1. Introduction

This document compiles the responses generated by the Sandbox in mock mode, simulating the expected system behavior in a controlled test environment.
Below, we specify the simulated responses that can be received using the Sandbox in mock mode:

Error 400 (Bad Request)

Common causes:

Missing required parameters.

Incorrect value formats.

Invalid values according to system rules.

Examples of specific errors:

Malformed phone number → "Invalid login_hint value"

Incorrect login_hint type → "Invalid login_hint type"

Missing or invalid scope → "Invalid purpose" / "Missing purpose"

Missing or invalid grant_type → "Missing grant_type" / "Invalid grant_type"

Missing auth_req_id → "Missing auth_req_id"

Missing client_id → "Missing app’s client_id"

Missing or invalid response_type → "Missing response_type" / "Invalid response_type"

Incorrect or missing redirect_uri → "Invalid redirect_uri" / "Missing redirect_uri"

Missing access_token → "Missing access token"

Missing sessionId → "Missing session Id"

Missing or invalid device identifier → "Missing device identifier" / "Invalid device identifier"

Missing or invalid latitude, longitude, or accuracy → "Missing latitude, longitude and/or accuracy" / "Invalid latitude, longitude and/or accuracy"

Invalid maxAge → "Invalid maxAge value"

Invalid request parameters or incorrect parameter combinations → "Invalid combination of parameters"

Error 401 (Unauthorized)

Common causes:

Incorrect or missing credentials.

Invalid access token.

Examples of specific errors:

Invalid credentials → "Invalid credentials"

Missing credentials → "Missing credentials"

Invalid token in authentication → "Invalid access token"

Client not authenticated → "Invalid token, client not authenticated"

Error 403 (Forbidden)

Common causes:

The user does not have permission to perform the action.

Additional authentication is required.

Incorrect value that does not meet the required permissions.

Examples of specific errors:

Invalid auth_req_id → "Invalid auth_req_id"

auth_req_id pending user consent → "Pending end-user consent, to be gathered out-of-band"

Invalid code (if it starts with "invalid") → "Invalid authorization code"

Invalid access_token (mobile authentication required) → "Client must authenticate via the mobile network"

Client must authenticate using a valid flow (CIBA or Auth Code) → "Client must authenticate via a valid authorization flow: CIBA or Auth Code"

Phone number does not match the token → "Phone number does not match the token"

Error 404 (Not Found)

Common causes:

The requested resource does not exist.

The provided identifier is not found in the database.

Examples of specific errors:

Unrecognized phone number → "Phone number matches no line from the Mock operator"

Nonexistent sessionId (ends in 00) → "Session Id does not exist"

Device not found (ueId ends in 4) → "User equipment not found"

Device not found within the specified time (maxAge > 14400) → "Device not found in the specified time"

Error 409 (Conflict)

Common causes:

Conflict with a previous request or an already existing resource.

Examples of specific errors:

Session conflict (ueId ends in 9) → "Another session is created for the same UE"

Phone number already has an active request (ends in 9 in Retrieve Date) → "Another request is created for the same MSISDN"

Maximum number of devices with non-default QoS reached → "Exceeded the maximum quantity of devices with non-default QoS behaviour"

Device RSSI below the allowed threshold → "RSSI from device is below allowed threshold"

Requested QoS is higher than the maximum allowed → "Requested QoS is higher than the maximum QoS allowed"

Device occupancy above the allowed threshold → "The occupancy is above the allowed threshold"

Device is not connected to the required interface → "Device is not connected to the required interface"

Device QoS is already set to default → "Device QoS is already set to default value"

Successful responses (200, 201, 204)

200 (OK) → The request was successfully processed and returns data.
Example: "devicePhoneNumberVerified: true/false" based on the number’s last digits.
Example: "latestSimChange": "YYYY-MM-DDTHH:MM:SS.sssZ" (date of the last SIM change).

201 (Created) → A resource was successfully created.
Example: Session creation with a response including "startedAt" and "expiresAt".

204 (No Content) → The request was successfully processed but returns no content.
Example: Successful session deletion.

Frequently Asked Questions

When is my API call or authentication endpoint request routed to a real operator, and when is it answered in mock mode?

Since this is a test environment with no contractual linkage, and for privacy reasons, you can only make API calls for your own mobile lines, which you must register in the Sandbox on your list of lines. If your call is authenticated with a line in your list, it will be routed to its real operator. Otherwise, it will be routed to our simulated operator to obtain mock responses.

Keep this in mind when registering your app. You must select production mode to make calls to your operator with the lines from your list.