Authorizing Requests for Updates and Manifests
This section describes how to include a JSON Web Token (JWT) in the header of a request coming from a device. This JWT can then be used to check that the device is authorized to make the request.
Authorizing a request for an update or manifest usually involves the following steps:
| 1. | Generating a Public/Private Key Pair |
| 2. | Providing FlexNet Operations with the Public Key |
| 3. | Creating a JWT |
| 4. | Adding the JWT to the Request |
Generating a Public/Private Key Pair
Using a third-party application or library of your choice, generate a public and private key pair, using the RS256 algorithm. This key pair will be used to generate and validate the JWT sent in authorization requests.
Various third-party tools are available for generating this key pair. Refer to the documentation supplied with the tool for instructions.
Providing FlexNet Operations with the Public Key
You need to provide FlexNet Operations with the public key created in the previous step. FlexNet Operations then makes this public key available to the Notification Server, which uses the key to validate the signature of the JWT.
To upload the public key to FlexNet Operations
Make a PUT call to https://<siteID>-uat.flexnetoperations.com/flexnet/operations/api/updates/update-authorization-key.
|
Body Type |
Code |
|
Request Body |
{ "publicKey":"MIGfMA0GCSqGSIb3DQEBAQUwJp0Egwlt3qpZbEhxaT2wJaiodLyYEXn3ZCnp+Ln5Ia1z0DUPm yETIAw8I+N9zsf+c3PSWrfBQr8RwuJDFndT7bjGB/UhATyk3yaGT7Lsp/ v8XUYliUegQ0ZxK83h6DzRDcOemApchEffAOebk1+dAW0OMEo3A0LAA4GNADCBiQKBgQCVvQg5xomV +wIDAQAB" } |
|
Response Body |
N/A |
No response will be sent.
Using a suitable third-party tool, generate a JWT signed by the private key that you generated in step Generating a Public/Private Key Pair. Refer to the documentation supplied with the tool for instructions. Ensure that the JWT includes an appropriate expiration date, in seconds since 1970-01-01 (the purpose of the expiration date is to provide a way for the token to expire, so that it will not be possible for a device to be perpetually authorized).
See also Documentation about JSON Web Tokens.
The signed JWT must be added to the Authorization: Bearer header of every POST request to the Notification Server.
To submit the authorized POST request
When making a request for either /updates/ or /signed-updates/, add the JWT to the Authorization: Bearer header so that it resembles this example:
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE1NTcwOTEwOTl9.PMMvCRlOkTCtS1pDIKzEHIvEjIctvc5RrN2keQCU5AUp-tg1e-kIXOOtuaHKZJEfVFdmZqvDulI47t5_vcB_VeFbl2QQirvzkrg1YHbyZMLmc_jMSSsgAqvSlaz83jOU7lJvF_bZl_xv5O3jb5MJDoD6v4Miuc-J46hJGe4UvEc