Set up license token validation keys
Use the 10Duke Scale UI console to set up the validation key pairs needed for the signing and verification of license tokens in license consumption.
At checkout and heartbeat, 10Duke Scale returns a JSON Web Token (JWT) license token to your client application, signed using the private key from the currently active key pair in 10Duke Scale. The application uses the corresponding public key to verify the signature of the license token.
You can create multiple key pairs for the purpose of periodically rolling the keys. Only one key pair can be active at a time. Currently all keys are valid indefinitely, so you roll keys manually by changing which key pair is the active one.
Your client application can retrieve the public keys through 10Duke Scale License Management API. When returning a signed license token, 10Duke Scale also includes the ID of the key pair that was used, which the application uses to identify which public key it needs to use.
Manage validation keys in the UI console
To manage the validation keys for license tokens, go to SETTINGS > Token validation keys in the UI console. On the list of key pairs, the Active column shows which key pair is currently active.
-
To create a new key pair, click Generate new key.
-
To set a key pair as the active key pair, click the check mark icon on the left next to it.
-
To delete a key pair, click the trash can icon next to it, and click Yes to confirm the deletion. You cannot delete the active key pair.
Manage validation keys through the API
Use the following License Management API operations to manage validation key pairs:
Operation | URL (relative, prepend the environment base URL) |
---|---|
Generate a validation key pair | POST /licensing-signing-keys/actions/generate |
Set a validation key pair as the active key pair | PUT /licensing-signing-keys/{id}/actions/activate |
Delete a validation key pair | DELETE /licensing-signing-keys/{id} |
Use the following License Management API operations to retrieve the public keys and information on the key pairs:
Operation | URL (relative, prepend the environment base URL) |
---|---|
Retrieve information on validation key pairs | GET /licensing-signing-keys |
Retrieve information on a validation key pair based on key pair ID | GET /licensing-signing-keys/actions/find-by-keyid/{keyId} |
Retrieve the public keys in JSON Web Key Set (JWKS) format | GET /licensing-signing-keys/.well-known/jwks.json |
See more about the JWKS format in RFC 7517.
Next steps
Verify the signature of license tokens in your client application using the validation keys.