Insight: How the New CAPPORT API Changes the Wi-Fi Captive Portal User Experience

By GlobalReach Technology’s Chief Security Officer, Dr Chris Spencer.

Something important happened in the world of Wi-Fi captive portals earlier this month. In fact, the dedicated Internet Engineering Task Force (IETF) CAPPORT working group has now closed because its work has been completed with the ratification of the CAPPORT API, RFC7710, and RFC8952 (the new captive portal standards).

This new captive portal API gives Wi-Fi access points a reliable way to ‘advertise’ themselves as captive portals, making it easier for users to find information including their session and venue information, and to maintain a connection with the service provider or brand. It’s based on IETF specifications that describe how these networks should be set up in order to be identified.

Android 11 Beta 2 was the first operating system to use this new captive portal API back in the summer. Apple has now also confirmed that iOS14 and macOS Big Sur will adopt this standard and although not generally available, the API ratification signals the start of adoption across all the major operating systems.

If you run a captive Wi-Fi network, or if you build captive network solutions, it’s important to start updating to this new standard.

Why is the CAPPORT API needed?

Logging on to public Wi-Fi in a coffee shop or shopping centre using a captive portal is a familiar process. But problems can start as we try to get online, or if the captive portal fails to load. The experience is also far from smooth if we want to return to the login page at a later time, find the website to use to reaccept T&Cs, backtrack and find the venue’s original portal page to check our data allowance, or change services.

For the cafe, train operator, stadium or retailer operating the Wi-Fi service, this can damage the user experience, and is a barrier to communicating with customers who are on-site using the venue’s branded Wi-Fi service. 

Behind these problems is the way that captive portals have traditionally intercepted the user authentication request and redirected it to a login web page.  When these HTTPS requests are accepted they can result in a client error. We’ve all been on the receiving end of those frustrating security and privacy alerts telling us to return to a ‘safe’ network. When we want to get online, this is a frustrating problem and can damage the brand experience.

The good news if you’re providing guest Wi-Fi is that this new API makes the user journey smoother and more consistent.

What does the CAPPORT API change?

When a user authenticates, the new API provides their device with an address via Dynamic Host Configuration Protocol (DHCP). This allows the network to advertise that it is ‘captive’ , instead of the previous traffic interception process.  

This triggers the device to query the captive portal URL and provide a true or false response. If true, the correct URL loads. If false, the user is sent directly to the internet.  

What is Venue URL?

When the user connects (either manually by selecting the SSID or automatically on Passpoint-enabled networks) they’ll see an on-screen message like a text alert. The user doesn’t need to do anything and can easily swipe this away.  

So what’s the benefit?

So long as the user is connected to the venue’s Wi-Fi service, the message remains on their lock screen and message history, making it much easier to find the venue’s captive portal. Previously, once users went past the captive portal there was no way to return. 

Imagine a real-life use case on an airplane where seatback screens are being removed in favour of passengers using their own devices. This new ‘Venue URL’ makes it much easier for users to locate the home page, search the internet or choose a new movie to watch. 

Cue warm and fuzzy feelings about the Wi-Fi service provider, and a more pleasant flight.

If you’re a public Wi-Fi service provider or venue, this has created a new high-value way to engage with users.  The one-time message is controlled at the network level and protects the user experience, stopping the type of spam that can happen with text marketing. Venues determine the page that users are sent to, and have complete control over the page content. Depending on the type of venue, the possibilities, are endless. 

Alongside Wi-Fi session information, a retailer could use this page to deliver offers and local promotions. The page can point to safety advice such as first aid or water points at a festival or large outdoor event.  For smart city networks that we know are used by, among others, homeless residents, the page can direct them to public services and advice.

While encouraging venues to update their Wi-Fi services to the new standard to advertise their captive portals, Android and Apple are watching to see how the new feature is used. It’s not outside the bounds of possibility that they may allow networks more control over message content in the future.  

GlobalReach Technology is an expert in building public Wi-Fi services and can help you to build your user experience using our Wi-Fi management platform. Talk to our team who can advise on captive portal best practices, including CAPPORT implementation.