Sim Swap

mock

Integrate real-time SIM card activation checks to enhance security and prevent fraud.

Anti-Fraud

Network API

Camara

Playground

Disclaimer

This Network APIs Playground - SimSwap API is a mocked version of the production-grade CAMARA - SimSwap API. To use this API, subscribe to Network APIs Playground

This playground version provides responses for:

predefined phone numbers associated with the unassigned country code +990 (e.g +99012345678)
user-defined phone numbers added using the Network APIs Playground - Admin

Introduction

The CAMARA SimSwap API performs real-time checks on the activation date of a SIM card on the Orange mobile network. It reveals if an individual mobile line has been ported to another SIM card.

API Authentication

Note

The SimSwap API requires 3-Legged OAuth 2.0 in production. While all auth flows are available in Playground mode, this document covers only the simplified 2-Legged flow (Playground-exclusive) for learning and testing purposes.

HTTPS requests to the REST API are protected with 2-Legged OAuth. To learn more about how Orange Developer handles authentication, please refer to our documentation.

In short, you will use your Orange Developer Authorization header as authorization_header for the Basic authentication with Orange Developer.

You get the Authorization header credentials when you register your application on the Orange Developer Console.

curl -X POST \
-H "Authorization: {{ authorization_header }}" \
-d "grant_type=client_credentials" \
https://api.orange.com/openidconnect/playground/v1.0/token

In response, you will get an access_token.

{
  "token_type": "Bearer",
  "access_token": "66AeYJF8eJQ...2SjkFg9LB1LePC",
  "expires_in": 3600
}

API Description

Summary of resources

This API has two resource check and retrieve-date

Summary of methods and URL

Use case of operation	URL method
I want to check if the mobile line (identified with a phone number) has changed sim from now -(max-age) to now.	POST "https://api.orange.com/camara/playground/api/sim-swap/v1/check
I want to get last sim swap date for a mobile line (identified with a phone number).	POST "https://api.orange.com/camara/playground/api/sim-swap/v1/retrieve-date

Sim-Swap - Check

Summary of request body parameters

Name	Description	Type	Mandatory
phoneNumber	Subscriber number in E.164 format (starting with country code). Must be prefixed with '+'	string	Yes
maxAge	Defines the period to be checked; This period is from now - max_age to now. If 240 is passed, server will check if a sim swap was performed on this last during last 10 days (240 hours). if not valued, default value is 240.	integer	No

Request mobile sim swap check (from phone number)

Request

curl -X POST "https://api.orange.com/camara/playground/api/sim-swap/v1/check"
-H "Authorization: Bearer {your access token}"
-H "Cache-Control: no-cache"
-H 'accept: application/json'
-H 'Content-Type: application/json'
-d  '{
   "phoneNumber": "+33699901031",
   "maxAge": 240
}'

Response

200
Content-Type: application/json

{
  "swapped": false
}

Fields description

The response features only one attribute: swapped.

This attribute is boolean indicating if a sim swap has been done during the provided checking period.

Sim-Swap - Retrieve Date

Summary of request body parameters

Name	Description	Type	Mandatory
phoneNumber	Subscriber number in E.164 format (starting with country code). Must be prefixed with '+'	string	Yes

Request mobile sim swap retrieve date (from phone number)

Request

curl -X POST "https://api.orange.com/camara/playground/api/sim-swap/v1/retrieve-date"
-H "Authorization: Bearer {your access token}"
-H "Cache-Control: no-cache"
-H 'accept: application/json'
-H 'Content-Type: application/json'
-d  '{
   "phoneNumber": "+33699901031",
}'

Response

200
Content-Type: application/json

{
  "latestSimChange": "2024-12-03T08:30:00.000Z"
}

Fields description

The response features only one attribute: latestSimChange.

This attribute is date indicating when the new sim swap has been created.

Most frequent errors

If invalid or incomplete input are provided - in particular for the max_age (should between 1 to 2160) a 400 error is triggered.

HTTP/1.1 400 Error: bad Request
Content-Type: application/json
{
  "status": 400,
  "code": "INVALID_INPUT",
  "message": "[checkSimSwap.createCheckSimSwap.maxAge: must be less than or equal to 2400]"
}

If the phone number is not managed by Orange lab, error code 422 is retrieved.

HTTP/1.1 422 Error: Resource Not Found
Content-Type: application/json
{
  "status": 422,
  "code": "NOT_SUPPORTED",
  "message": "Service not supported for this phoneNumber"
}

There are some cases where your client application will no longer gain access to API resources, and get an error back.

Please check the following points:

Here, you attempt to use an expired or revoked access_token and you get an invalid token error. You will have to request a new access_token. As an example:

HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
  "code": "UNAUTHORIZED",
  "message": "Authorization failed: ..."
}

Here, you removed your subscription to the API so that the capability to generate an access_token is not allowed anymore. As an example:

HTTP/1.1 403 Forbidden
Content-Type: application/json
{
  "code": "FORBIDDEN",
  "message": "Operation not allowed: ..."
}

On this page

Introduction
API Authentication
API Description
- Summary of resources
- Summary of methods and URL
Sim-Swap - Check
- Summary of request body parameters
- Request mobile sim swap check (from phone number)
Sim-Swap - Retrieve Date
- Summary of request body parameters
- Request mobile sim swap retrieve date (from phone number)
Most frequent errors