About Fast Login API

Fast Login is basically an extended type of Outh 2.0
but it differentiates a bit from RFC 6749 which you can find in:

  • Service Provider calls 3 end-points to achieve Fast Login Login
  • authentication
    • authenticate user via GSM number
    • produce authentication-code
    • client2server
    • directly opened Fast Login authentication url via web browser
  • token
    • authenticate Service Provider with client/secret and authentication code
    • consumes authentication-code and produce token
    • server2server
    • IP restricted on Fast Login
    • You should provide your server dns info to access it
  • userInfo
    • gives user attributes
    • PCR (Pseudonymous Customer Reference):
      • The PCR is a unique id that always represents a specific user
      • public profile: always share with Service Provider
      • Service Provider has to use PCR to relate Fast Login and its own Subcription System.
    • phone_number
    • e-mail (verified or unverified)
    • name and family name
  • Service Provider must provide a service to get authentication codes after called authentication end-point called "redirect uri"
    • "redirect uri" called by client browser by http redirect (http 302)
    • after authentication done Fast Login redirects the client browser to Service Provider redirect uri
  • Fast Login endpoints start with:
  • You can find more details on GSMA Mobile Connect Developer Portal:

1.1 Fast Login info and extra documents on GSMA

Service Providers can get the required integration (for Discovery API platform & Turkcell Fast Login platform) documents from the below link (CPAS05 doc.);