JSON Web Token format
Stay organized with collections
Save and categorize content based on your preferences.
JSON Web Tokens (JWTs) are used
by the SAS Portal API in two ways:
- To aid with CPI identity validation.
- To allow non-CPIs to help install CBSDs that require CPI installation.
During
CPI identity validation, the CPI is asked to create a JWT from a secret generated by the SAS
Portal API. In this case, the CPI uses their private key to create the JWT.
Alternatively, non-CPIs may use the SAS Portal API to create a device configuration from a JWT
created by a CPI. In this case, the JWT contains CBSD registration parameters and the CPI uses their
private key to create the JWT.
The JSON Web Signature (JWS) standard is defined in
RFC 7515, and the SAS Portal API supports the ES256 and RS256 signature algorithms.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2023-12-05 UTC.
[null,null,["Last updated 2023-12-05 UTC."],[],["JWTs are used within the SAS Portal API for CPI identity validation and to enable non-CPIs to assist with installing CBSDs requiring CPI installation. CPIs create JWTs using their private keys for both purposes. During identity validation, they create a JWT from a SAS Portal API-generated secret. For non-CPI assistance, they create JWTs containing CBSD registration parameters. The API utilizes the JWS standard (RFC 7515) and supports ES256 and RS256 signature algorithms.\n"]]