SAS Portal API

Name: SAS Portal API API
Brand: SAS Portal API
Availability: InStock

✓ Official Vendor SpecIOTDevice Managementoauth224 EndpointsREST

For Agents

Manage CBRS Spectrum Access System deployments — list customers, provision deployments, run installer validation, and update SAS access policies programmatically.

Quickstart

Get started with SAS Portal API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"provision sas deployment"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with SAS Portal API API.

List SAS customers and the legacy organizations associated with them

Provision a SAS deployment under a customer and bind it to a GCP project

Migrate a legacy SAS organization onto the current customer model

Generate and validate installer secrets used by certified professional installers

GET STARTED

Start building with SAS Portal API API

Explore with Jentic

View OpenAPI Document

Use for: List all SAS customers visible to the calling principal, Provision a new SAS deployment under a customer, Migrate a legacy SAS organization onto the current customer schema, Generate an installer secret for a CBRS device installer

Not supported: Does not transmit radio signals, register individual CBRS devices on the air, or perform spectrum allocation calculations — use for SAS Portal administration of customers, deployments, installers, and policies only.

The Google SAS Portal API administers Spectrum Access System deployments for the CBRS 3.5 GHz radio band, the framework that Google uses to coordinate shared wireless spectrum in the United States. It exposes endpoints to manage customers, deployments, GCP project bindings, legacy organization migration, installer secret generation and validation, and access policies. The portal is used by SAS administrators and CBRS device installers to configure how customer devices are registered with Google's SAS service.

Use Cases

Patterns agents use SAS Portal API API for, with concrete tasks.

★ CBRS deployment provisioning

A neutral-host operator onboards a new enterprise customer onto its CBRS network. An automation agent calls the SAS Portal to provision a deployment under the customer record, binds it to the customer's GCP project, and configures access policies so the customer's installers can register devices. This replaces a multi-step console workflow.

POST /v1alpha1/customers:provisionDeployment for the new customer, then POST /v1alpha1/policies:set with the installer principal and the relevant role.

Installer secret generation for field technicians

Certified Professional Installers register CBRS devices in the field. A back-office agent generates installer secrets through the SAS Portal API, sends them securely to field technicians, and validates them on incoming registration requests. The generateSecret and validate endpoints provide both halves of this flow.

POST /v1alpha1/installer:generateSecret for each technician, distribute the secret out-of-band, then POST /v1alpha1/installer:validate during device registration.

Legacy organization migration

Operators carrying SAS deployments from the legacy organization model migrate to the current customer model so they can take advantage of newer access controls and analytics. An agent enumerates legacy organizations and calls migrateOrganization on each, recording the resulting customer IDs for downstream reference.

GET /v1alpha1/customers:listLegacyOrganizations, then POST /v1alpha1/customers:migrateOrganization on each entry.

Agent-driven CBRS administration through Jentic

An AI agent built on Jentic exposes SAS Portal administration as tools for the operations team: list customers, provision deployments, generate installer secrets. It searches Jentic for the right operation by intent and runs it. OAuth credentials remain isolated in the Jentic vault throughout.

Search Jentic for 'provision sas deployment', execute POST /v1alpha1/customers:provisionDeployment, return the new deployment ID.

Key Endpoints

24 endpoints — the google sas portal api administers spectrum access system deployments for the cbrs 3.

METHOD

PATH

DESCRIPTION

GET

/v1alpha1/customers

List SAS customers

POST

/v1alpha1/customers:provisionDeployment

Provision a new SAS deployment

POST

/v1alpha1/customers:migrateOrganization

Migrate a legacy SAS organization

GET

/v1alpha1/customers:listLegacyOrganizations

List legacy SAS organizations

POST

/v1alpha1/installer:generateSecret

Generate an installer secret

POST

/v1alpha1/installer:validate

Validate an installer secret

POST

/v1alpha1/policies:set

Set an access policy on a SAS resource

POST

/v1alpha1/policies:get

Get the access policy on a SAS resource

GET

/v1alpha1/customers

List SAS customers

POST

/v1alpha1/customers:provisionDeployment

Provision a new SAS deployment

POST

/v1alpha1/customers:migrateOrganization

Migrate a legacy SAS organization

GET

/v1alpha1/customers:listLegacyOrganizations

List legacy SAS organizations

POST

/v1alpha1/installer:generateSecret

Generate an installer secret

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

SAS Portal OAuth credentials and certified-installer principals are stored encrypted in the Jentic vault. Agents receive scoped access tokens at execution time, with no raw refresh tokens or installer secrets leaving the vault between calls.

Intent-based discovery

Agents search Jentic with intents like 'provision sas deployment' or 'generate sas installer secret', and Jentic returns the matching SAS Portal operation with its full schema, so the agent calls the correct endpoint without browsing the v1alpha1 docs.

Time to first call

Direct integration takes 3-5 days for OAuth wiring, principal authorization, and secret-handling logic. Through Jentic the same flow is under 1 hour: search, load, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Cloud IAM API

Manages the GCP service accounts referenced by SAS access policies.

Use IAM to provision the principal; use SAS Portal policies to grant it access to a SAS resource.

Complementary

Cloud Logging API

Captures audit logs of SAS administrative actions.

Use SAS Portal to make the change; use Logging to retrieve the audit record afterwards.

Complementary

Cloud Asset API

Inventories the GCP projects bound to SAS deployments.

Use Cloud Asset for project inventory; use SAS Portal to enumerate which projects are SAS-bound.

Complementary

Security Command Center API

Surfaces security findings across the GCP projects that host SAS deployments.

Use Security Command Center for org-wide security; use SAS Portal for SAS-specific configuration.

FAQs

Specific to using SAS Portal API API through Jentic.

What authentication does the SAS Portal API use?

It uses Google OAuth 2.0 with the cloud-platform and sasportal scopes, declared as Oauth2 and Oauth2c. SAS Portal access is restricted to authorized SAS administrators and certified professional installer principals. Through Jentic, OAuth tokens are held encrypted in the vault and exchanged at call time.

Can I provision a SAS deployment with the API?

Yes. POST /v1alpha1/customers:provisionDeployment creates a new SAS deployment under the calling customer and returns the deployment record. The deployment can then be bound to a GCP project and have its access policies configured before installers register devices against it.

What are the rate limits for the SAS Portal API?

Google applies per-project quotas to SAS Portal calls; the dominant constraints are on installer secret generation and validation, which are rate-limited to prevent abuse during field registration. Read calls have a per-minute quota that scales with demonstrated usage and can be raised through the Cloud Console.

How do I generate an installer secret through Jentic?

Search Jentic for 'generate sas installer secret', load the schema for POST /v1alpha1/installer:generateSecret, and execute. Jentic returns the generated secret value, which the agent can then deliver to the field technician through an internal channel; the secret is short-lived by design.

Is the SAS Portal API free?

The API itself is free to call within Google Cloud quotas, but SAS service usage and per-device registration may carry separate charges under the operator's CBRS commercial agreement with Google. The API does not bill per call.

How do I migrate a legacy SAS organization?

Call GET /v1alpha1/customers:listLegacyOrganizations to enumerate eligible legacy records, then POST /v1alpha1/customers:migrateOrganization with the legacy organization identifier. The response contains the new customer record on the current schema, which inherits the legacy organization's deployments.