If you are using Contego/Conax products, please refer to the documentation available at https://doc.integra.nagra.com/.

{ "openapi": "3.0.3", "info": { "version": "21.10", "title": "OTT License Servers API" }, "servers": [ { "url": "https://{frontAddress}/{tenantId}", "variables": { "frontAddress": { "default": "xxx.xxx.xxx.xxx", "description": "Address of SSP host" }, "tenantId": { "default": "NAG0000", "description": "String, value provided by Nagra" } } } ], "tags": [ { "name": "Widevine-LS", "description": "Request for the Widevine license server" }, { "name": "PlayReady-LS", "description": "Request for the PlayReady license server" }, { "name": "FairPlay-LS", "description": "Request for the FairPlay license server" } ], "paths": { "/wvls/contentlicenseservice/v1/certificates": { "get": { "tags": [ "Widevine-LS" ], "summary": "Get Widevine license server certificate", "responses": { "200": { "$ref": "#/components/responses/Certificate200Response" }, "500": { "$ref": "#/components/responses/Certificate500Response" } } } }, "/wvls/contentlicenseservice/v1/licenses": { "post": { "tags": [ "Widevine-LS" ], "summary": "Get an OTT post-delivery license for Widevine", "parameters": [ { "$ref": "#/components/parameters/xCorrelationId" }, { "$ref": "#/components/parameters/nvAuthorizationsPostDeliveryMode" } ], "requestBody": { "$ref": "#/components/requestBodies/WidevineChallenge" }, "responses": { "200": { "$ref": "#/components/responses/WV200Response" }, "400": { "$ref": "#/components/responses/WV400Response" }, "500": { "$ref": "#/components/responses/WV500Response" } } } }, "/prls/contentlicenseservice/v1/licenses": { "post": { "tags": [ "PlayReady-LS" ], "summary": "Get an OTT post-delivery license for PlayReady", "parameters": [ { "$ref": "#/components/parameters/xCorrelationId" }, { "$ref": "#/components/parameters/nvAuthorizationsPlayReady" }, { "$ref": "#/components/parameters/nvQueryParamPlayReady" } ], "requestBody": { "$ref": "#/components/requestBodies/PlayReadyChallenge" }, "responses": { "200": { "$ref": "#/components/responses/PR200Response" }, "500": { "$ref": "#/components/responses/PR500Response" } } } }, "/fpls/contentlicenseservice/v1/certificates": { "get": { "tags": [ "FairPlay-LS" ], "summary": "Get FairPlay license server certificate", "responses": { "200": { "$ref": "#/components/responses/Certificate200Response" }, "500": { "$ref": "#/components/responses/Certificate500Response" } } } }, "/fpls/contentlicenseservice/v1/licenses": { "post": { "tags": [ "FairPlay-LS" ], "summary": "Get an OTT post-delivery license for FairPlay", "parameters": [ { "$ref": "#/components/parameters/xCorrelationId" }, { "$ref": "#/components/parameters/nvAuthorizationsPostDeliveryMode" } ], "requestBody": { "$ref": "#/components/requestBodies/FairPlayChallenge" }, "responses": { "200": { "$ref": "#/components/responses/FP200Response" }, "400": { "$ref": "#/components/responses/FP400Response" }, "500": { "$ref": "#/components/responses/FP500Response" } } } } }, "components": { "parameters": { "tenantId": { "in": "path", "name": "tenantId", "required": true, "schema": { "type": "string" }, "description": "Tenant ID which the device requesting the certificate belongs to. It should match the tenantId from the server's URL." }, "xCorrelationId": { "in": "header", "name": "x-correlation-id", "required": false, "schema": { "type": "string", "format": "uuid" }, "description": "<h2>Description</h2> If not provided (null or empty), a random UUID value is assigned to the incoming request <br>UUID format recommended, but any string of max 68 bytes will be accepted <h2>Example</h2> <pre>123e4567-e89b-12d3-a456-426655440000</pre>\n" }, "nvQueryParamPlayReady": { "name": "renew", "in": "query", "description": "Indicates if this is a license renew(proactive) request or not.", "required": false, "schema": { "type": "boolean" } }, "nvAuthorizationsPostDeliveryMode": { "in": "header", "name": "nv-authorizations", "required": false, "schema": { "$ref": "#/components/schemas/nvAuthorizationsPostDeliveryMode" }, "description": "<h2>Description</h2> Comma-separated list of base-64 JWT <h2>Authorization modes</h2> <h3>Token-based authorization mode</h3> SSP tokens expected: <ul>\n <li>1 ContentAuthZ token\n <li>0..n Kc tokens\n <li>0..1 Session token when Secure Session Management (SSM) is used\n</ul> <h2>Examples</h2> <h3>Single token example</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiJhY2NvdW50XzEyMyIsInZlciI6IjEuMCIsInRlbmFudElkIjoidGVuYW50XzEyMyIsInR5cCI6IkRldkF1dGhOIiwiZXhwIjoxNjYzMzI2NjYyLCJkZXZpY2VJZCI6ImRldmljZV8xMjMifQ.CYKYCkYbcpCPSwxIbtI8h4rePdVv2OjgD5rSvXY76E\"</pre> <h3>Multiple tokens example (comma-separated tokens)</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", <br>\"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\"</pre>\n" }, "nvAuthorizationsPostDeliveryModeTK": { "in": "header", "name": "nv-authorizations", "required": false, "schema": { "$ref": "#/components/schemas/nvAuthorizationsPostDeliveryMode" }, "description": "<h2>Description</h2> Comma-separated list of base-64 JWT <h2>Authorization modes</h2> <h3>Token-based authorization mode</h3> SSP tokens expected: <ul>\n <li>1 ContentAuthZ token\n <li>0..n Kc tokens\n <li>0..1 Session token when Secure Session Management (SSM) is used\n</ul> <h3>Server-based authorization mode</h3> <h4>Authentication using SSP tokens</h4> SSP tokens expected: <ul>\n <li>1 DevAuthN token\n <li>0..1 Session token when Secure Session Management (SSM) is used\n</ul> <h4>Authentication with no SSP token</h4> Alternatively, if the SoC UID of a TVKeyCloud device is already known from authorization server (ADM), token is not required. In this case, the authorization is based on TVKeyCloud challenge content. <h3>Callback-based authorization mode</h3> <b>Not applicable</b> (field <i>nv-authorizations</i> not provided) <h2>Examples</h2> <h3>Single token example</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiJhY2NvdW50XzEyMyIsInZlciI6IjEuMCIsInRlbmFudElkIjoidGVuYW50XzEyMyIsInR5cCI6IkRldkF1dGhOIiwiZXhwIjoxNjYzMzI2NjYyLCJkZXZpY2VJZCI6ImRldmljZV8xMjMifQ.CYKYCkYbcpCPSwxIbtI8h4rePdVv2OjgD5rSvXY76E\"</pre> <h3>Multiple tokens example (comma-separated tokens)</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", <br>\"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\"</pre>\n" }, "nvAuthorizationsSWPRM": { "in": "payload", "name": "nv-authorizations", "required": true, "schema": { "$ref": "#/components/schemas/nvAuthorizationsPostDeliveryMode" }, "description": "<h2>Description</h2> Comma-separated list of base-64 JWT <br>Content depends on nv-portal-id: <ul>\n <li><b>\"SSP AuthZ\"</b> for token-based and server based authorization modes\n <li><b>\"SDP AuthZ\"</b> for callback-based authorization mode\n</ul> <h2>Authorization modes</h2> <h3>Token-based authorization mode</h3> SSP tokens expected: <ul>\n <li>1 ContentAuthZ token\n <li>0..n Kc tokens\n</ul> <h3>Server-based authorization mode</h3> SSP token expected: <ul>\n <li>1 DevAuthN token\n</ul> <h3>Callback-based authorization mode</h3> SSP token expected: <ul>\n <li>1 MediaLive SDP token\n</ul> <h2>Examples</h2> <h3>Single token