Content for  TS 23.222  Word version:  19.1.0

The reference points for CAPIF are described in the following subclauses.

The CAPIF-1 reference point, which exists between the API invoker and the CAPIF core function, is used for the API invoker within the PLMN trust domain to discover service APIs, to authenticate and to get authorization. The CAPIF-1 reference point supports:

• Onboarding the new API invokers and offboarding API invokers;
• Authenticating the API invoker based on the identity and credentials of the API invoker;
• Mutual authentication between the API invoker and the CAPIF core function;
• Providing authorization for the API invoker prior to accessing the service API;
• Providing authorization for the API invoker based on RNAA; and
• Discovering the service APIs information.

The CAPIF-1e reference point, which exists between the API invoker and the CAPIF core function, is used for the API invoker outside the PLMN trust domain to discover service APIs, to authenticate and to get authorization. The CAPIF-1e reference point supports all the functions of CAPIF-1.

The CAPIF-2 reference point, which exists between the API invoker and the API exposing function belonging to the same trust domain, is used for the API invoker to communicate with the service APIs. The CAPIF-2 reference point supports:

• Authenticating the API invoker based on the identity and credentials of the API invoker;
• Authorization verification for the API invoker upon accessing the service API; and
• Invocation of service APIs.

The CAPIF-2e reference point, which exists between the API invoker and the API exposing function belonging to a different trust domain, is used for the API invoker to communicate with the service APIs. The CAPIF-2e reference point supports all the functions of CAPIF-2.

The CAPIF-3 reference point, which exists between the API exposing function and the CAPIF core function, is used for exercising access and policy related control for service API communications initiated by the API invoker. The CAPIF-3 reference point supports:

• Authenticating the API invoker based on the identity and credentials of the API invoker;
• Providing authorization for the API invoker prior to accessing the service API;
• Authorization verification for the API invoker upon accessing the service API;
• Authorization verification for the API invoker based on RNAA;
• Controlling the service API access based on PLMN operator configured policies;
• Logging the service API invocations; and
• Charging the service API invocations.

The CAPIF-4 reference point, which exists between the API publishing function and the CAPIF core function, is used for publishing the service API information. The CAPIF-4 reference point supports:

• Publishing the service APIs information by the API publishing function.

The CAPIF-5 reference point, which exists between the API management function and the CAPIF core function, is used for management of service API, API invoker and API provider domain function information. The CAPIF-5 reference point supports:

• Accessing the service API invocation logs by the API management function;
• Enabling the API management function to monitor the events reported due to the service APIs invocations;
• Onboarding new API invokers by provisioning the API invoker information at the CAPIF core function, requesting explicit grant of new API invokers onboarding and confirming onboarding success;
• Offboarding API invokers;
• Enabling the API management function to configure policies at the CAPIF core function e.g. service API invocation throttling, blocking API invocation for certain duration;
• Enabling the API provider to monitor the status of service APIs (e.g. pilot or live status, start or stop status of service API);
• Registering API provider domain functions on the CAPIF core function; and
• Update of the registration information of API provider domain functions on the CAPIF core function.

The CAPIF-3e reference point, which exists between the API exposing function within the 3rd party trust domain and the CAPIF core function within the PLMN trust domain, is used for exercising access and policy related control for service API communications initiated by the API invoker. The CAPIF-3e supports all the functions of CAPIF-3.

The CAPIF-4e reference point, which exists between the API publishing function within the 3rd party trust domain and the CAPIF core function within the PLMN trust domain, is used for publishing the service API information. The CAPIF-4e reference point supports all the functions of CAPIF-4.

The CAPIF-5e reference point, which exists between the API management function within the 3rd party trust domain and the CAPIF core function within the PLMN trust domain, is used for management of service API, API invoker and API provider domain function information. The CAPIF-5e reference point supports all the functions of CAPIF-5.

The CAPIF-7 reference point, which exists between the API exposing functions belonging to the same trust domain, is used for the forwarding or routing of the API invoker's service API invocation from one API exposing function to the other API exposing function deployed in the PLMN trust domain. The CAPIF-7 reference point supports all the functions of CAPIF-2. The CAPIF-7 reference point supports invocation of service APIs originated by the API invoker using CAPIF-2.

The CAPIF-7e reference point, which exists between the API exposing functions belonging to different trust domains, is used for the forwarding or routing of the API invoker's service API invocation from one API exposing function to the other API exposing function between different trust domains. The CAPIF-7e reference point supports all the functions of CAPIF-2e.

The CAPIF-6 reference point exists between the CAPIF core functions within the same trust domain of CAPIF provider. The CAPIF-6 reference point supports:

• Publishing the service APIs information; and
• Discovering the service APIs information.

The CAPIF-6e reference point exists between the CAPIF core function within the 3rd party trust domain and the CAPIF core function within the PLMN trust domain. The CAPIF-6e reference point supports all the functions of CAPIF-6.

The CAPIF-8 reference point exists between the CAPIF core function and the resource owner function. The CAPIF-8 reference point supports:

• Providing authorization for resource access; and
• Managing and revoking the provided authorization.