A producer must restrict REST API access to authorized devices. Updates and Insights makes this authorization possible by means of a JSON Web Token (JWT) in the headers of requests, which authenticates (and hence authorizes) the device. The producer must create the JWT and sign it using the private key of a public/private key pair, created using the RS256 algorithm. The JWT must also include an expiration date, in seconds since 1970-01-01 (the purpose of the expiration date is to provide a way for the token to expire, so that it will not be possible for a device to be perpetually authorized).
For further information about JSON Web Tokens, refer to https://tools.ietf.org/html/rfc7515. The documentation for your JWS/JWT library will describe how to create JWTs programmatically.
This JWT must be made available to the device software, so that it can be added to the REST API request using the Authorization: Bearer header. The token must be added to every POST request to the Notification Server (but is not required in any GET request used to poll for completion of these requests.)
The Notification Server will check the token in the following ways:
| • | Validate the signature in the JWT |
| • | Check the expiration date to ensure it has not passed |
To validate the signature, the Notification Server requires the public key from a key pair previously generated by the producers operating within a single tenant of FlexNet Operations. The producers must therefore upload the public key to FlexNet Operations, which will then make it available to the Notification Server. The producers can upload the public key using the updates-service-rest-controller REST API /operations/api/updates/update-authorization-key. For more information, see Providing FlexNet Operations with the Public Key.
The REST APIs mentioned in the following sections must be prefixed with a base URL, as described in Base URLs.
FlexNet Operations 2020 R1 User GuideFebruary 2020 |
Copyright Information | Flexera |