Stay organized with collections
Save and categorize content based on your preferences.
According to the WInnForum requirements, certain CBSDs require that a Certified Professional
Installer (CPI) validates the installation parameters before they are sent to the SAS.
Figure 1. CPI identity validation flow
In the SAS Portal API, we need to validate that a given user has a valid CPI certification before
they can call the
SignDevice()
method. We achieve this with the following two-step validation method:
A user with the role_cpi role calls the
GenerateSecret()
method, which returns a secret.
The user signs the secret with their private key and uses the
ValidateInstaller()
method to send the encoded version back as a
JWT, along with their CPI ID and
the original secret. For more details about token creation, see
JSON Web Token format.
The CPI role privileges become effective only after a user with the role_cpi role
successfully completes the CPI validation flow.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2023-12-05 UTC."],[[["\u003cp\u003eCertain CBSDs require Certified Professional Installer (CPI) validation before installation parameters are sent to the Spectrum Access System (SAS).\u003c/p\u003e\n"],["\u003cp\u003eCPI validation is a two-step process involving secret generation and JWT-based signature validation using the CPI's private key.\u003c/p\u003e\n"],["\u003cp\u003eUsers with the \u003ccode\u003erole_cpi\u003c/code\u003e role must successfully complete the CPI validation flow to gain CPI privileges within the SAS Portal API.\u003c/p\u003e\n"]]],["Certified Professional Installers (CPIs) must validate installation parameters for certain CBSDs. The process involves two steps via the SAS Portal API: First, a user with `role_cpi` obtains a secret using `GenerateSecret()`. Second, they sign the secret with their private key and submit it via `ValidateInstaller()`, along with their CPI ID, using a JWT. This validates the CPI's identity, granting them CPI role privileges, enabling them to use the `SignDevice()` method. The user must be logged in and use HTTPS.\n"],null,["According to the WInnForum requirements, certain CBSDs require that a Certified Professional\nInstaller (CPI) validates the installation parameters before they are sent to the SAS.\n**Figure 1.** CPI identity validation flow\n\nIn the SAS Portal API, we need to validate that a given user has a valid CPI certification before\nthey can call the\n[`SignDevice()`](/spectrum-access-system/reference/rest/customers.devices/signDevice)\nmethod. We achieve this with the following two-step validation method:\n\n1. A user with the `role_cpi` role calls the [`GenerateSecret()`](/spectrum-access-system/reference/rest/customers.devices/generateSecret) method, which returns a secret.\n2. The user signs the secret with their private key and uses the [`ValidateInstaller()`](/spectrum-access-system/reference/rest/customers.devices/validate) method to send the encoded version back as a [JWT](https://jwt.io/), along with their CPI ID and the original secret. For more details about token creation, see [JSON Web Token format](/spectrum-access-system/guides/json-web-token-format).\n\n| **Note:** For the prior steps, it's assumed that the user is logged in with their Google Account, and the traffic uses HTTPS.\n\nThe CPI role privileges become effective only after a user with the `role_cpi` role\nsuccessfully completes the CPI validation flow."]]