example</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiJhY2NvdW50XzEyMyIsInZlciI6IjEuMCIsInRlbmFudElkIjoidGVuYW50XzEyMyIsInR5cCI6IkRldkF1dGhOIiwiZXhwIjoxNjYzMzI2NjYyLCJkZXZpY2VJZCI6ImRldmljZV8xMjMifQ.CYKYCkYbcpCPSwxIbtI8h4rePdVv2OjgD5rSvXY76E\"</pre> <h3>Multiple tokens example (comma-separated tokens)</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", <br>\"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\"</pre>\n" }, "SWPRMAPIVersion": { "in": "query", "name": "version", "required": false, "schema": { "$ref": "#/components/schemas/SWPRMAPIVersion" }, "description": "<h2>Description</h2> Version of the API, default: 1\n" }, "nvAuthorizationsPlayReady": { "in": "header", "name": "nv-authorizations", "required": false, "schema": { "$ref": "#/components/schemas/nvAuthorizationsPostDeliveryMode" }, "description": "<h2>Description</h2> Comma-separated list of base-64 JWT <h2>Modes available</h2> It can be provided in two different modes: <ul>\n <li>authorization tokens in payload (PlayReady CustomData in Challenge)\n <li>authorization tokens in header\n</ul> <h2>Mode: authorization tokens in payload</h2> Header parameter <i>nv-authorizations</i> is <b>not applicable</b>. <h2>Mode: authorization tokens in header</h2><h3>Token-based authorization mode</h3> SSP tokens expected: <ul>\n <li>1 ContentAuthZ token\n <li>0..n Kc tokens\n <li>0..1 Session token when Secure Session Management (SSM) is used\n</ul> (field <i>nv-authorizations</i> not provided) <h2>Examples</h2> <h3>Single token example</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiJhY2NvdW50XzEyMyIsInZlciI6IjEuMCIsInRlbmFudElkIjoidGVuYW50XzEyMyIsInR5cCI6IkRldkF1dGhOIiwiZXhwIjoxNjYzMzI2NjYyLCJkZXZpY2VJZCI6ImRldmljZV8xMjMifQ.CYKYCkYbcpCPSwxIbtI8h4rePdVv2OjgD5rSvXY76E\"</pre> <h3>Multiple tokens example (comma-separated tokens)</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", <br>\"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\"</pre>\n" } }, "responses": { "Certificate200Response": { "content": { "application/octet-stream": { "schema": { "$ref": "#/components/schemas/CertificateSuccessfulResponse" } } }, "description": "Successful response for license server certificate request" }, "WV200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WVSuccessfulResponseJSON" } }, "application/octet-stream": { "schema": { "$ref": "#/components/schemas/WVSuccessfulResponseOctetStream" } } }, "headers":{ "model":{"schema": {"type": "string"}, "description":"Contains the model of the device sending the license request"}, "drmDeviceId":{"schema":{"type": "base64 string"}, "description": "Contains the device id"} } , "description": "Successful response for Widevine license request <br>License can be returned in two different ways: <ul>\n <li>Embedded as an array of licenses in a JSON object <i>(content-type: application/json)</i>\n <li>As a binary content directly <i>(content-type: application/octet-stream)</i>\n</ul> Several licenses can only be returned in a single request with a JSON object.\n" }, "PR200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PRSuccessfulResponse" } } }, "description": "Successful response for PlayReady license request <br>Response is embedded within custom data from PlayReady's license response <br><br> <u>Example:</u> <pre>\n <soap:Envelope ...>\n  <soap:Body>\n   <AcquireLicenseResponse ...>\n <AcquireLicenseResult ...>\n    <AcquireLicenseResult>\n     <Response ...>\n      <LicenseResponse ...>\n       <Version ...>\n <Licenses ...>\n <License ...><br> WE1SAAAAAANzNAh9L....\n    <CustomData ...>\n <br>\n        {\n         \"sessionToken\": \"eyJraWQiOiI0NDMyMDgiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9....\",\n         \"model\": \"Microsoft Windows 6.4.7.000\",\n         \"drmDeviceId\": \"fb5134b6-7451-40e3-3fb5-54a243475149\"\n                         }\n <br>\n       </CustomData>\n      </LicenseResponse>\n     </Response>\n    </AcquireLicenseResult>\n   </AcquireLicenseResponse>\n  </soap:Body>\n </soap:Envelope>\n</pre>\n" }, "PRM200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PRMSuccessfulResponse" } } }, "description": "Successful response for PRM license request" }, "SWPRM200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRMSuccessfulResponse" } } }, "description": "Error code 0 means a successful response for SWPRM license request otherwise see below for details about error codes <br>0: No error <br>5000: Internal error <br>5002: Missing EJB <br>5101: No active player for this crypto version <br>5102: Unknown operator <br>5103: Unknown device <br>5104: Forbidden zeroed sender ID <br>4001: No connection to KSS, either KSS failure or SLS configuration <br>4002: Unmanaged protocol version <br>6101: PRM Credentials authorization - Denied <br>6102: PRM Credentials authorization - Error <br>6103: PRM Credentials authorization - Error while converting the viewingWindow <br>6104: PRM Credentials authorization - Mismatch content ID <br>6105: PRM Credentials Error <br>6200: Whitebox crypto error <br>6201: Whitebox crypto error - Key obfuscation error <br>6202: Whitebox crypto error - PRM Keys generation error <br>6203: Whitebox crypto error - Unsupported crypto version <br>6300: Service KSS error <br>6301: KSS does not return EMI for this content ID <br>7100: Service credentials error <br>7101: Failed to build DCM (builder returned null) <br>7102: Failed to build DMM (builder returned null) <br>7103: Error while building HomeDomain entitlements <br>7201: Incoherent secret ID / sender ID <br>7202: Secret ID not found <br>7204: Error during reconcile operation <br>7300: Error with server certificate <br>7301: Error with PEM encoding <br>7401: Failed to unprotect the DVS-H content key <br>7402: Using fairplay license is not allowed for this credentials versions <br>8001: Parameter missing <br>8003: Wrong value for one of the parameter <br>8004: Incoherent secretId senderId <br>8011: Unmanaged DCM range <br>8012: Unmanaged DMM range <br>8013: Unmanaged certifacte range <br>8020: Fairplay parsing error <br>8021: Fairplay error in CKC building <br>8022: Fairplay - Server is not supporting used protocol <br>8023: Fairplay SKR1 integrity check failed <br>8024: Fairplay configuration internal error" }, "SWPRMInitializeDevice200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRMInitializeDeviceSuccessfulResponse" } } }, "description": "Error code 0 means a successful response for SWPRM license request otherwise see below for details about error codes <br>0: No error <br>5000: Internal error <br>5002: Missing EJB <br>5101: No active player for this crypto version <br>5102: Unknown operator <br>5103: Unknown device <br>5104: Forbidden zeroed sender ID <br>4001: No connection to KSS, either KSS failure or SLS configuration <br>4002: Unmanaged protocol version <br>6101: PRM Credentials authorization - Denied <br>6102: PRM Credentials authorization - Error <br>6103: PRM Credentials authorization - Error while converting the viewingWindow <br>6104: PRM Credentials authorization - Mismatch content ID <br>6105: PRM Credentials Error <br>6200: Whitebox crypto error <br>6201: Whitebox crypto error - Key obfuscation error <br>6202: Whitebox crypto error - PRM Keys generation error <br>6203: Whitebox crypto error - Unsupported crypto version <br>6300: Service KSS error <br>6301: KSS