capability to request stable latency (reduced jitter) or minimum throughput for specified application data flows between application clients (within a user device) and Application Servers (backend services). The developer has a pre-defined set of Quality of Service (QoS) profiles which they could choose from depending on their latency or throughput requirements. 

https://github.com/camaraproject/QualityOnDemand/releases/latest

Use cases

  • Media and entertainment (e.g. online gamers and viewers of real-time streaming) require a network with a high level of performance to ensure good user experience.  
  • Remote control of machines and vehicles (e.g. Automated Guided Vehicles, drones, robotic arms, factory production lines) require stable data throughput and low latency to ensure secure and efficient operations.  
  • Computer vision and remote video processing applications (e.g. sending a continuous video stream to their backends for processing) require stable data throughput and low latency to generate time-sensitive outputs, such as alarms and events for computer vision, or a produced video stream for their audience 

Benefits

  • Optimise your clients’ networking performance: With the QoD service, you can activate the networking conditions that suit the needs of your applications in real time. Regardless your application requires a short boost with high throughput or a temporal control on the maximum jitter or latency, there’s a QoD profile ready for you to activate. 
  • Seamless user experience: Your clients will enjoy the enhanced services you build with the capabilities brough to you by the QoD service without even noticing their network has been modified. This allows you to upsell advanced features with the security they will not suffer undesirable network issues 
  • Improve your clients’ satisfaction: Reduce the number of customer complaints caused by network conditions This will improve situations where previously your customers may not have experienced your application as they should have. 

QoD Provisioning

API Description

The Quality-On-Demand (QoD) Provisioning API offer the application developer the capability to request the assignment of a certain QoS Profile to a specified device. The device traffic will be treated with a certain QoS profile by the network whenever the device is connected to the network, until the provisioning is deleted.

https://github.com/camaraproject/ConnectivityInsights/releases/latest

Use cases

  • Media and entertainment (e.g. online gamers and viewers of real-time streaming) require a network with a high level of performance to ensure good user experience.  
  • Remote control of machines and vehicles (e.g. Automated Guided Vehicles, drones, robotic arms, factory production lines) require stable data throughput and low latency to ensure secure and efficient operations.  
  • Computer vision and remote video processing applications (e.g. sending a continuous video stream to their backends for processing) require stable data throughput and low latency to generate time-sensitive outputs, such as alarms and events for computer vision, or a produced video stream for their audience  

Benefits

  • Optimise your clients’ networking performance: With the QoD service, you can activate the networking conditions that suit the needs of your applications in real time. Regardless your application requires a short boost with high throughput or a temporal control on the maximum jitter or latency, there’s a QoD profile ready for you to activate. 
  • Seamless user experience: Your clients will enjoy the enhanced services you build with the capabilities brough to you by the QoD service without even noticing their network has been modified. This allows you to upsell advanced features with the security they will not suffer undesirable network issues 
  • Improve your clients’ satisfaction: Reduce the number of customer complaints caused by network conditions This will improve situations where previously your customers may not have experienced your application as they should have. 

Connectivity Insights

API Description

The Connectivity Insights API allows an application developer to query the likelihood that an application’s networking requirements can be met for a given end user session. The developer may decide to leverage the Quality on Demand API to request stable latency (reduced jitter) or minimum throughput for the application.

https://github.com/camaraproject/ConnectivityInsights/releases/latest

Use cases

  • Streaming services can query the API to assess whether the current network conditions are sufficient for delivering high-quality video (e.g., 4K or HD) without buffering. 
  • Online multiplayer game services can query the API to evaluate if the current network conditions can meet the low-latency requirements for a given player. 
  • IoT devices that rely on consistent and reliable connections (e.g., smart home systems or industrial IoT sensors), developers can query the API to verify whether the network can handle the necessary data flow.   

Benefits

  • Enabling a game to adjust in-game settings to improve the user experience. 
  • Enabling a video app to switch to a lower resolution video to prevent buffering. 

API Product Family: Communication Services 

SMS API

API Description

SMS API provides the customer with the ability to send an SMS to a mobile phone number in use on a mobile phone device. There are 3 different categories of SMS, namely Service SMS, Promotional SMS and Transactional SMS.  The SMS API can also be used to send a binary message to a mobile phone number which is being used on an (IoT) device.​ 

https://github.com/camaraproject/ShortMessageService

Use cases

Send SMS is a useful utility API which can be leveraged in multiple use cases: 

  • App Onboarding: Useful in providing secure experience on channels to prevent fake accounts creation via SMS OTP 
  • App Login: Secure authentication flows preventing account takeovers via SMS OTP 
  • Transacting: Payments SMS OTPs during purchases and transaction confirmations 
  • Promotional: Executing business campaigns via SMS 
  • Account Management: Validate Passwords resets, device changes, user reactivation etc  

Benefits

  • Instant and Direct Communication: SMS messages are delivered directly to mobile phones, ensuring fast and immediate reach 
  • High Open Rates: SMS has high read rates with many opened within minutes of delivery, making it an effective way to ensure your message is seen. 
  • Personalisation and Engagement: You can tailor messages to individual customers, making the interaction more personal, which increases engagement and conversion rates. 
  • Broad Reach and Accessibility: SMS is accessible to all mobile users, even those without smartphones, ensuring wider reach. 

