Authorizing Update Requests

A producer must restrict REST API access to authorized devices. Updates and Insights makes this authorization possible by means of a JSON Web Token (JWT) in the headers of requests, which authenticates (and hence authorizes) the device. The producer must create the JWT and sign it using the private key of a public/private key pair, created using the RS256 algorithm. The JWT must also include an expiration date, in seconds since 1970-01-01 (the purpose of the expiration date is to provide a way for the token to expire, so that it will not be possible for a device to be perpetually authorized).

This JWT must be made available to the device software, so that it can be added to the REST API request using the Authorization: Bearer header. The token must be added to every POST request to the Notification Server (but is not required in any GET request used to poll for completion of these requests.)

The Notification Server will check the token in the following ways:

Validate the signature in the JWT
Check the expiration date to ensure it has not passed

To validate the signature, the Notification Server requires the public key from a key pair previously generated by the producers operating within a single tenant of FlexNet Operations. The producers must therefore upload the public key to FlexNet Operations, which will then make it available to the Notification Server. The producers can upload the public key using the updates-service-rest-controller REST API /operations/api/updates/update-authorization-key. For more information, see Providing FlexNet Operations with the Public Key.

The REST APIs mentioned in the following sections must be prefixed with a base URL, as described in Notification Server Base URL.

Documentation about JSON Web Tokens

For further information about JSON Web Tokens, refer to https://tools.ietf.org/html/rfc7515. The documentation for your JWS/JWT library will describe how to create JWTs programmatically.

You can also find guidance about generating a JSON web token in the technical article Demonstration Code to Generate JSON Web Tokens for Updates and Insights (PDF format), which is accessible from the Revenera Learning Center. To download the PDF, sign into the Learning Center using your Revenera Community credentials. If you do not have a community login, please sign up and be sure to provide your account ID upon registration. On the Learning Center homepage, click FlexNet Operations and select the course Updates and Insights using FlexNet Operations. Click Register to access the PDF in the Resources section.