does not return EMI for this content ID <br>7100: Service credentials error <br>7101: Failed to build DCM (builder returned null) <br>7102: Failed to build DMM (builder returned null) <br>7103: Error while building HomeDomain entitlements <br>7201: Incoherent secret ID / sender ID <br>7202: Secret ID not found <br>7204: Error during reconcile operation <br>7300: Error with server certificate <br>7301: Error with PEM encoding <br>7401: Failed to unprotect the DVS-H content key <br>7402: Using fairplay license is not allowed for this credentials versions <br>8001: Parameter missing <br>8003: Wrong value for one of the parameter <br>8004: Incoherent secretId senderId <br>8011: Unmanaged DCM range <br>8012: Unmanaged DMM range <br>8013: Unmanaged certifacte range <br>8020: Fairplay parsing error <br>8021: Fairplay error in CKC building <br>8022: Fairplay - Server is not supporting used protocol <br>8023: Fairplay SKR1 integrity check failed <br>8024: Fairplay configuration internal error" }, "TK200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TKSuccessfulResponse" } } }, "description": "Successful response for TVKeyCloud license request\n" }, "FP200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FPSuccessfulResponse" } } }, "headers":{ "drmDeviceId":{"schema":{"type": "base64 string"}, "description": "Contains the device id"} } , "description": "Successful response for FairPlay license request\n" }, "PRMPostDelivery400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: <br>1001: Invalid request format <br>1002: Invalid interface version in request URL <br>1003: Empty header <br>1004: Invalid authorizations format <br>1005: Correlation id format error <br>1006: Tenant id format error <br>2001: Invalid challenge format <br>2002: Challenge's active key generation not matching key package generation <br>2102: PSSH missing in license request <br>2103: No ContentId found in license request <br>2104: Invalid deviceId found in license request <br>3001: Content Authorization token version not supported <br>3002: Content Key token version not supported <br>3003: One or more header parameter is missing <br>3004: Token encryption key is not valid <br>3005: Token type is unknown <br>3006: Token format not supported <br>3007: Content Rights format not supported <br>3008: Entitlements format not supported <br>3009: Account format not supported <br>3011: Account profile format not supported <br>4000: Ungranted request <br>4001: Content Authorization token missing in request <br>4002: Content Key token referenced missing in request <br>4003: Several Content Authorization tokens in request <br>4004: Duplicate content keys <br>4005: Invalid expiration date (exp field value) <br>4006: Token already played (jti field value) <br>4007: Device ID mismatch between token and challenge <br>4008: Device security level insufficient <br>4009: Tenant ID mismatch between request and tokens <br>4010: Credential Privilege Mismatch <br>4011: No valid key found for key id <br>4012: Invalid api in header request <br>4013: Invalid caller in header request <br>4014: Problem related to kid in request <br>4015: Credential not found <br>4016: Missing mandatory field <br>4017: Device is disabled <br>4018: Device specified in the token doesn't exist <br>4019:Device is not associated to the provided account <br>4020: Account is not in the ACTIVE state <br>4021: Product specified doesn't have any entitlement <br>4022: Specified tenant doesn't exist in Rights Management system <br>4024: Tenant not found <br>4025: Tenant is not Active <br>4027: Device binding error <br>4028: No compliant track was found<br>4029: Airplay output not supported <br>4030: Token hdcp and playbackDigitalAVAdapter Usage Rules not supported <br>4031: Usage rule profile does not exist <br>4032: Unexpected Content Key token received in the request <br>4033: Session token missing in request <br>4034: Multiple session token not allowed <br>4035: AccountId mismatch between auth token and session token <br>4036: Missing accountId field in ContentAuthZ <br>4037: Missing maxSessions field in ContentAuthZ <br>4038: Unexpected token type <br>4039: Device referenced in challenge doesn't exist <br>4040: ContentAuthZ or DevAuthN token signature missing in Session token <br>4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN token <br>4042: Multiple keys w/o startDate have been found<br>4043: Content startDate too far in the future <br>4044: Device hdcp protection failure <br>4046: HWPRMLS doesn't support SDP token <br>4047: Content rights end date in the past <br>4103: Content not approved for playback over airplay <br>4104: Content not approved for playback over digital av adapter <br>4106: Content not allowed for drm <br>4107: Content not distributed by operator <br>4109: Token not reusable on device <br>4111: Content Authorization, Device Authentication or SDP token missing in request <br>4112: No content rights found matching the license request <br>4113: Number of allowed requests exceeded\n" }, "TKLSLicense400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: <br>1000: Invalid license request message<br>1001: Invalid ASN1 <br>1002: Invalid application data<br>1003: Invalid tenant identifier<br>1004: Invalid correlation id<br>1005: Invalid authorization token\n" }, "TKLSLicense404Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard404ErrorResponse" } } }, "description": "Error codes: <br>2000: Resource not found<br>2001: Cannot retrieve global keys<br>2002: CLM resource not found\n" }, "TKLSLicense500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error codes: <br>9000: An unexpected error occured<br>9001: Internal server error<br>9002: Unexpected error from TVKey SDK<br>9003: PDS global keys format error<br>9004: CLM License response format error <br>9005: CLM Licence request format error<br>9006: CLM response error\n" }, "SWPRM400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRM400ErrorResponse" } } }, "description": "Error codes: <br>1001: Invalid request format <br>1002: Invalid interface version in request URL <br>1003: Empty header <br>1004: Invalid authorizations format <br>2001: Invalid challenge format <br>2002: Challenge's active key generation not matching key package generation <br>2102: PSSH missing in license request <br>2103: No ContentId found in license request <br>2104: Invalid deviceId found in license request <br>3001: Content Authorization token version not supported <br>3002: Content Key token version not supported <br>3003: One or more header parameter is missing <br>3004: Token encryption key is not valid <br>3005: Token type is unknown <br>3006: Token format not supported <br>3007: Content Rights format not supported <br>3008: Entitlements format not supported <br>3010: The drm does not support to have multiple content rights <br>4000: Ungranted request <br>4001: Content Authorization token missing in request <br>4002: Content Key token referenced missing in request <br>4003: Several Content Authorization tokens in request <br>4004: Duplicate content keys <br>4005: Invalid expiration date (exp field value) <br>4006: Token already played (jti field value) <br>4007: Device ID mismatch between token and challenge <br>4008: Device security level