SimSwap OAS with 2 endpoints (check & get date) #7
Conversation
Fixed response code for check (200 instead of 201)
jlurien
left a comment
jlurien
left a comment
There was a problem hiding this comment.
Comments are mainly cosmetic and to align API look & feel with the recently approved guidelines. For your consideration:
- max_age may be optional as we are defining a defaut value. I don't have a strong opinion here. Optional may be easier to use for consumers but defining it as required make consumers more aware of the threshold.
- For security we are assuming both client credentials and three_legged. I think this covers uncertainty about privacy or consents implications. However, as scopes are per operation we have to place security under each operation
| url: https://github.com/camaraproject/ | ||
| security: | ||
| - oAuth2ClientCredentials: [] | ||
| - BasicAuth: [] |
There was a problem hiding this comment.
Securitization is being discussed transversely, but we are usually considering client credentials or three_legged in other APIs.
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Removed unused security schemes (BasicAuth & apiKey)
monamok
left a comment
monamok
left a comment
There was a problem hiding this comment.
I leave some comments as improvements. I also suggest to remove "Create" word from the descriptions as there's anything being created here. I understand that it's because they're POST operations so I leave it to you to decide.
Co-authored-by: Mona Mokhber <mona.mokhber@telefonica.com>
Co-authored-by: Mona Mokhber <mona.mokhber@telefonica.com>
Co-authored-by: Mona Mokhber <mona.mokhber@telefonica.com>
Co-authored-by: Mona Mokhber <mona.mokhber@telefonica.com>
Yes, this global security is overriden by the security at operation level, so as we are defining a security per operation this global one takes no effect. |
|
I just realized that "status" is missing in the errors. You might want to include it as well. |
Yes, that is indeed in the guidelines. I didn't comment on that on purpose as we are not currently adding it in other v0.x APIs, but it could be added as we will have to eventually add it. We can do it now or in a feature version @bigludo7 |
Removed security scheme at API level (as they are at operation level). Added Status for error.
bigludo7
left a comment
bigludo7
left a comment
There was a problem hiding this comment.
Remove security schemes
add status for error
|
@monamok @jlurien @bigludo7 @DT-DawidWroblewski I updated the OAS following your review. I let you take a final look. Thanks. |
jlurien
left a comment
jlurien
left a comment
There was a problem hiding this comment.
Just 2 minor suggestions and a couple of comments to keep in mind for future versions. Thank you so much for moving this forward and be so collaborative
| - code | ||
| - message | ||
| properties: | ||
| code: |
There was a problem hiding this comment.
For a v1.x I think we should define an enum with specific error codes for the identified logical errors, e.g SIM_SWAP.MSISDN_REQUIRED, etc, but as we have pressure to close this, we can leave it now as a generic string, as it is in other v0.x versions
There was a problem hiding this comment.
OK. Probably worth to be discussed in Commonalities.
We can probably raise a issue in commonalities to not forget this.
| description: Subscriber number in E.164 format (starting with country code). Optionally prefixed with '+'. | ||
| ErrorInfo: | ||
| type: object | ||
| required: |
There was a problem hiding this comment.
Not sure if status will be required in v1.x as well, but as it is not present in other v0.x APIs, let's leave it as optional for now.
There was a problem hiding this comment.
Same thinking on my side. I've checked QoD API for example and status is not there so my proposal is to have this attribute but optional for this release. Could be a topic for commonalities.
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
Co-authored-by: Jose Luis Urien <jlurien@gmail.com>
|
@DT-DawidWroblewski up to you for final review and merging if ok ! |
|
Hi @DT-DawidWroblewski |
monamok
left a comment
monamok
left a comment
There was a problem hiding this comment.
Just a small typo to fix and the rest looks good
Co-authored-by: Mona Mokhber <mona.mokhber@telefonica.com>
|
Hi @DT-DawidWroblewski |
|
@DT-DawidWroblewski Please comment on this PR or merge it otherwise, so we can have both approaches in main |
Hello,
Following Dec13th meeting, please see a proposal for a specific OAS definition pour simswap with 2 resources: retrieveSimSwapDate & checkSimSwap.
Thanks