According to the WInnForum requirements, certain CBSDs require that a Certified Professional
Installer (CPI) validates the installation parameters before they are sent to the SAS.
Figure 1. CPI identity validation flow
In the SAS Portal API, we need to validate that a given user has a valid CPI certification before
they can call the
SignDevice()
method. We achieve this with the following two-step validation method:
A user with the role_cpi role calls the
GenerateSecret()
method, which returns a secret.
The user signs the secret with their private key and uses the
ValidateInstaller()
method to send the encoded version back as a
JWT, along with their CPI ID and
the original secret. For more details about token creation, see
JSON Web Token format.
The CPI role privileges become effective only after a user with the role_cpi role
successfully completes the CPI validation flow.
[null,null,["Last updated 2023-12-05 UTC."],[[["Certain CBSDs require Certified Professional Installer (CPI) validation before installation parameters are sent to the Spectrum Access System (SAS)."],["CPI validation is a two-step process involving secret generation and JWT-based signature validation using the CPI's private key."],["Users with the `role_cpi` role must successfully complete the CPI validation flow to gain CPI privileges within the SAS Portal API."]]],[]]
