Stay organized with collections
Save and categorize content based on your preferences.
According to the WInnForum requirements, certain Citizens Broadband Radio Service Devices (CBSDs) require
that a Certified Professional Installer (CPI)
validate the installation parameters before they are sent to Spectrum Access System (SAS).
CPI identity validation flow (click to enlarge)
In the Google SAS Portal API, validate that a given user has a valid CPI
certification before they call the SignDevice() method.
You can validate a user's CPI certification by using the following
validation method:
Make sure that the user is signed in with their Google Account, and the
traffic uses HTTPS.
The user then signs the secret with their private key and uses the
ValidateInstaller() method
to send the encoded
version back as a JSON Web Token (JWT), along
with their CPI ID and the original secret. For more details about token creation, see
JSON Web Token format.
The CPI role permissions become effective only after a user with the role_cpi
role successfully completes the CPI validation flow.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Validate CPI identity\n\nAccording to the WInnForum requirements, certain Citizens Broadband Radio Service Devices (CBSDs) require\nthat a [Certified Professional Installer (CPI)](/spectrum-access-system/docs/key-terms#cpi)\nvalidate the installation parameters *before* they are sent to Spectrum Access System (SAS).\n[](/static/spectrum-access-system/docs/images/user-with-role-cpi.svg) CPI identity validation flow (click to enlarge)\n\nIn the Google SAS Portal API, validate that a given user has a valid CPI\ncertification before they call the [`SignDevice()` method](/spectrum-access-system/docs/reference/rest/customers.devices/signDevice).\nYou can validate a user's CPI certification by using the following\nvalidation method:\n\n1. Make sure that the user is signed in with their Google Account, and the traffic uses HTTPS.\n2. A [`role_cpi`](/spectrum-access-system/docs/roles-and-permissions#cpi) user calls the [`GenerateSecret()` method](/spectrum-access-system/docs/reference/rest/installer/generateSecret), which returns a [secret](/spectrum-access-system/docs/key-terms#secret) in the form of a token.\n3. The user then signs the secret with their private key and uses the [`ValidateInstaller()` method](/spectrum-access-system/docs/reference/rest/installer/validate) to send the encoded version back as a [JSON Web Token (JWT)](https://jwt.io/), along with their CPI ID and the original secret. For more details about token creation, see [JSON Web Token format](/spectrum-access-system/docs/json-web-token-format).\n\nThe CPI role permissions become effective only after a user with the `role_cpi`\nrole successfully completes the CPI validation flow.\n\nWhat's next\n-----------\n\n- To get an overview of the SAS Portal API, see [Google SAS Portal API overview](/spectrum-access-system/docs/overview-api).\n- For information about each API, see [Customers API](/spectrum-access-system/docs/customers-api) and [Device Manager API](/spectrum-access-system/docs/device-manager-api).\n- For examples of how to use the API, see [API code samples](/spectrum-access-system/docs/samples).\n- For reference documentation, see [APIs and reference](/spectrum-access-system/docs/apis)."]]
