Sign in Subscribe

CAPIF in 5G Explained: Architecture, Core Functions, and Interfaces in the Common API Framework

Last updated on 
CAPIF in 5G Explained: Architecture, Core Functions, and Interfaces in the Common API Framework
CAPIF in 5G Explained: Architecture, Core Functions, and Interfaces in the Common API Framework
5G & 6G Prime Membership Telecom

What Is CAPIF (Common API Framework)?

CAPIF stands for Common API Framework—a framework defined by 3GPP that provides a consistent way to:

Securely expose network APIs.

Handle API access, authorization, and discovery.

Foster collaboration between those providing APIs and those using them.

It serves as a governance and security layer that ensures all interactions between an API Invoker (like an app or service) and a network-exposed API are carried out through established and trusted methods.

Key Goals of CAPIF

Standardize how APIs are exposed across various vendors and networks.

Facilitate cross-domain interoperability for telecom services.

Ensure authentication, authorization, and auditing for every API transaction.

Make API discovery and subscription easier for developers and service providers.

CAPIF Architectural Overview

The diagram shows the CAPIF architecture operating within the PLMN Trust Domain. It has three main parts:

API Invoker

CAPIF Core Function

API Provider Domain

These parts connect through standardized CAPIF reference points (CAPIF-1 to CAPIF-5). Let’s dive into each one.

CAPIF Components Explained

a) API Invoker

This represents an application, service, or third-party system that uses APIs.

It might be an application function (AF), a third-party developer, or another network function.

It connects to CAPIF via CAPIF-1, CAPIF-1e, or CAPIF-2e interfaces.

Its role includes registering, discovering, and invoking APIs published by the CAPIF Core.

b) CAPIF Core Function

This is the central hub of the CAPIF framework, highlighted in red in the diagram. It provides core CAPIF APIs and takes care of:

Registering and authenticating API invokers (through CAPIF-1).

Discovering APIs and controlling access.

Tracking API usage and sending notifications for events.

Making available APIs visible to authorized invokers.

Basically, it acts like a broker between API providers and invokers—ensuring trust, enforcing policies, and managing visibility throughout the ecosystem.

c) API Provider Domain

On the right side of the diagram, this domain includes several API management functions grouped under Service APIs. These functions expose the actual network or service APIs (like Network Slice Management and Edge Computing APIs) through CAPIF.

The API Provider Domain consists of:

API Exposing Function: Manages API publication, registration, and exposure.

API Publishing Function: Publishes APIs to CAPIF Core for discovery.

API Management Function: Takes care of API versions, usage policies, and lifecycle.

CAPIF Reference Points (Interfaces)

The CAPIF architecture lays out five standardized interfaces (CAPIF-1 to CAPIF-5), each designed for a specific role. The diagram helps illustrate how these interfaces connect the API Invoker, CAPIF Core Function, and API Provider Domain.

Reference Point Interface DescriptionDirectionPurposeCAPIF-1Between API Invoker and CAPIF Core Invoker → Core Registration, authentication, authorizationCAPIF-1eExtended version of CAPIF-1Invoker → Core Used for enhanced API access (external invokers)CAPIF-2Between API Invoker and API Provider Domain Invoker → Provider Direct API invocation through CAPIF Core authorizationCAPIF-2eExtended version of CAPIF-2Invoker → Provider For APIs exposed to external domainsCAPIF-3Between CAPIF Core and API Exposing Function Core ↔ Provider API exposure managementCAPIF-4Between CAPIF Core and API Publishing Function Core ↔ Provider API publishing and registrationCAPIF-5Between CAPIF Core and API Management Function Core ↔ Provider API life cycle, analytics, and monitoring

These interfaces work together to ensure consistent and secure communication in the 5G service ecosystem.

The PLMN Trust Domain

In the diagram, the entire CAPIF structure operates within the PLMN (Public Land Mobile Network) Trust Domain—a secure environment run by the operator.

Inside this domain:

Both API Invokers and API Providers need to be authenticated and authorized.

The CAPIF Core Function enforces access control and auditing for all API activities.

This ensures only trusted entities can publish or consume APIs, which aligns with 5G security standards (3GPP TS 33.122).

How CAPIF Enhances 5G Network Exposure

CAPIF is a key player in making 5G more open and innovative. By standardizing how APIs are exposed, it helps network operators offer new services while keeping security and governance intact.

Key Benefits

Unified Framework: Streamlines API integration across different vendors and networks.

Security and Compliance: Centralized authentication and authorization mechanisms.

Scalability: Supports a large number of APIs across different domains.

Developer Ecosystem: Encourages third-party innovation through safe exposure.

Visibility and Control: Operators can monitor API usage and enforce policies from a central point.

Basically, CAPIF transforms the telecom network into a service platform that allows developers to create applications utilizing network intelligence and capabilities.

Example Use Case: Network Slice Management via CAPIF

Think of a company that wants to manage its dedicated 5G network slice.

The enterprise app acts as an API Invoker.

It registers with the CAPIF Core Function (using CAPIF-1).

The CAPIF Core checks the invoker’s credentials and grants access to the Network Slice Management API located in the API Provider Domain.

The app then invokes the API (using CAPIF-2), allowing for real-time monitoring and configuration of the slice.

This process ensures security, accountability, and traceability, in line with operator governance.

CAPIF Security and Trust Management

Security is a crucial part of the CAPIF design. The framework supports:

Mutual TLS Authentication for all interfaces.

OAuth 2.0 and JWT-based token exchange for authorization.

Audit Logging and Non-repudiation to make sure every transaction can be traced.

Policy Enforcement at the CAPIF Core level to regulate access based on roles and service agreements.

This allows operators to expose APIs confidently while protecting sensitive network functions.

Integration with Network Exposure Function (NEF)

In the 5G Core, the Network Exposure Function (NEF) often acts as the API Provider for various network capabilities (like QoS and session data). CAPIF and NEF work together, providing a common interface framework that standardizes exposure not just for core functions, but also for edge and application-level APIs.

Through CAPIF:

NEF APIs are published to CAPIF Core (using CAPIF-4).

Authorized applications discover and invoke these APIs securely (via CAPIF-1 and CAPIF-2).

This collaboration ensures consistent exposure policies throughout all network domains.

Future of CAPIF in 5G and Beyond

As 5G moves into 6G and network-as-a-service (NaaS) concepts, CAPIF will be essential in:

Enabling cross-operator API federation.

Supporting multi-domain service orchestration.

Integrating with AI/ML-driven API management for smarter governance.

The 3GPP is continuously refining CAPIF specifications to support open network programmability across both telecom and enterprise environments.

Conclusion

The Common API Framework (CAPIF) is fundamental to 5G network programmability—connecting telecom infrastructure with open innovation. As shown in the diagram, CAPIF facilitates seamless interaction among API Invokers, CAPIF Core Functions, and API Provider Domains through well-defined interfaces (CAPIF-1 to CAPIF-5).

By enabling secure, scalable, and standardized API exposure, CAPIF allows operators to safely open their networks to developers and partners—fueling innovation, automation, and new revenue opportunities in the 5G landscape.