insufficient <br>4009: Tenant ID mismatch between request and tokens <br>4010: Credential Privilege Mismatch <br>4011: No valid key found for key id <br>4012: Invalid api in header request <br>4013: Invalid caller in header request <br>4014: Problem related to kid in request <br>4016: Missing mandatory field <br>4022: Specified tenant doesn't exist in Rights Management system <br>4027: Device binding error <br>4028: No compliant track was found<br>4029: Airplay output not supported<br>4031: Usage rule profile does not exist <br>4032: Unexpected Content Key token received in the request <br>4036: Missing accountId field in ContentAuthZ <br>4037: Missing maxSessions field in ContentAuthZ <br>4038: Unexpected token type <br>4040: ContentAuthZ or DevAuthN token signature missing in Session token <br>4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN token <br>4042: Multiple keys w/o startDate have been found<br>4043: Content startDate too far in the future <br>4106: Content not allowed for drm <br>4107: Content not distributed by operator <br>4109: Token not reusable on device <br>4111: Content Authorization, Device Authentication or SDP token missing in request <br>4112: No content rights found matching the license request <br>4113: Number of allowed requests exceeded\n" }, "PRMPreDelivery400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Errors codes: <br>1001: Invalid request format <br>1002: Invalid interface version in request URL <br>1003: Empty header <br>1004: Invalid authorizations format <br>1005: Correlation id format error <br>1006: Tenant if format error <br>2001: Invalid challenge format <br>2002: Challenge's active key generation not matching key package generation <br>2102: PSSH missing in license request <br>2103: No ContentId found in license request <br>2104: Invalid deviceId found in license request <br>3001: Content Authorization token version not supported <br>3002: Unsupported content key token version <br>3003: One or more header parameter is missing <br>3004: Decryption error<br>3005: Token type is unknown <br>3006: Token format not supported <br>3007: Content Rights format not supported <br>3008: Entitlements format not supported <br>3009: Account format not supported <br>3011: Account Profile format not supported <br>4000: Ungranted request <br>4001: Content Authorization token missing in request <br>4003: Found several auth token in ATM response, but only one is allowed <br>4004: Duplicate content keys <br>4005: Invalid expiration date <br>4006: Token already played <br>4007: Device ID mismatch between token and challenge <br>4008: Device security level insufficient <br>4009: Tenant ID mismatch between request and tokens <br>4010: Credential Privilege Mismatch <br>4011: No valid key found for key id <br>4012: Invalid api in header request <br>4013: Invalid caller in header request <br>4014: Problem related to kid in request <br>4015: Device, Account or Content selection cannot be authorized <br>4016: Missing mandatory field <br>4017: Device is disabled <br>4018: Device specified in the token doesn't exist <br>4019: Device is not associated to the provided account <br>4020: Account is not in the ACTIVE state <br>4021: ContentId specified in the token doesn't have any product in OACS <br>4022: Specified tenant doesn't exist in Rights Management system <br>4024: Tenant not found <br>4025: Tenant is not Active <br>4027: Device binding error <br>4028: No compliant track was found<br>4029: Airplay output not supported <br>4030: Token hdcp and playbackDigitalAVAdapter Usage Rules not supported <br>4031: Unknown DRM type <br>4032: Unexpected Content Key token received in the request <br>4033: Session token missing in request <br>4034: Multiple session tokens not allowed <br>4035: AccountId mismatch between auth token and session token <br>4036: Missing accountId in contentAuthZ token <br>4037: MaxSession is invalid or missing <br>4038: Unexpected token type <br>4039: Device referenced in challenge doesn't exist <br>4040: ContentAuthZ or DevAuthN token signature missing in Session token <br>4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN <br>4042: Multiple keys w/o startDate have been found <br>4043: Content startDate too far in the future <br>4044: Device hdcp protection failure <br>4046: HWPRMLS doesn't support SDP token <br>4047: Content rights end date is in the past <br>4100: Device does not exist <br>4101: Device reregistration required <br>4102: Device not authorized <br>4103: Content not approved for playback over airplay <br>4104: Content not approved for playback over digital av adapter <br>4105: Account not authorized <br>4109: Token not reusable on device <br>4111: Content Authorization, Device Authentication or SDP token missing in request <br>4112: No content rights found matching the license request <br>4113: Number of allowed requests exceeded <br>4114: Either AccountId or DeviceId has to be provided in devAuthN token\n" }, "WV400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: <br>1001: Invalid request format <br>1002: Invalid interface version in request URL <br>1003: Empty header <br>1004: Invalid authorizations format <br>1005: Mandatory header fields are missing in the request <br>1006: Missing atm url in the configuration <br>1007: Invalid date <br>1008: Missing configuration in SSP for tenant <br>1009: Certificates in request are invalid <br>1010: Invalid track type <br>2001: Invalid challenge format <br>2002: Challenge's active key generation not matching key package generation <br>2102: PSSH missing in license request <br>2103: No ContentId object found in license request <br>2104: Invalid max HDCP version in license request <br>3001: Content Authorization token version not supported <br>3002: Content Key token version not supported <br>3003: One or more header parameter is missing <br>3004: Token encryption key is not valid <br>3005: Token type is unknown <br>3006: Token format not supported <br>3007: Content Rights format not supported <br>3008: Entitlements format not supported <br>3009: Account format not supported <br>3010: The drm does not support to have multiple content rights <br>3011: Accound Profile format not supported <br>4000: Ungranted request <br>4001: Content Authorization token missing in request <br>4002: Content Key token referenced missing in request <br>4003: Several Content Authorization tokens in request <br>4004: Duplicate content keys <br>4005: Invalid expiration date (exp field value) <br>4006: Token already played (jti field value) <br>4007: Device ID mismatch between token and challenge <br>4008: Device security level insufficient <br>4009: Tenant ID mismatch between request and tokens <br>4010: Credential Privilege Mismatch <br>4011: No valid key found for key id <br>4012: Invalid api in header request <br>4013: Invalid caller in header request <br>4014: Problem related to kid in request <br>4015: Device, Account or Content selection cannot be authorized <br>4016: Missing mandatory field <br>4017: Device is disabled <br>4018: Device specified in the token doesn't exist <br>4019: Device is not associated to the provided account <br>4020: Account is not in the ACTIVE state <br>4021: Product specified doesn't have any entitlement <br>4022: