Skip to content

Commit

Permalink
Update number-recycling.yaml for adding a phone number description an…
Browse files Browse the repository at this point in the history 
…d changing 'phoneNumber' as optional parameter.
  • Loading branch information
@yamamoto0104
yamamoto0104 authored Oct 23, 2024
1 parent 860a535 commit d069b54
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion code/API_definitions/number-recycling.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,20 @@ info:
It is important to remark that in cases where personal user data is processed by the API, and users can exercise their rights through mechanisms such as opt-in and/or opt-out, the use of 3-legged access tokens becomes mandatory. This measure ensures that the API remains in strict compliance with user privacy preferences and regulatory obligations, upholding the principles of transparency and user-centric data control.
# Identifying a phone number from the access token
This specification defines the `phoneNumber` field as optional in API requests, specifically in cases where the API is accessed using a 3-legged access token, and the phone number can be uniquely identified by the token. This approach simplifies API usage for API consumers by relying on the information associated with the access token used to invoke the API.
## Handling of phone number information:
### Optional `phoneNumber` field for 3-legged tokens:
- When using a 3-legged access token, the phone number associated with the access token must be considered as the phone number for the API request. This means that the `phoneNumber` field is not required in the request, and if included it must identify the same phone number, therefore **it is recommended NOT to include it in these scenarios** to simplify the API usage and avoid additional validations.
### Restrictions for tokens without an associated authenticated phone number:
For scenarios which do not have a phone number associated to the token during the authentication flow, e.g. 2-legged access tokens, the `phoneNumber` field MUST be provided in the API request. This ensures that the phone number is explicit and valid for each API call made with these tokens.
version: wip
x-camara-commonalities: 0.4.0
license:
Expand Down Expand Up @@ -84,7 +98,6 @@ components:
CreateCheckNumRecycling:
type: object
required:
- phoneNumber
- specifiedDate
properties:
phoneNumber:
Expand Down

0 comments on commit d069b54

Please sign in to comment.