Description
The Service Capability Exposure Function (SCEF) is a pivotal network element defined from 3GPP Release 13 onwards, specifically architected to support Cellular Internet of Things (CIoT) and Machine-Type Communication (MTC). It resides in the core network, typically within the Service-Based Architecture (SBA) of the 5G Core, though it was initially introduced for the Evolved Packet Core (EPC). The SCEF's primary role is to act as a secure northbound API gateway, abstracting and exposing a defined set of network capabilities to external Application Servers (AS) belonging to service providers or enterprises. It provides a standardized, RESTful API (based on HTTP/JSON) defined in 3GPP TS 29.122 (Nnef).
Architecturally, the SCEF interfaces internally with numerous core network functions. Key interfaces include the T6a interface to the MME (for non-IP device triggering and monitoring), the S6t interface to the HSS (for subscribing to subscriber data changes), and interfaces to the PCRF/PGW for policy and charging control. When an external AS needs to send a downlink message to a dormant IoT device (Device Triggering), it sends an HTTP request to the SCEF's API. The SCEF authenticates and authorizes the request, then uses the T6a interface to instruct the MME to page the device and establish a connection so the data can be delivered. Similarly, for monitoring, the AS can request to be notified when a device becomes available (reachability) or moves (location reporting), and the SCEF manages these subscriptions with the HSS and MME.
How it works involves several key components: an API Exposure Layer that handles the external REST API, a Security and Policy Enforcement function that validates AS credentials and applies access control policies, a Network Function Orchestrator that translates API requests into the appropriate legacy or SBA signaling messages (e.g., Diameter or HTTP/2), and a Subscription Manager that tracks active monitoring requests from ASes. Its role is to enable efficient, network-optimized IoT services. By centralizing exposure, it allows the network to offer valuable services like Non-IP Data Delivery (NIDD) over Control Plane, which is critical for low-power, infrequent data transmissions, while maintaining strict security, privacy, and network resource control. It is the cornerstone of the 3GPP's network exposure framework for IoT.
Purpose & Motivation
The SCEF was created to address specific challenges in the massive-scale deployment of IoT devices over cellular networks. Traditional cellular architectures were designed for human-centric, always-online communication with high data rates. IoT devices, in contrast, are often battery-powered, send very small amounts of data infrequently, and can remain dormant for long periods. The existing method of exposing capabilities—often through direct, bespoke integrations with the PGW or PCRF—was insecure, inefficient, and not scalable for millions of devices. There was no standardized, secure way for a third-party weather sensor service, for example, to request a network-triggered wake-up of its device or to check its connectivity status.
The limitations of previous approaches were clear: a lack of a unified exposure point led to security vulnerabilities, complex integration projects for each new service, and an inability to leverage network optimizations like Control Plane CIoT EPS optimization. The SCEF solves these problems by providing a single, standardized, and secure point of exposure. It abstracts the complex, signaling-intensive network procedures into simple API calls. This allows IoT service providers to easily build applications that interact with their devices without needing to understand Diameter, GTP, or other core network protocols.
Historically, its creation was motivated by the 3GPP's work on CIoT optimizations in Release 13. The SCEF, along with concepts like NIDD and User Plane CIoT EPS optimization, formed a complete package to make cellular networks viable for low-cost, low-power IoT. It enables new business models and services, such as predictive maintenance, smart metering, and asset tracking, by giving service providers controlled access to powerful network intelligence and device management capabilities, thereby transforming the cellular network into an IoT-enabling platform.
Detected Changes Across Releases
from 3GPP Change RequestsSpecific changes extracted from the „Change history“ tables of 3GPP specifications (139 CRs across 6 releases). Complements the general historical overview above with the evidence-based evolution of this function.
Studied in Rel-13, normative work from Rel-15.
In Release 15, the SCEF saw significant enhancements primarily focused on Non-IP Data Delivery (NIDD) procedures, including detailed specifications for its behavior in mobile-originated and mobile-terminated NIDD configuration, authorization, and delivery. The release also expanded northbound API (T8) interworking with the SCS/AS, introduced support for routing non-IP traffic to the SCEF, and added charging management for monitoring events. Furthermore, it completed the SCEF's foundational description and enabled network parameter configuration via the HSS's influence from the SCEF.