Specified tenant doesn't exist in Rights Management system <br>4023: ContentId specified in the token doesn't have any product <br>4024: Specified content does not exist in Information Management system <br>4025: Subscribed product has expired <br>4026: Product status is unsubscribed <br>4027: Device binding error <br>4028: Specified URI profile does not exist in Information Management system <br>4029: ExplicitIv is mandatory if Fairplay is present in DRMSystemList <br>4030: Incosistent Request <br>4031: Could not find usage rule profile <br>4032: Unexpected Content Key token received in the request <br>4033: Session token missing <br>4034: Multiple session tokens not allowed <br>4035: AccountId mismatch between auth token and session token <br>4036: Missing accountId in contentAuthZ token <br>4037: MaxSession is invalid or missing <br>4038: Unexpected token type <br>4039: Device referenced in challenge doesn't exist <br>4040: ContentAuthZ or DevAuthZ token signature missing in Session token <br>4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN <br>4042: Multiple keys w/o startDate have been found <br>4043: Content startDate too far in the future <br>4044: Device hdcp protection failure <br>4047: Content rights end date in the past <br>4100: Device does not exist <br>4101: Device reregistration required <br>4102: Device not authorized <br>4103: Content not approved for playback over airplay <br>4104: Content not approved for playback over digital av adapter <br>4105: Account not authorized <br>4106: Content not allowed for drm <br>4107: Content not distributed by operator <br>4108: Widevine client persistent mode not working <br>4109: Token not reusable on device <br>4110: Offline license is not allowed <br>4111: Invalid token <br>4112: Multiple keys for same time window are not allowed <br>4113: Data Not Found <br>4400: Device revoked \n" }, "FP400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: <br>1001: Invalid request format <br>1002: Invalid interface version in request URL <br>1003: Empty header <br>1004: Invalid authorizations format <br>1005: Mandatory header fields are missing in the request <br>1006: Missing atm url in the configuration <br>1007: Invalid date <br>1008: Missing configuration in SSP for tenant <br>1009: Certificates in request are invalid <br>1010: Invalid track type <br>2001: Invalid challenge format <br>2002: Challenge's active key generation not matching key package generation <br>2100: Unsupported FPS version <br>2101: Unknown FPS certificate fingerprint <br>2102: PSSH missing in license request <br>2103: No ContentId object found in license request <br>2104: Invalid max HDCP version in license request <br>3001: Content Authorization token version not supported <br>3002: Content Key token version not supported <br>3003: One or more header parameter is missing <br>3004: Token encryption key is not valid <br>3005: Token type is unknown <br>3006: Token format not supported <br>3007: Content Rights format not supported <br>3008: Entitlements format not supported <br>3009: Account format not supported <br>3010: Drm doesn't support to have multiple content right <br>3011: Account profile not supported <br>4000: Ungranted request <br>4001: Content Authorization token missing in request <br>4002: Content Key token referenced missing in request <br>4003: Several Content Authorization tokens in request <br>4004: Duplicate content keys <br>4005: Invalid expiration date (exp field value) <br>4006: Token already played (jti field value) <br>4007: Device ID mismatch between token and challenge <br>4008: Device security level insufficient <br>4009: Tenant ID mismatch between request and tokens <br>4010: Credential Privilege Mismatch <br>4011: No valid key found for key id <br>4012: Invalid api in header request <br>4013: Invalid caller in header request <br>4014: Problem related to kid in request <br>4015: Device, Account or Content selection cannot be authorized <br>4016: Missing mandatory field <br>4017: Device is disabled <br>4018: Device specified in the token doesn't exist <br>4019: Device is not associated to the provided account <br>4020: Account is not in the ACTIVE state <br>4021: Product specified doesn't have any entitlement <br>4022: Specified tenant doesn't exist in Rights Management system <br>4023: ContentId specified in the token doesn't have any product <br>4024: Specified content does not exist in Information Management system <br>4025: Subscribed product has expired <br>4026: Product status is unsubscribed <br>4027: Device binding error <br>4028: Specified URI profile does not exist in Information Management system <br>4029: ExplicitIv is mandatory if Fairplay is present in DRMSystemList <br>4030: Inconsistent Request <br>4031: Could not find usage rule profile <br>4032: Unexpected Content Key token received in the request <br>4033: Session token missing <br>4034: Multiple session token not allowed <br>4035: Missing AccountId in ContentAuthZ token <br>3037: Max session is invalid or missing <br>4038: Unexpected token type <br>4039: Device referenced in challenge doesn't exist <br>4040: ContentAuthZ or DevAuthN token signature missing in Session token <br>4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN <br>4042: Multiple keys w/o startDate have been found <br>4043: Content startDate too far in the future <br>4044: Device hdcp protection failure <br>4047: Content Right end date is in the past <br>4100: Device does not exist <br>4101: Device reregistration required <br>4102: Device not authorized <br>4103: Content not approved for playback over airplay <br>4104: Content not approved for playback over digital av adapter <br>4105: Account not authorized <br>4106: Content not allowed for drm <br>4107: Content not distributed by operator <br>4109: Token not reusable on device <br>4110: Offline license is not allowed <br>4111: Invalid token <br>4112: Multiple keys for same time window are not allowed <br>4113: Data Not Found \n" }, "400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: <br>1001: Invalid request format <br>1002: Invalid interface version in request URL <br>1003: Empty header <br>1004: Invalid authorizations format <br>2001: Invalid challenge format <br>2002: Challenge's active key generation not matching key package generation <br>2100: Unsupported FPS version <br>2101: Unknown FPS certificate fingerprint <br>2102: PSSH missing in license request <br>2103: No ContentId found in license request <br>2104: Invalid deviceId found in license request <br>3001: Content Authorization token version not supported <br>3002: Content Key token version not supported <br>3003: One or more header parameter is missing <br>3004: Token encryption key is not valid <br>3005: Token type is unknown <br>3006: Token format not supported <br>3007: Content Rights format not supported <br>3008: Entitlements format not supported <br>3009: Account format not supported <br>3010: The drm does not support to have multiple content rights <br>4000: Ungranted request <br>4001: Content Authorization token missing in request <br>4002: Content Key token referenced missing in request <br>4003: Several Content Authorization tokens in request <br>4004: Duplicate content keys <br>4005: Invalid expiration date (exp field value) <br>4006: Token already played (jti field value) <br>4007: Device ID mismatch between token and challenge <br>4008: Device security level insufficient <br>4009: Tenant ID mismatch between request and tokens <br>4010: Credential Privilege Mismatch <br>4011: No valid key found for key id <br>4012: Invalid api in header request <br>4013: Invalid caller in header request <br>4014: Problem related to kid in request <br>4015: Device, Account or Content selection cannot be authorized <br>4016: Missing mandatory field <br>4017: Device is disabled <br>4018: Device specified in the token doesn't exist <br>4019: Device is not associated to the provided account <br>4020: Account is not in the ACTIVE state <br>4021: Product specified doesn't have any entitlement <br>4022: Specified tenant doesn't exist in Rights Management system <br>4023: ContentId specified in the token doesn't have any product <br>4024: Specified content does not exist in Information Management system <br>4025: Subscribed product has expired <br>4026: Product status is unsubscribed <br>4027: Device binding error <br>4028: No compliant track was found<br>4023: Content startDate too far in the future <br>4031: Usage rule profile does not exist <br>4032: Unexpected Content Key token received in the request <br>4033: Missing Session token in the request <br>4034: Multiple session tokens have been received in the same request <br>4035: Missmatch between the account id in ContentAuthZ and Session tokens <br>4036: Missing accountId field in ContentAuthZ <br>4037: Missing maxSessions field in ContentAuthZ <br>4038: Unexpected token type <br>4039: Device referenced in challenge doesn't exist <br>4040: ContentAuthZ or DevAuthN token signature missing in Session token <br>4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN token <br>4042: Multiple keys w/o startDate have been found<br>4043: Content startDate too far in the future <br>4100: Device does not exist <br>4101: Device reregistration required <br>4102: Device not authorized <br>4103: Content not approved for playback over airplay <br>4104: Content not approved for playback over digital av adapter <br>4105: Account not authorized <br>4106: Content not allowed for drm <br>4107: Content not distributed by operator <br>4108: Widevine client persistent mode not working <br>4109: Token not reusable on device <br>4110: Offline license is not allowed <br>4111: Content Authorization, Device Authentication or SDP token missing in request <br>4112: No content rights found matching the license request <br>4113: Number of allowed requests exceeded <br>4114: Either AccountId or DeviceId has to be provided in devAuthN token\n" }, "500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error codes:\n<br>5001: License generation error reported by DRM SDK\n<br>5002: Key package initialization error\n<br>6001: Internal error\n<br>6002: Connection or communication protocol error\n<br>6003: Server configuration error\n" }, "SWPRM500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRM500ErrorResponse" } } }, "description": "Error codes:\n<br>5001: License generation error reported by DRM SDK\n<br>5002: Key package initialization error\n<br>6001: Internal error\n<br>6002: Connection or communication protocol error\n<br>6003: Server configuration error\n" }, "PR500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error response for PlayReady license request is embedded within custom data.\n<br>\n<br> Examples:\n <pre>\n <soap:Envelope ...>\n  <soap:Body>\n   <AcquireLicenseResponse ...>\n    <AcquireLicenseResult>\n     <Response ...>\n      <LicenseResponse ...>\n       (...)\n       <CustomData>\n <br>\n        {\n         \"errorCode\": 6001,\n         \"code\": 500,\n         \"message\": \"Internal error\"\n        }\n <br>\n       </CustomData>\n      </LicenseResponse>\n     </Response>\n    </AcquireLicenseResult>\n   </AcquireLicenseResponse>\n  </soap:Body>\n </soap:Envelope>\n</pre>\n <pre>\n <soap:Envelope ...>\n  <soap:Body>\n   <AcquireLicenseResponse ...>\n    <AcquireLicenseResult>\n     <Response ...>\n      <LicenseResponse ...>\n       (...)\n       <CustomData>\n <br>\n        \n         System.Web.Services.Protocols.SoapException: Device Certificate Revoked.\n       \n       StatusCode 0x8004c065 /StatusCode \n       \n       \n <br>\n       </CustomData>\n      </LicenseResponse>\n     </Response>\n    </AcquireLicenseResult>\n   </AcquireLicenseResponse>\n  </soap:Body>\n </soap:Envelope>\n</pre>\nError codes:\n<br>1001: Invalid request format\n<br>2001: Invalid challenge format\n<br>4000: Ungranted request\n<br>6001: Internal error\n<br>6002: Connection or communication protocol error\n<br>6003: Server configuration error\n<br>7001: Service temporarily unavailable\n" }, "FP500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description":"Error codes: <br>5001: License generation error reported by DRM SDK <br>5002: Key package initialization error <br>6001: Internal error <br>6002: Connection or communication protocol error <br>6003: Server configuration error <br>6004: Error occurred while key encryption <br>6005: Error while generating random key <br>6006: Error while generating MAC key/value <br>6007: Key-manager service is not reachable <br>6008: Error occurred while key decryption <br>6009: Missing atm url in the configuration \n" }, "WV500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error codes: <br>5001: License generation error reported by DRM SDK <br>5002: Key package initialization error <br>6001: Internal error <br>6002: Connection or communication protocol error <br>6003: Server configuration error <br>6004: Error occurred while key encryption <br>6005: Error while generating random key <br>6006: Error while generating MAC key/value <br>6007: Key-manager service is not reachable <br>6008: Error occurred while key decryption <br>6009: Missing atm url in the configuration \n" }, "Certificate500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error codes:\n<br>6001: Internal error\n" } }, "requestBodies": { "WidevineChallenge": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChallengeJSON" }, "example": { "challenge" : "CAESyg0KzgwIARLrCQquAggCEhA+2BC9XRe4U+BtVfxdYvtsGJuyo84FIo4CMIIBCgKCAQEA0LzejJbi4h7l7RB5y6eMEjx0p6fFHrApjm3clzRUUeaIEGoQvbM92kkC46pJMkAPmYOmN2ljiiMuVqdlesgHeDT3KoTpmUrA26mafUo/Fx82mw8YKRyP/nwiQHTinI8Ty66Pwr/WivQyNm45Gk2263Yw37a7EIu8Z29nLzaJwluLrEVjxYTIjDsuY4O6RyFkS98p63xiVR/E8oWEDDU1QFdA0jphbxwUNchcllay+Jj++9Yi52Y2nVx2zldwo6DgmUuT6i6ys+VkvORkqDvqx89VfZSvWR6t6anS3upUi4ZYxc2rZFIsjkE3tko/ZUv9KAA94uy3xnTIXPUuYv1+fQIDAQABKMA0EoACYeLipVAWKzWXuh1GSXbkrS8uKj4+5289nxypWybFamLNsaLq6sSaZ5m0P9lbGew9r84ZFz+jrxFhxsrSYoIs+vtDvqTg9/EPBZhHRhbWDEbE74L9AQim/BRx8f5dXs0ePrSu8JC+2woRAD6kPqMoUAA7XYqXM4PAML+jwzK57lmfQAhcq8iuLmH7srD7Ti8RjF1YD8JwZF7yFkuer//bI6FCtVmcHoClWb2FhAqlXG3IEQ2VLjtfiLFVl4qY1zeSwz60XJUQBGoLvvqGwRDUOhTBVZTJinWyPdqRZXnbnvFFVkV4FnI5koBXarYl53IS9u2NF0Dv1MNMdY9XzEFvfhq0BQquAggBEhASqgK+FxGhlxP70rVZ8RnzGMjgnbgFIo4CMIIBCgKCAQEAslO3gaTon+lSqGB33pfvFpVFUb2WITRegpbjA7u8iv+44xv53N0ZggOdJME14i460kOaYZ+PEDlaU10HlBqv5yn8Nk2tnwHs+1rY+AufTBuBWhKWaCg35YdGiCFm3/QHnBbtYqE1GqoCyHLmS7FUbj0iBJF6tOr7/qR4NW2/eRsfe89K/qNi73lP97JUQrZn8pKVZ8pijET+aTFFE+iZi7IQnuqFibGIAmzcrQLDbYLlgrrTdp/AxPsjUHgAE9GF3PnsVZfmbChaK+wV1fG5p/Ke0LLXvQRS5XpefD+3aH/tNWGfr+RDFeAwht/oFX0pOVHEZLTiXpxq/iE/SE3k9wIDAQABKMA0EoADsmVh9iHXpzmob8Wxy+GUAyfUHBOQG8TvlD/n6BiBz4F3lY1HiHQSJVNGTvboZZNkg0oI6o7mhh616Y/4RlfSiVGqHzRaGol4SFow82DZnyF4ozsUrJpi/FFMc5KpwSEE4N0GIMq4asbsbK5RXUrtaRpG8rH80tu50Ft4veei6bzwACvS9QrkFcL7zvby3DT9mHZtn46ytrGqmogftrT6FfvOUCdoyfizLBfQM0LY3zRUp5h03W7GhwueR0Jg/4g5XZKvA2LzQov9120qczOxP9RtE0PP1h/EnsXidfdYsbOP+IgYcBHHaqtVaFWPWKxt9+cPy/0gYYzfnpT5axotlo96aJm96arZnt5QxZUAASq/OwSzqgRojZqmB91tTwP7LOrFaNfwq4Icb29gSAN2nofl4WFZx/VSvXBB/alBlc8tOJxM0wzzKw5c2EFC2qRjuPsIDF6MJWaicUERdcDoO24JaRItXCeW0rv+PQSuwbU+oJOI9HWGmtcKU/1fYLABGhYKDGNvbXBhbnlfbmFtZRIGR29vZ2xlGhYKCm1vZGVsX25hbWUSCFBpeGVsIFhMGh4KEWFyY2hpdGVjdHVyZV9uYW1lEglhcm02NC12OGEaFQoLZGV2aWNlX25hbWUSBm1hcmxpbhoWCgxwcm9kdWN0X25hbWUSBm1hcmxpbhpSCgpidWlsZF9pbmZvEkRnb29nbGUvbWFybGluL21hcmxpbjo4LjAuMC9PUFIzLjE3MDYyMy4wMDgvNDI5NDc4Mzp1c2VyL3JlbGVhc2Uta2V5cxotCglkZXZpY2VfaWQSIDQwNEUzNjFERkVDOQAAAAAAAAAAAAAAAAAAAAAAAAAAGiYKFHdpZGV2aW5lX2NkbV92ZXJzaW9uEg52NS4wLjAtYW5kcm9pZBokCh9vZW1fY3J5cHRvX3NlY3VyaXR5X3BhdGNoX2xldmVsEgEwMgwQASAEKAswAUAASAASZwplCj8IARIQZqG5xJnoRgyQCujhkz492RoFbmFncmEiIm1nbV9jYXNpbm9yb3lhbGUyMDA2X3ZtX2hkX2ZlYXR1cmUQARogMTNENUIzRDI5OTBGOTQ4QjEzMDAwMDAwMDAwMDAwMDAYASCGnaPPBTAVOO709cIFGoAClij7B6/xJHElumMyJeTc57UIdqX3Fy2PocBtuFO07LI1+eLakFVNPHQevJB6sSqAX0f9KNusI9TsVFuTbzgi6NvBhQyrGe/UiYQ1VCzxHnrM8dVb/AvrlI7amHLPJ6nnXAnnDnutFW01mDFlxwQNThWHfKpqkZH20PtKeIZ1JLmhwCojITKf7RzuKPS8tlHpr5IelS3Yjry306iBVagLIvXzFnA2skZxDzXESaR+7gmWUEi8dKPdm/2b6T1wsFhML1vGObTOiRtORW+nAzHgZ3b62JB/SRffEgDljiHblqnGUxKrFcsylJYzoXUgZ9IqsVsCVBbXl5yY07vSDDfxUQ==" } }, "application/octet-stream": { "schema": { "$ref": "#/components/schemas/ChallengeBinary" }, "example": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXAiOiJDb250ZW50QXV0aFoifQ.Zg96EpL7WrMALBv1OnMFx-EJqqDlLwR3hO2R_4xZW0w" } }, "required": true, "description": "<body> <h2>Widevine challenge</h2> Two modes available: <ul>\n <li>application/json\n <li>application/octet-stream\n</ul> <h2>application-json</h2> The challenge case be embedded in a JSON structure. In this case, the license will be returned in a JSON structure as well. <h2>application/octet-stream</h2> The challenge can be sent directly as a binary payload. In this case, the license will be returned as a binary payload as well.\n" }, "FairPlayChallenge": { "content": { "description": { "schema": { "$ref": "#/components/schemas/ChallengeBinary" } } }, "required": true, "description": "<h2>FairPlay challenge (SPC)</h2> One mode available: <ul>\n <li>application/octet-stream\n</ul>" }, "TKRequestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TKRequestJSON" }, "example": { "OttLicenseRequestMessage": { "ASN1": "MIIEmoCCBIQwggSAgIIEEDmjWos50rMnt1gnhsciuj+QE8Tm4tFMtua7zyFK+jozN5I4ncu594uXCm/Mhufruz0hIe+C7LoQuN2GiIV4u3V3bFYDvYJCAhb/d6176SMbih5x9w7SmA84ASPzHcJLKbXPSQ/S1wVCkfHZT+OUQ2jqwOYez9q5VpobhlfvD6GZFEkXp/3Z3yju1/wJWv8GW4uZKT1qeJYERUhHqT8wE0GgcC1/1QVdG8+jJ2VFWUzWkL7oK0OhOEcz0uSBjSgTTIZTA2aedkLQRxpU5tv/aS6/+FfFMm9mu+yMERs5kETS7e03lhKZBHc2vm0Si+KBuO5rdWiysMhsyQksjZsi1BnbTDiIqxT8P/UJ9gEB+0Md5pWkdhvOwKLAkM8FXIS+tYsamvU6QAXBZgHrxpITz15B2Qojz45dkYcVmmuYjFEtJ9d9ZemP05kfe/2XQmzsEHQEr+5xG4NAwe9Vpqgj/IJFuuVufNQzLIN79GICQvJKBNUWlXa554dLxjCO77Pe9eOXTkijn8jeGCJMX7DrJf4n2owsXmbh4hcqZn0QornjPKhWWCWCutwBwxvxB9iV3i4zB8zZnJJ2hSUatBzNYdHd7PAb58HtmlFmGkOR/fKQkLDFcLEVCpy6xOEE0zfU4z1/9CE3cvEhcDqQK0GtAR+VUguPXqzEM5ImvVv3RDwBJipGwybbfgezd/AC3rKefuGY4vnMAfc1SnwhQeUqIaUl99+09LqoTt30Noav2L+jD098z+MximVH7lkF2s+hsC+8sdnMv2zbP47yZkCfh3NGwJBVF0qtwb144RwQ6WmHfAxGuVJqZ96TBo2QYodVePxSbH7uoViC2xLl3AOhwqnvv3TmXzVvJV+sYYPk5m7KW1o7PQTbZimCo+0kThO7SopeuqZEOOUYbjsPhyNOoJ+mv8x5snFBtyBGXxODcT4IXhHEhe6AQD13YKdIc/j5/q3jOANhlTZ33wJsvvAokBEE9h5n672zeqvXWVn20Lm9IMUeZewh2y4j+P+nJPW6NTbNPSLvcHdqUDLhyZajHfc7znAGB+WHWrE6r+6iwC+6m3wX93tR+OQhtpyTyBt6pTFz5XdkFyo/qkGFYbWu+EzoNUZvZhhXgtzJ64xIAfLYfFWiSEYvzUltF+yC6Be3HrbWFjf3EGKesUkOhauxvhHXt6Zss5Q10xCD9VdSE0BYz5R/iXWm7mk2H80BfEt82RuWOUW8hT99nmF25NErfGHApuE+xzBMT1Qy0j6xkFUQPbs3gdeCA+xh6+/INCmETECDt1ulZGySeBnUZ7QDH4sGg51pCHmUd2M5IKi/4Vlhvm97ZJkDhwfHsOtd/64cSwdjdR1MnAEA0E6juWHSvv8ug2+RHgFIVuLpWhj71BQZgWCgkbZGPV6M66EUdAkGLYZ2k1Z58DIK5zyWkXCHs5LPFV3VQ8B8RUyUMi7XBeGQCmpmIcwGs4cGv57Dbm3/zd4Nj24NKZf/dxTVb9R4A8iWvxZ+Ts6PP8SwUZBFJqGc/ViCCAAAAAAAAL4BgRA0tUQlgn43diO5hhw1wzhE", "ApplicationData5": "" } } } }, "required": true, "description": "It is the message request sent by the TVkeyCloud device to the server when it needs to retrieve licenses." }, "PlayReadyChallenge": { "content": { "text/xml": { "schema": { "$ref": "#/components/schemas/PlayReadyChallenge" }, "example": "<challenge>\n <CustomData> \n { \"nv-authorizations\": [ \"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", \"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\" ] }\n </CustomData>\n</challenge>\n" } }, "required": true, "description": "<body> <h2>PlayReady challenge</h2> To ensure compatibility with few PlayReady clients, PlayReady-LS may alternatively find list of tokens <i>(nv-authorizations)</i> or SDP token <i>(nv-application-data)</i> within challenge's custom data, rather than in request header. <h2>Format</h2> <pre> <challenge>\n <CustomData> \n JSON object encompassing <i>nv-authorizations</i> or <i>nv-application-data</i>\n </CustomData>\n</challenge> </pre> <h2>Examples</h2> <h3>Example: nv-authorizations</h3> <pre> <challenge>\n <CustomData> \n { \"nv-authorizations\": [ \"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", \"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\" ] }\n </CustomData>\n</challenge> </pre> <h3>Example: nv-application-data</h3> <pre> <challenge>\n <CustomData> \n { \"nv-application-data\": \"{\\\"com.nagra.applicationData\\\":\\\"kEPkNczR...GlkZGVu\\\"}\" }\n </CustomData>\n</challenge> </pre>\n" }, "PRMChallenge": { "content": { "application/json": { "schema": { "type": "object", "oneOf": [ { "$ref": "#/components/schemas/PRMChallenge" }, { "$ref": "#/components/schemas/PRMChallengeCallbackMode" } ] }, "example": { "challenge": { "SIGNED_DATA": { "PUBLIC_DATA": { "applicationClearData": "01020304050607080910", "signalingData": { "contentID": "P08.02. OTT VOD single license postdelivery (VOD)", "keyID": "ffffffff-aaaa-bbbb-cccc-222000000229" }, "prmcVersion": "1.6.0", "generation": 2, "credentialsId": "43cd3747-55e8-3917-00fc-41113113c398", "operatorId": 48641, "deviceTime": 1494428124, "deviceUniqueId": "prm.NON-NAGRA/0211/EBX.DeviceId-01", "prmaVersion": "1.6.0", "opvaultVersion": "opv_1.1.0" }, "PRIVATE_DATA": { "credentialsRanges": { "dcm": [ "0x0400", "0x0400" ], "dmm": [ "0x0400", "0x0401" ], "certificate": [ "0x0001", "0x0001" ] }, "certificate": { "SIGNED_DATA": { "PUBLIC_DATA": { "version": "0x0001", "credentialsId": "53f34fd3-861d-4a29-a918-91338aec079b", "creationDate": 1494426966, "entity": { "type": "NAGRA_PRM_OP_Device", "deviceUniqueId": "prm.NON-NAGRA/0211/EBX.DeviceId-01", "name": "Non_Nagra_STB", "platform": "NON-NAGRA/0211/EBX", "securityLevel": 1000, "operatorId": 48641, "icCredentialsId": "ece3496c-fd69-4d8b-b5ce-6b7bd6a745c8", "protectionFunctions": { "EMI": [ "0x0000", "0x0020", "0x4023", "0x4024" ], "F1": [ { "algorithmId": "0x0002" } ], "F2": [ { "algorithmId": "0x0005" } ], "Chal-S": [ { "algorithmId": "0x0004" } ], "DMM-E": [ { "algorithmId": "0x0006" } ] }, "provisioningData": "<blabla>" } } }, "SIGNATURE": { "signingCredentialsId": "fa725102-b56b-4408-abae-1385e9d7015d", "signatureData": "<blabla>" } } }, "PROTECTED_DATA": { "encryptedData": "Callback-based authorization mode: SDP token", "encryptedKey": "<blabla>" }, "HEADER": { "type": "PostPerso_Challenge", "version": "0x0400" } }, "SIGNATURE": { "privateSignatureData": "n9d8h/LYB62so71z0E3qIoRZIzAkJ2/qXhGUsXUFxf0=" } } } } }, "required": true, "description": "<body> <h2>PRM challenge</h2> Request body accepts two different schemas and depends on authorization mode: <h3>Token-based and server-based authorization modes</h3> Request body expects a <b><i>PRMChallenge</i></b> object. <h3>Callback-based authorization mode</h3> Request body expects a <b><i>PRMChallengeCallbackMode</i></b> object.