Exploring OpenCAPIF Release 3

July 18, 2025

New release is out! OpenCAPIF 3.0.0, is now available in the ETSI Labs!

Upgraded from technical specifications 3GPP Common API Framework Release 18 (TS 23.222, TS 29.222, TS 33.122) and the YAML templates available in 3GPP Forge, OpenCAPIF’s third major release introduces significant updates, enhancements and new features aimed at providing a more robust, secure, and efficient API management platform. Let’s jump into the exciting new features and improvements of OpenCAPIF 3.0.0!

New Features and Improvements

Event Filters

According to 3GPP technical specifications over Common API Framework, Event Filter logic is introduced on Event Subscription process. Now, according to event subscribed, the entity can filter notifications by apiId, aefId or invokerId. Check Event Filter Section at documentation for more information.

NOTE: To allow Event filter feature, Enhanced Event Report feature of Supported Features on event subscription must be active.

Event Reporting Information

This feature gives more flexibility to configure event notifications over event subscription. As example, now you can configure events to notify periodicly, set maximum number of notifications to receive or subscription expiration time.

More information can be found on the Event Reporting section of the documentation.

Dynamic configuration

This release includes dynamic configurations for Register and Helper service.

This enables the configuration of parameters inside both services such as expiration time of certificated requested or precedence of security methods to be selected by CAPIF Core Function (CCF).

In order to interact with this configurations, Register and Helper service include new endpoints. All information on these new endpoints and how this dynamic configuration works can be checked in the Dynamic Configuration section and in definitions of Helper Swagger and Register Swagger

Also this new functionality will open the possibility of developing some new features and requirements present on 3GPP specification, like trustedDomains on next releases.

Security Method PKI

The logic of Security API GET service (/trustedInvokers/{apiIncokerId}) is updated. Now, it checks securityMethod selected and according to that, inserts on authenticationInfo and authorizedInfo attributes the needed information PKI Flow

Security Method PSK

PSK security method implemented. Now, when selected as the security method, CAPIF will create the key needed to consume APIs. For more information, see PSK Flow.

Testing

Tests are improved in order to support new features and changes over logic. New Event Filter test suite created and some other deprecated scenarios are removed from testing plan.

Technical Debt Solved

  • Upgrade Gunicorn: Migration of gunicorn from version 22 to 23, due to some vulnerabilities detected. All OpenCAPIF APIs (including “register” and “helper”) were upgraded.
  • Hardening on startup scripts for services interacting with Vault: The startup scripts of the Invoker Management Service, Provider Management Service, and Security Service have been improved to ensure reliability when the Vault service takes longer to become ready. This will also help on the restart issue on k8s deployment.
  • SupportedFeatures Negotiation: All OpenCAPIF services now include a common procedure to negotiatate and define the supported features on each service API.
  • Upgraded services version to 18.7.0: OpenCAPIF services have been upgraded from version 18.4.0 to version 18.7.0 following 3GPP TS 29.222.
  • New PATCH method on Invoker Management Service: Now you can modify parameters of invoker entity without a complete update.

SDK

SDK, introduced on previous release, is updated to support new logic. You can find further information on our OpenCAPIF Documentation and also in SDK repository.

Documentation Improvements

New sections are added on documentation in order to give detailed information to all users. The sections created are the following:

Test plan

Test plan documentation was reviewed, updated and improved. There are new tests for API Status, Event Filter, Vendor Extensibility and Security Service.

How to Run OpenCAPIF Version 3.0.0

To deploy and test OpenCAPIF 3.0.0, clone our public repository, switch to the v3.0.0-release tag, or download the source-code archive here.

After obtaining the code, refer to the “How To Run” section in the documentation and the “Testing” section for instructions on using Postman or Robot Framework.

Fot hose who would like to experiment even more quickly and over a public instance of the latest OpenCAPIF release, we have made available a public sandbox. Check how to request access in the OpenCAPIF Sandbox documentation section.

Learn More

For further information, please consult the following links: