According to the WInnForum requirements, certain CBSDs require that a Certified Professional Installer (CPI) validates the installation parameters before they are sent to the SAS.
In the SAS Portal API, we need to validate that a given user has a valid CPI certification before
they can call the
SignDevice()
method. We achieve this with the following two-step validation method:
- A user with the
role_cpirole calls theGenerateSecret()method, which returns a secret. - The user signs the secret with their private key and uses the
ValidateInstaller()method to send the encoded version back as a JWT, along with their CPI ID and the original secret. For more details about token creation, see JSON Web Token format.
The CPI role privileges become effective only after a user with the role_cpi role
successfully completes the CPI validation flow.