API Overview Resources Schemas

Phone number verify

API operation to verify a phone number received as input. It can be received either in plain text or hashed format.

Verifies if the received hashed/plain text phone number matches the phone number associated with the access token

Verifies if the specified phone number (either in plain text or hashed format) matches the one that the user is currently using. Only one of the plain or hashed formats must be provided. - The number verification will be done for the user that has authenticated via mobile network - It returns true/false depending on if the hashed phone number received as input matches the authenticated user's `device phone number` associated to the access token

POST /number-verification/v1/verify

Parameters

Name	In	Type	Required	Description
Authorization	header	string	true	Bearer ‘token’
body	body	NumberVerificationRequestBody	true	‘none’

Request body - instance of NumberVerificationRequestBody

1
2
3


{
  "phoneNumber": "+346661113334"
}

Name	Type	Required	Description
phoneNumber	PhoneNumber	false	A public identifier addressing a telephone subscription. In mobile networks it corresponds to the MSISDN (Mobile Station International Subscriber Directory Number). In order to be globally unique it has to be formatted in international format, according to E.164 standard, prefixed with ‘+’.
hashedPhoneNumber	string	false	Hashed phone number. SHA-256 (in hexadecimal representation) of the mobile phone number in E.164 format (starting with country code). Prefixed with ‘+’.

Request example

1
2
3
4
5
6
7
8
9



curl -X POST https://apimanager-opengateway.sta.k8s.masmovil.com/number-verification/v1/verify \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -H "Authorization: string" \
 --data-raw "{
  'phoneNumber': '+346661113334'
}" 

Responses

Code	Meaning	Description	Schema
200	OK	OK	NumberVerificationMatchResponse
400	Bad Request	Problem with the client request	ErrorInfo
401	Unauthorized	Unauthorized	ErrorInfo
403	Forbidden	Client does not have sufficient permission.
In addition to regular scenario of `PERMISSION_DENIED`, other scenarios may exist:

Client authentication was not via mobile network. In order to check the authentication method, AMR parameter value in the 3-legged user’s access token can be used and make sure that the authentication was not either by SMS+OTP nor username/password ({"code": "NUMBER_VERIFICATION.USER_NOT_AUTHENTICATED_BY_MOBILE_NETWORK","message": "Client must authenticate via the mobile network to use this service"})
Phone number cannot be deducted from access token context.({"code": "INVALID_TOKEN_CONTEXT","message": "Phone number cannot be deducted from access token context"})|ErrorInfo|
|500|Internal Server Error|Server error|ErrorInfo|
|503|Service Unavailable|Service unavailable. Typically the server is down.|ErrorInfo|
|504|Gateway Time-out|Request time exceeded. If it happens repeatedly, consider reducing the request complexity|ErrorInfo|

Endpoints

Phone number verify

Sim Swap

Device Swap

KYC Match

Authentication