- Background Data Transfer Policy Activation via the SCEF TS 23.682CR0263
- Northbound APIs for SCEF - SCS/AS Interworking - Clause 1-3 enhancements TS 23.682CR0271
- Northbound APIs for SCEF - SCS/AS Interworking - Clause 4 enhancements TS 23.682CR0272
- Enabling the Routing of non-IP traffic between the UE and SCEF TS 23.682CR0277
- SCEF Behaviour in the NIDD Configuration and NIDD Authorisation Update Procedures TS 23.682CR0278
- SCEF Behaviour in the Mobile Terminated NIDD Procedure TS 23.682CR0279
+ 25 more changes
In Release 16, the SCEF's evolution focused on integrating with CAPIF for unified API exposure across EPS and 5GS, establishing support for third-party trust domains with charging, and enhancing capability indications for CIoT and RACS. Specific UE-related procedures were introduced, including the assignment, signaling, and management of a UE Radio Capability ID during mobility events like TAU and GUTI reallocation. Furthermore, the release enabled API capability changes based on filters and refined the architecture to support RACS and enhanced data capability indications within the EPS.
- Integrated CAPIF with 3GPP EPS and 5GS network exposure TS 23.222CR0021
- 3rd party trust domain with network exposure and charging aspects of 3GPP systems TS 23.222CR0062
- EPS exposure architecture supporting RACS TS 23.682CR0447
- N1 CIoT capability indication TS 24.301CR3181
- Signalling of UE support for RACS and of UE radio capability ID TS 24.301CR3242
- UE radio capability ID assignment by the network TS 24.301CR3243
+ 20 more changes
In Release 17, the SCEF saw enhancements focused on network slice capability management, including the introduction of a dedicated API for this purpose, and support for exposing services to an Edge Application Server via a Local NEF. Furthermore, specific northbound APIs were enabled to support redirection for pure 4G deployments, and clarifications were made for handling UE capabilities like E-UTRA and MUSIM within EPS.
- Network Slice Capability Management functional model TS 23.434CR0037
- Resolving the Editor's note related to supporting paging timing collision control as a capability for MUSIM in EPS TS 24.301CR3568
- Clarification of E-UTRA capability handling TS 24.301CR3545
- MUSIM capability negotiation in EPC TS 24.301CR3559
- Support of Network Exposure to EAS via Local NEF TS 29.122CR0428
- Network slice capability management API for SEAL TS 29.549CR0037
+ 17 more changes
In Release 18, the SCEF saw enhancements for service and location exposure, including updates for application detection event exposure and location exposure for Ranging_SL procedures. The release also introduced explicit support for exposing EAS service APIs via CAPIF integration. Furthermore, specific network capability management features, such as support for network slice capability management, were expanded.
- Adding a CAPIF deployment for exposure of EAS Service APIs TS 23.558CR0158
- Explaining usage of EES’s capability exposure by EEC TS 23.558CR0230
- Updating clause 4.5 to also indicate EES Capability Exposure to EEC TS 23.558CR0266
- Indicating the capability of supporting SDNAEPC during the PDN connectivity procedure TS 24.301CR3851
- Capability negotiation for enhanced discontinuous coverage - EPS TS 24.301CR3920
- Support of BAT window and capability for BAT adaptation TS 29.122CR0658
+ 17 more changes
In Release 19, the SCEF was enhanced with new exposure capabilities including slice-based service APIs, value-added UE location information, and energy-related information with specific thresholds and reporting periods. It also introduced support for exposing user sensitive information, available data rates, and RAT types for PDU Sessions. Furthermore, the release added procedures for XR Application Client Capability requests and provided enhancements for QoS monitoring related to available bitrate.
- Slice-based service API exposure TS 23.222CR0131
- Exposure of User Sensitive Information TS 23.222CR0228
- XR Application Client Capability Information Request Procedure TS 23.433CR0111
- Exposure of value-added UE location information TS 23.434CR0311
- Capability Exposure via CES TS 23.558CR0717
- Capability negotiation for CP CIoT EPS optimization with overhead reduction TS 24.301CR4491
+ 29 more changes
In Release 20, the enhancements for the Service Capability Exposure Function (SCEF) introduced a reference architecture for API exposure. This update specifically focused on allowing trusted third parties to provide their own encryption algorithms for intra-slice communications via a network operator customization capability, addressing privacy and efficiency requirements beyond standard 3GPP security. These changes were formalized within the network capability exposure clauses of the relevant specifications.
- API exposure Reference architecture TS 23.700CR0003
Explore further
Broader topics and technologies where SCEF plays a role.