\n" }, "SWPRMChallenge": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRMChallenge" }, "example": { "challenge": { "SIGNED_DATA": { "PUBLIC_DATA": { "applicationClearData": "01020304050607080910", "signalingData": { "contentID": "P08.02. OTT VOD single license postdelivery (VOD)", "keyID": "ffffffff-aaaa-bbbb-cccc-222000000229" }, "prmcVersion": "1.6.0", "generation": 2, "credentialsId": "43cd3747-55e8-3917-00fc-41113113c398", "operatorId": 48641, "deviceTime": 1494428124, "deviceUniqueId": "prm.NON-NAGRA/0211/EBX.DeviceId-01", "prmaVersion": "1.6.0", "opvaultVersion": "opv_1.1.0" }, "PRIVATE_DATA": { "credentialsRanges": { "dcm": [ "0x0400", "0x0400" ], "dmm": [ "0x0400", "0x0401" ], "certificate": [ "0x0001", "0x0001" ] }, "certificate": { "SIGNED_DATA": { "PUBLIC_DATA": { "version": "0x0001", "credentialsId": "53f34fd3-861d-4a29-a918-91338aec079b", "creationDate": 1494426966, "entity": { "type": "NAGRA_PRM_OP_Device", "deviceUniqueId": "prm.NON-NAGRA/0211/EBX.DeviceId-01", "name": "Non_Nagra_STB", "platform": "NON-NAGRA/0211/EBX", "securityLevel": 1000, "operatorId": 48641, "icCredentialsId": "ece3496c-fd69-4d8b-b5ce-6b7bd6a745c8", "protectionFunctions": { "EMI": [ "0x0000", "0x0020", "0x4023", "0x4024" ], "F1": [ { "algorithmId": "0x0002" } ], "F2": [ { "algorithmId": "0x0005" } ], "Chal-S": [ { "algorithmId": "0x0004" } ], "DMM-E": [ { "algorithmId": "0x0006" } ] }, "provisioningData": "<blabla>" } } }, "SIGNATURE": { "signingCredentialsId": "fa725102-b56b-4408-abae-1385e9d7015d", "signatureData": "<blabla>" } } }, "PROTECTED_DATA": { "encryptedData": "Callback-based authorization mode: SDP token", "encryptedKey": "<blabla>" }, "HEADER": { "type": "PostPerso_Challenge", "version": "0x0400" } }, "SIGNATURE": { "privateSignatureData": "n9d8h/LYB62so71z0E3qIoRZIzAkJ2/qXhGUsXUFxf0=" } } } } }, "required": true, "description": "<body> <h2>SWPRM challenge</h2>\n" } }, "schemas": { "nvAuthorizationsPostDeliveryMode": { "type": "array", "items": { "type": "string", "format": "binary" }, "minItems": 0 }, "PRSuccessfulResponse": { "type": "object", "description": "PlayReady successful response for license request", "required": [ "code", "errorCode" ], "properties": { "sessionToken": { "type": "string", "example": "eyJraWQiOiI2Nzk5NSIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.IHsKICAicmVxdWVzdFRva2VuU2lnbmF0dXJlIjogIlJhN3FIY0JHTHZRQmQtSG93cS1oU2JaX01kUEpUMm5oYU9LOGVxdGNFOE0iLAogICJhY2NvdW50SWQiOiAicHliX2FjY291bnRfMSIsCiAgInZlciI6ICIxLjAiLAogICJoZWFydGJlYXQiOiAzMDAsCiAgInNob3J0VmFsaWRpdHlEdXJhdGlvbiI6IDQyMCwKICAidGVuYW50SWQiOiAiQkJBTkQiLAogICJ0eXAiOiAiU2Vzc2lvbiIsCiAgInNlc3Npb25JZCI6ICIxNTY0NDg3NTE1IiwKICAiZXhwIjogMTU2NDQ4NzUxNQp9IA==.68zz74XXJDQVan9xOCvyFAkkWO7WeVwigpzAg9ho_d4", "description": "Session token" }, "model": { "type": "string", "example": "Microsoft Windows 6.4.7.000", "description": "Model of device" }, "drmDeviceId": { "type": "string", "example": "fb5134b6-7451-40e3-3fb5-54a243475149", "description": "Globally unique device ID" } } }, "FPSuccessfulResponse": { "type": "object", "description": "FairPlay successful response for license request", "required": [ "CkcMessage" ], "properties": { "CkcMessage": { "type": "string", "format": "binary", "description": "Binary FairPlay license, base64-encoded" } } }, "WVSuccessfulResponseJSON": { "type": "object", "description": "Widevine successful response for license request as a JSON structure", "required": [ "code", "errorCode" ], "properties": { "errorCode": { "type": "integer", "example": 0, "description": "Error code null if request is successful" }, "code": { "type": "integer", "example": 200, "description": "HTTP status code, same value as from header" }, "message": { "type": "string", "example": "", "description": "No message if request is successful" }, "privateData": { "type": "string", "example": "", "description": "Data returned by the authorization application to the client" }, "license": { "type": "array", "items": { "type": "string", "format": "binary" }, "minItems": 0, "example": [ "dGhpcyBpcyBhbiBlbnRpdGxlbWVudA==" ], "description": "License entitlements granted" } } }, "WVSuccessfulResponseOctetStream": { "type": "string", "format": "binary", "description": "Widevine successful response for license request as a binary object. In this case, only one license can be delivered.", "example": "dGhpcyBpcyBhbiBlbnRpdGxlbWVudA==" }, "CertificateSuccessfulResponse": { "type": "string", "format": "binary", "description": "License server certificate", "example": "dGhpcyBpcyBhbiBlbnRpdGxlbWVudA==" }, "ChallengeJSON": { "properties": { "challenge": { "type": "object" } }, "required": [ "challenge" ] }, "PlayReadyChallenge": { "description": "<h3>Description</h3>\nChallenge generated by the device, which might encompass <i>nv-authorizations</i> or <i>nv-application-data</i> in custom data according to the context\n", "type": "string", "format": "xml" }, "ChallengeBinary": { "description": "<h3>Description</h3>\nChallenge generated by the device\n<br>Format: Binary\n", "type": "binary", "format": "binary" }, "Standard400ErrorResponse": { "type": "object", "required": [ "code", "errorCode", "message" ], "properties": { "code": { "type": "integer", "example": 400, "description": "HTTP status code, same value as from header" }, "errorCode": { "type": "integer", "example": 2001, "description": "Business error code" }, "message": { "type": "string", "example": "Invalid request", "description": "Error family", "enum": [ "Invalid request", "Forbidden" ] } } }, "Standard404ErrorResponse": { "type": "object", "required": [ "code", "errorCode", "message" ], "properties": { "code": { "type": "integer", "example": 404, "description": "HTTP status code, same value as from header" }, "errorCode": { "type": "integer", "example": 2001, "description": "Business error code" }, "message": { "type": "string", "example": "Invalid request", "description": "Error family", "enum": [ "Invalid request", "Forbidden" ] } } }, "Standard500ErrorResponse": { "type": "object", "required": [ "code", "errorCode", "message" ], "properties": { "code": { "type": "integer", "example": 500, "description": "HTTP status code, same value as from header" }, "errorCode": { "type": "integer", "example": 6001, "description": "Business error code" }, "message": { "type": "string", "example": "Internal error", "description": "Error family", "enum": [ "Internal error" ] } } } } } }