Stay organized with collections
Save and categorize content based on your preferences.
According to the WInnForum requirements, certain CBSDs require that a Certified Professional
Installer (CPI) validates the installation parameters before they are sent to the SAS.
Figure 1. CPI identity validation flow
In the SAS Portal API, we need to validate that a given user has a valid CPI certification before
they can call the
SignDevice()
method. We achieve this with the following two-step validation method:
A user with the role_cpi role calls the
GenerateSecret()
method, which returns a secret.
The user signs the secret with their private key and uses the
ValidateInstaller()
method to send the encoded version back as a
JWT, along with their CPI ID and
the original secret. For more details about token creation, see
JSON Web Token format.
The CPI role privileges become effective only after a user with the role_cpi role
successfully completes the CPI validation flow.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2023-12-05 UTC."],[[["Certain CBSDs require Certified Professional Installer (CPI) validation before installation parameters are sent to the Spectrum Access System (SAS)."],["CPI validation is a two-step process involving secret generation and JWT-based signature validation using the CPI's private key."],["Users with the `role_cpi` role must successfully complete the CPI validation flow to gain CPI privileges within the SAS Portal API."]]],["Certified Professional Installers (CPIs) must validate installation parameters for certain CBSDs. The process involves two steps via the SAS Portal API: First, a user with `role_cpi` obtains a secret using `GenerateSecret()`. Second, they sign the secret with their private key and submit it via `ValidateInstaller()`, along with their CPI ID, using a JWT. This validates the CPI's identity, granting them CPI role privileges, enabling them to use the `SignDevice()` method. The user must be logged in and use HTTPS.\n"]]
