cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cloud monetization API (CMAPI) - How to Request User License using /access_request API

Cloud monetization API (CMAPI) - How to Request User License using /access_request API

When your client application performs a capability exchange using the CMAPI, it uses the POST method on either of /access_request or  /signed_access_request REST APIs to send a capability request in JSON format to the license server to obtain licenses for the requesting enterprise client.

In this example, we use /access_request API to obtain licenses

Step 1. Create Public/Private Key Pair

  • A Private and Public key are required to use the REST-driven licensing APIs (CMAPI)
  • Many publicly available tools, one example below:
  • Download and Install OpenSSL “Light” for Windows @ https://slproweb.com/products/Win32OpenSSL.html
  • Open command prompt in C:\Program Files\OpenSSL-Win64\bin (or OpenSSL installed location)
  • Run the following commands:

                        openssl genrsa -out SaaSDemoPrivate.pem 2048

                       openssl rsa -inform PEM -outform DER -in SaaSDemoPrivate.pem -pubout  -out SaaSDemoPublic.der

  • It Generates:

Private Key: SaaSDemoPrivate.pem

Public Key  : SaaSDemoPublic.der

will be created in C:\Program Files\OpenSSL-Win64\bin

mrathinam_0-1605155141393.png

Step 2: Get CLS Authorization Token

  • In the Customer Portal set the admin password on target Cloud Server (CLS). The Producer password (for all Cloud Servers) can also be used
  • Use /authorize REST endpoint to get the authorization token

mrathinam_1-1605155141405.png

                                                                     Documentation Reference:  License Server Producer Guide

  Step 3: Upload Public Key to Customer CLS Instance using /rest_licensing_keys 

  • Add Authorization with token generated from step 2
  • Add Body - Attach SaaSDemoPublic.der Public Key from C:\Program Files\OpenSSL-Win64\bin
 

public key.png

 

  • Add Content-Type: application/octet stream to Headers
  • Send POST to rest_licensing_keys endpoint. Status should be “200 OK” and then we will get Public key with a successful upload.

Step 4. Create JSON Web Token (JWT) from Private Key 

  • JWT Creation example we can use online tools such as https://jwt.io/ are readily available.
  • Select the RS256 Algorithm and enter the following Payload Data:

             {

               "sub": "1234567890",

               "roles": "ROLE_CAPABILITY"

             }

  • Copy contents of SaaSDemoPrivate.pem from C:\Program Files\OpenSSL-Win64\bin into the Verify Signature Private Key Section

 

mrathinam_3-1605155141436.png

 

  • Copy Public key from Step 3 and paste it below “Begin Public key” line, then we will get JWT Token on the left side like below

 

mrathinam_4-1605155141446.png

 

Step 5. Request User License using /access_request

  • Add the newly created JWT token to the Header 
mrathinam_5-1605155141450.png

 

  • Create the desired license request in the Body, for an example request under raw section

               {

                           "hostId" : {

                           "type" : "string",

                           "value" : " Access_Request"

                           },

                         "incremental" : true,

                         "borrow-interval" : "0",

                        "partial" : true,

                        "features" : [

                                      {

                                      "count" : 1,

                                      "name" : "0000Test",

                                      "version" : "1"

                                      },

                                      {

                                    "count" : 1,

                                    "name" : "ManiDemoFeature",

                                    "version" : "1.0"   

                                    }

                        ]

          }

 

mrathinam_6-1605155141454.png

 

  • Send the POST request (/access_request) and view the response for the above request with two features and one count for each.
  • Find the response below with status: 200 OK

mrathinam_7-1605155141460.png

  • Served Device Details can then be viewed in the Producer/Customer Portals:
  • In this example Served device ID = Access_Request 

mrathinam_8-1605155141464.png 

  • We can see the requested features with the number of counts for each.

Step6: View Available Licenses in the CLS 

  • One method to see all licenses (with available quantities) is to use /preview_request endpoint.  The /features endpoint can also be used (verbose). Sample request for preview

                 {

                  "hostId": {

                 "type": "string",

                "value": "Client1"

               },

               "selectorsDictionary": {}

               }

  • Preview response contains available count “count” and Maximum Entitled count “maxCount” for each feature, find the attached preview_request.png
 

Note: I have also attached as document formate for your reference. 

Was this article helpful? Yes No
100% helpful (1/1)
Comments

This post is super helpful. Thanks for putting it up. I have one point to add however. I think you should specify an exp in the JWT. Without one, the JWT never expires and that is bad practice

Hi @mwilliams1 ,

 Thanks for the point,  Yes we can add exp in the JWT payload section, let me update when I have some example with me again. 

Best Regards,

Mani. 

Hi,

In cluster environment, does each license server hold the same key?

In another word, if I make a call to /rest_licensing_keys and get a public key, and after the license server failed over to another instance, is the public key going to be changed?

Hi @fuyili  all servers with a given InstanceID share the same public/private key pair. If the InstanceID is different then the key is also different. 

Version history
Last update:
‎Mar 30, 2021 07:17 AM
Updated by:
Contributors