Stay organized with collections
Save and categorize content based on your preferences.
The Google Spectrum Access System (SAS) Portal API uses
JSON Web Tokens (JWTs) in two ways:
To aid with Certified Professional Installer (CPI) identity validation.
To allow non-CPIs to help install Citizens Broadband Radio Service Devices (CBSDs) that require CPI installation.
During CPI identity validation,
the CPI must create a JWT from a secret generated by the SAS
Portal API. In this case, the CPI uses their private key to create the JWT.
Alternatively, non-CPIs can use the SAS Portal API to create a
device configuration from a JWT created by a CPI. In this case, the JWT contains
CBSD registration parameters, and the CPI uses their private key
to create the JWT.
The JSON Web Signature (JWS) standard is defined in RFC 7515,
and the SAS Portal API supports the ES256 and RS256 signature algorithms.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# JSON Web Token format\n\nThe Google Spectrum Access System (SAS) Portal API uses\n[JSON Web Tokens (JWTs)](https://jwt.io) in two ways:\n\n- To aid with Certified Professional Installer (CPI) identity validation.\n- To allow non-CPIs to help install Citizens Broadband Radio Service Devices (CBSDs) that require CPI installation.\n\nDuring [CPI identity validation](/spectrum-access-system/docs/validate-cpi-identity),\nthe CPI must create a JWT from a secret generated by the SAS\nPortal API. In this case, the CPI uses their private key to create the JWT.\n\nAlternatively, non-CPIs can use the SAS Portal API to create a\ndevice configuration from a JWT created by a CPI. In this case, the JWT contains\nCBSD registration parameters, and the CPI uses their private key\nto create the JWT.\n\nThe JSON Web Signature (JWS) standard is defined in [RFC 7515](https://tools.ietf.org/html/rfc7515),\nand the SAS Portal API supports the ES256 and RS256 signature algorithms.\n\nWhat's next\n-----------\n\n- To get an overview of the SAS Portal API, see [Google SAS Portal API overview](/spectrum-access-system/docs/overview-api).\n- For information about each API, see [Customers API](/spectrum-access-system/docs/customers-api) and [Device Manager API](/spectrum-access-system/docs/device-manager-api).\n- For examples of how to use the API, see [API code samples](/spectrum-access-system/docs/samples).\n- For reference documentation, see [APIs and reference](/spectrum-access-system/docs/apis)."]]
