API Overview | Vodafone Developer Marketplace

Sandbox

Identity
CAMARA

Available in

Number Verification 2.0 (CAMARA)

2.1.0-rc.1

Number Verification 2 is Vodafone’s next-generation authentication mechanism, designed to deliver a seamless, secure, and low-friction user experience.

It leverages operating system-level integration with the operator’s entitlement server and token-based API authentication to verify a user's mobile number, without requiring manual input or SMS delivery.

This API follows the CAMARA standard specification.

Try it out

Reduce friction in registration journeys with faster and seamless authentication
Prevent identity vulnerabilities and social engineering attacks by using secure OS-level token exchange
Improve user experience with silent authentication that works over both wi-fi and mobile data connections

API Information

Version	v2.1.0
Protocol	HTTPS
Sandbox URL	https://api-sandbox.vf-dmp.engineering.vodafone.com
Live URL	https://api.vf-dmp.engineering.vodafone.com

Version history	Release Date	Status	Description
2.1	September 2025	Sandbox Only	Number Verification 2.1 - Sandbox release.
2.1	March 2026	Live	Number Verification launch in UK, NL and DE.

How it works

Number Verification 2 integrates directly with the mobile operating system and the mobile network operator’s entitlement server to authenticate a user's phone number.
When an app or service initiates verification, it triggers a TS.43-compliant validation of the device’s SIM, which is confirmed by the operator’s backend in exchange for a temporary token. This token is then used in a secure API call to validate or share the mobile number associated with the device.
This method reduces friction, enhances security, and removes reliance on other methods of authentication, which can be unreliable or intercepted.

TS.43 Entitlement Server Integration

Before initiating the Number Verification API call, the solution integrates with the device operating system to capture user consent and authenticate with the operators entitlement server using the TS.43 protocol. This operating system integration ensures a seamless experience for the end customer and offers the following additional benefits:

No need to rely on header enrichment which is fragmented across the world (http vs https).
Works over wi-fi and in the browser.
Consent pop up that is natively captured by the operating system.
User doesn’t have to enter the phone number.

End-to-End Sequence

The following diagram shows a high-level sequence based on the Google Android implementation:

Temporary Token Generation (Client-Side) - The mobile device initiates a request to the entitlement server using the TS.43 protocol. This request is authenticated via EAP-AKA, confirming the device is on the Vodafone network. A temporary token is issued to the device, which is then passed to the app backend.
Token Exchange – The requesting app or service uses the temporary token as an authentication claim within a JWT bearer flow. Vodafone validates the token with the entitlement server and issues an operator access token.
Number Verification API Call - The backend calls the CAMARA Number Verification API (/number-verification/v2) using the operator token. Vodafone compares the information passed from the device SIM with the network-authenticated MSISDN and returns the result.

Partner Onboarding

For access to the service please contact the Vodafone Network API sales team to complete commercial onboarding.

To be technically onboarded to the service with Vodafone you are required to provide the following information:

Markets in which you intend to operate. This is required so your service can be activated with Android in the desired markets.
The IP address range for whitelisting. This is required as part of our secure connectivity.
SAN (Subject Alternative Name). This is a value that defines your Android app domain used in the TLS handshake with Google's infrastructure. For example: my.appdomain.com
Encryption Fingerprint. This is used to encrypt the request and response from the developers application using your service. For example: aadkhjasodiy3399a22fc2b11a462876sme8cb72b8f9fc537sdiosdofu764c589c7e

Activation Steps

Once the above information is provided, Vodafone will register your service with Android. As part of this step the SAN and Encryption Fingerprint will be shared with Android so it can be distributed to the devices in the specified markets.

Using the Service

The Vodafone team will create the credentials required as part of the secure authentication flow. You will need to register an account on developer.vodafone.com to retrieve the credentials, please see the Get Started guide for more information on this process.
Follow the technical specification to secure a connection and retrieve an authentication token. Please see the Additional Information page for details on the JWT flow and required inputs.
The Vodafone market PLMN ID is a required parameter on the authentication token. See the API specification for more details on provision of PLMN ID.
The following API operations are available:
- GET device-phone-number: secure retrieval of the active phone number.
- POST verify: verification of the active phone being used to access the end service.
- See the API specification for more details on these operations.

Number Verification 2.0 (CAMARA)

Number Verification 2.0 (CAMARA)

API Information

How it works

TS.43 Entitlement Server Integration

End-to-End Sequence

Partner Onboarding

Activation Steps

Using the Service

Vodafone Developer Portal