Defining Specifications
3GPP specifications that define or reference SCEF, with the latest known release. Sourced from the 3GPP document catalog — see methodology.
| Specification | Title | Release |
|---|---|---|
| TS 22.830 vg10 | Business Role Models for Network Slicing | Rel-16 |
| TS 23.203 vj20 | Policy and charging control architecture | Rel-19 |
| TS 23.222 vj80 | Common API Framework for 3GPP Northbound APIs | Rel-19 |
| TS 23.286 vj00 | V2X Application Enabler Architecture | Rel-19 |
| TS 23.433 vk00 | SEAL Data Delivery (SEALDD) for Verticals | Rel-20 |
| TS 23.434 vk00 | Service Enabler Architecture for Verticals | Rel-20 |
| TS 23.554 vj70 | MSGin5G Service Application Architecture | Rel-19 |
| TS 23.558 vk00 | Architecture for Edge Applications | Rel-20 |
| TS 23.682 vj30 | 3GPP TS 23682: MTC Architecture Enhancements | Rel-19 |
| TS 23.700 vk00 | XR Services Application Enablement Layer | Rel-20 |
| TS 23.722 vf10 | Common API Framework (CAPIF) for 3GPP Northbound APIs | Rel-15 |
| TR 23.745 vh00 | Study on App Layer Support for Factories of the Future in 5G | Rel-17 |
| TR 23.758 vh00 | Study on Edge Application Architecture | Rel-17 |
| TS 24.301 vj60 | NAS protocol for Evolved Packet System | Rel-19 |
| TS 24.538 vj30 | MSGin5G Service Protocol Specification | Rel-19 |
| TS 24.542 vj00 | SEAL Notification Management Protocol | Rel-19 |
| TS 24.545 vj40 | SEAL Location Management Protocol Specification | Rel-19 |
| TS 24.560 vj00 | AIML Enablement (AIMLE) Services Stage 3 Protocol | Rel-19 |
| TS 26.348 vj00 | xMB Interface Specification | Rel-19 |
| TR 28.816 vh00 | Charging for 5G Cellular IoT | Rel-17 |
| TS 28.849 vj10 | CAPIF Phase2 Charging Study | Rel-19 |
| TS 29.061 vj00 | Packet Domain Interworking for PLMN | Rel-19 |
| TS 29.122 vj40 | T8 Reference Point for Northbound APIs | Rel-19 |
| TS 29.128 vj10 | MME/SGSN-SCEF Diameter Interfaces for PDN Interworking | Rel-19 |
| TS 29.153 vj00 | Ns Reference Point Protocol between SCEF and RCAF | Rel-19 |
| TS 29.154 vj00 | Nt Reference Point Protocol | Rel-19 |
| TS 29.212 vj00 | Gx/Gxx/Sd/St Diameter Protocol | Rel-19 |
| TS 29.213 vj20 | PCC Signalling Flows and QoS Mapping | Rel-19 |
| TS 29.214 vj20 | Policy and Charging Control over Rx | Rel-19 |
| TS 29.222 vj40 | Common API Framework (CAPIF) for 3GPP Northbound APIs | Rel-19 |
| TS 29.250 vj00 | Nu Reference Point Stage 3 Specification | Rel-19 |
| TS 29.251 vj00 | Gw/Gwn Reference Points Stage 3 Specification | Rel-19 |
| TS 29.272 vj40 | Diameter Interfaces for MME/SGSN | Rel-19 |
| TS 29.336 vj10 | HSS Diameter Interfaces for PDN Interworking | Rel-19 |
| TS 29.522 vj40 | 5G NEF Northbound APIs Stage 3 | Rel-19 |
| TS 29.549 vj40 | SEAL API Specification for Vertical Applications | Rel-19 |
| TS 29.558 vj40 | Enabling Edge Applications | Rel-19 |
| TS 32.240 vj40 | Charging Management Architecture & Principles | Rel-19 |
| TS 32.253 vj00 | Charging for Control Plane Data Transfer | Rel-19 |
| TS 32.254 vj21 | Charging for Northbound APIs | Rel-19 |
| TS 32.278 vj00 | Monitoring Events Offline Charging Specification | Rel-19 |
| TS 32.299 vj00 | Diameter Charging Applications for 3GPP | Rel-19 |
| TS 33.108 vj00 | LI Handover Interface Specification | Rel-19 |
| TS 33.127 vj50 | Lawful Interception Architecture and Functions | Rel-19 |
| TS 33.187 vj00 | Security for Machine-Type Communications Enhancements | Rel-19 |