The procedure in this subclause corresponds to the architectural requirements for deregistering the API provider domain functions on the CAPIF. This procedure deregisters the API provider domain functions as authorized users of the CAPIF functionalities.
For deregistration of API provider domain functions on the CAPIF core function, the API management function sends a deregistration request to the CAPIF core function.
CAPIF may authorize the API invoker to invoke the service API based on the authorization information from the resource owner given before the API invocation.
Clause 8.31.3 shows the procedure for obtaining the authorization information.
The API invoker requests to obtain resource owner authorization information to invoke the service API exposed by the API exposing function. The authorization function provides the authorization by involving the resource owner.
The API invoker sends service API invocation request to the API exposing function with the resource owner authorization information received in step 1.
The API invoker receives the service API invocation response resulting from the service API invocation once the API exposing function has checked whether the API invoker is authorized to invoke that service API based on the authorization information.
The nested API invocation scenario is a scenario where the first API invocation towards the API exposing function 1 triggers this API exposing function to request another API invocation towards the API exposing function 2, which is in the same API provider domain that the API exposing function 1. Some service APIs may require invoking another service APIs. For example, if the API invoker invokes SEAL locationInfoRetrieval API, the location management server (acting as an API exposing server for the API invoker and as an API invoker for the NEF) may invoke NEF API to retrieve UE location information from 5GC. The CAPIF may reduce the authorization information inquiries for a nested API invocation scenario using procedure described in clause 8.32.3.
Figure 8.32.3-1 illustrates the procedure to obtain authorization information in a nested API invocation, in which an API exposing function receiving the service API invocation request interacts with another API exposing function to provide the service.
Pre-conditions:
The resource owner function can communicate with the API invoker.
The API exposing functions 1 and 2 are in the same trust domain.
The API exposing function 1, acting as an API invoker, obtains the authorization information to access the service API exposed by the API exposing function 2.
The API exposing function 2, acting as an API invoker, receives the service API invocation response resulting from the service API invocation once API exposing function 2 has checked whether the API invoker is authorized to invoke that service API based on the authorization information.