Skip to content

License token validation keys

10Duke Scale uses a key pair for signing and validating license tokens.

10Duke Scale signs license tokens using the private key, and the API client verifies the signatures using the public key. A certificate for license token signing keys can be requested, if needed. The license token signing key certificates are leaf certificates and are signed using one of the signing certificates that the vendor has configured in 10Duke Scale.

The 10Duke Scale SDK for Python automates retrieving the license token validation keys as part of using the license checkout API.

Whenever your application calls the checkout, start, heartbeat, end, or release endpoints (using the LicenseCheckoutClient), the SDK verifies the signature of any received license tokens using the public keys from the 10Duke Scale JSON Web Keys API endpoint.

To do this, the SDK must retrieve the license token validation keys from the JSON Web Keys API endpoint. These calls count towards your monthly quota of 10Duke Scale API calls.

In order to reduce both the number of HTTP requests made to the API and latency within the client application, the SDK stores the received JSON Web Key Set result persistently on the local machine.

By default, the SDK will configure a JWKS store that saves the JSON Web Key Set to a sub-folder of User data directory) folder. Once the keys are saved to this location, the SDK will only download the keys again if it receives a license token using an unknown key (the ID of the key used to sign the token is included in the header of the license token).

The application can modify this default behavior by providing a custom implementation of VerificationKeyStoreABC to the LicenseCheckoutClient.