Fixed Connectivity

API Product Family: Network Quality / Optimisation 

Home Devices QoD

API Description

Home Devices QoD API enables application developers to control the network configuration of their End Users devices when they are connected through the WiFi access point provided by a telco fixed line. Developers can request to change, on demand, the desired QoS behaviour for the IP traffic corresponding to a specific user home device. 

https://github.com/camaraproject/HomeDevicesQoD/releases/latest

Use cases

  • Real-time entertainment (e.g. streaming, gaming, VR/AR head-mounted displays): these applications require low latency and high throughput.  
  • Communications: these applications require low latency to guarantee the call quality and avoid dropped calls 

Benefits

  • Optimise your clients’ networking performance: With the Home Devices QoD service, you can activate the networking conditions that suit the needs of your applications in real time. Regardless your application requires a short boost with high throughput or a temporal control on the maximum jitter or latency, there’s a QoD profile ready for you to activate. 
  • Seamless user experience: Your clients will enjoy the enhanced services you build with the capabilities brough to you by the Home Devices QoD service without even noticing their network has been modified.  
  • Improve your clients’ satisfaction: Reduce the number of customer complaints whose cause is the networking of your clients because you can control and monitor the network conditions and adapt to them whenever your applications are being used.  

Cloud & Edge

API Product Family: MEC (Mobile Edge Cloud) 

Simple Edge Discovery

API Description

Simple Edge Discovery API allows an application to discover the nearest Edge-Cloud zone for it to connect to, specifically the API will calculate the Edge Cloud Zone with the shortest network path to the application.

https://github.com/camaraproject/SimpleEdgeDiscovery/releases/latest

Use cases

  • All edge cloud use cases e.g. automotive, mixed/augmented reality, high resolution video streaming, cloud gaming, remote control of moving objects or vehicles: for an application deployed in telco edge cloud or hyperscaler edge cloud, the device needs to be informed of the Edge-Cloud zone to access. The application queries the API and is informed of the nearest Edge-Cloud zone to connect to. It can then perform a DNS lookup to route traffic to this node.  

Benefits

  • Enables selection of and routing towards the nearest edge cloud zone, generally optimising network performance by minimising propagation delay.  
  • More accurate selection based on Operator network topology rather than geolocation.  

Traffic Influence

API Description

The Traffic Influence API provides the capability to establish the optimal routing, in terms of latency, in a specific geographical area, between the user device, e.g. the user’s smartphone, and the optimal Edge Application Server (EAS) instance nearby. If the user device is detected by the developer to have moved into a different geographical location, the Traffic Influence API can be invoked again to get the optimal routing in the new location.

https://github.com/camaraproject/EdgeCloud

Use cases

  • Optimising GPS navigation apps for faster route calculations and live traffic updates. 
  • AR applications for tourism or retail can provide real-time content, such as points of interest, special offers, or nearby stores. 
  • Cloud gaming or mobile gaming applications relying on edge computing to minimise latency for a smoother user experience. 
  • Streaming services that use edge computing to deliver high-quality, low-latency video content (e.g., live sports, music events). 
  • Emergency services (ambulances, fire trucks) need optimal routing for communication and response coordination.

Benefits

  • The routing of the mobile traffic is optimised toward a local instance of an Edge application to get the optimal latency.

Payments

API Product Family: Payments and Charging 

Carrier Billing

API Description

Carrier Billing API allows an online merchant to enable the purchase of third-party digital goods and to request payment against the user’s Mobile Operator billing system.

https://github.com/camaraproject/CarrierBillingCheckOut/releases/latest

Use cases

  • Mobile payments across media, gaming, mobile services, ticketing, content, and other digital services: when reaching checkout online, the user gets the option to pay by mobile. If chosen, the merchant requests payment via the Carrier Billing API. The payment amount is added to the user’s phone bill or deducted from their prepaid balance. The settlement from the Operator to the merchant takes place to cover all users’ payments over a defined period.  

Benefits

  • Convenient and secure online payment solution for unbanked / underbanked users who cannot pay by credit card 
  • Increased conversion for merchants