Closed trehman-gsma closed 1 week ago
Hi @trehman-gsma Checking the API description, I think you are right and we should include a bit more information on how it is intended to work. Here in Spain, at least in Telefónica, we have a requirement to provide the idDocument along with the phoneNumber to be able to validate the rest of the properties. It is something that doesn't happen for example in Germany. So the idea is that, if your country requires the use of the idDocument as a "second level" authorization, and you don't provide it, the error is returned.
Thanks @fernandopradocabrillo! Please could you confirm if my understanding is correct:
phoneNumber
in all requests. idDocument
may be required as a "second level" authorization field. In these implementations, it is mandatory to include idDocument
in the request body (as well as 3 legged access token / phoneNumber).
Problem description Could you help to clarify which fields in the request body are meant to be used for identification purposes vs match purposes?
I had assumed that the access token or the
phoneNumber
field would be used to identify the mobile phone user (especially sincephoneNumber
does not have a corresponding match field in the response). However the following error implies thatidDocument
could also be used:Possible evolution Additional documentation to clarify the fields in the request that can be used to identify the mobile user. Or restructuring the request body to have an identity parent object and a parent match object.
cc @MsOlaAjibola @mbailadorpollo @pablosanuy