The API invoker is typically provided by a 3rd party application provider who has service agreement with PLMN operator. The API invoker may reside within the same trust domain as the PLMN operator network. The API invoker may be either an application on a server or an application on a UE.
The API invoker supports the following capabilities:
Triggering API invoker onboarding/offboarding;
Supporting the authentication by providing the API invoker identity and other information required for authentication of the API invoker;
Supporting mutual authentication with CAPIF;
Obtaining the authorization prior to accessing the service API;
The API exposing function is the provider of the service APIs and is also the service communication entry point of the service API to the API invokers. The API exposing function consists of the following capabilities:
Authenticating the API invoker based on the identity and other information required for authentication of the API invoker provided by the CAPIF core function;
Validating the authorization provided by the CAPIF core function; and
Logging the service API invocations at the CAPIF core function.
The API publishing function enables the API provider to publish the service APIs information in order to enable the discovery of service APIs by the API invoker. The API publishing function consists of the following capability:
Publishing the service API information of the API provider to the CAPIF core function.