Content License Mgt Service (CLM) for PurePlay MDRM

If you are using Contego/Conax products, please refer to the documentation available at https://doc.integra.nagra.com/.

{ "openapi": "3.0.3", "info": { "version": "21.10", "title": "OTT License Servers API" }, "servers": [ { "url": "https://{frontAddress}/{tenantId}", "variables": { "frontAddress": { "default": "xxx.xxx.xxx.xxx", "description": "Address of SSP host" }, "tenantId": { "default": "NAG0000", "description": "String, value provided by Nagra" } } } ], "tags": [ { "name": "Widevine-LS", "description": "Request for the Widevine license server" }, { "name": "PlayReady-LS", "description": "Request for the PlayReady license server" }, { "name": "FairPlay-LS", "description": "Request for the FairPlay license server" } ], "paths": { "/wvls/contentlicenseservice/v1/certificates": { "get": { "tags": [ "Widevine-LS" ], "summary": "Get Widevine license server certificate", "responses": { "200": { "$ref": "#/components/responses/Certificate200Response" }, "500": { "$ref": "#/components/responses/Certificate500Response" } } } }, "/wvls/contentlicenseservice/v1/licenses": { "post": { "tags": [ "Widevine-LS" ], "summary": "Get an OTT post-delivery license for Widevine", "parameters": [ { "$ref": "#/components/parameters/xCorrelationId" }, { "$ref": "#/components/parameters/nvAuthorizationsPostDeliveryMode" } ], "requestBody": { "$ref": "#/components/requestBodies/WidevineChallenge" }, "responses": { "200": { "$ref": "#/components/responses/WV200Response" }, "400": { "$ref": "#/components/responses/WV400Response" }, "500": { "$ref": "#/components/responses/WV500Response" } } } }, "/prls/contentlicenseservice/v1/licenses": { "post": { "tags": [ "PlayReady-LS" ], "summary": "Get an OTT post-delivery license for PlayReady", "parameters": [ { "$ref": "#/components/parameters/xCorrelationId" }, { "$ref": "#/components/parameters/nvAuthorizationsPlayReady" }, { "$ref": "#/components/parameters/nvQueryParamPlayReady" } ], "requestBody": { "$ref": "#/components/requestBodies/PlayReadyChallenge" }, "responses": { "200": { "$ref": "#/components/responses/PR200Response" }, "500": { "$ref": "#/components/responses/PR500Response" } } } }, "/fpls/contentlicenseservice/v1/certificates": { "get": { "tags": [ "FairPlay-LS" ], "summary": "Get FairPlay license server certificate", "responses": { "200": { "$ref": "#/components/responses/Certificate200Response" }, "500": { "$ref": "#/components/responses/Certificate500Response" } } } }, "/fpls/contentlicenseservice/v1/licenses": { "post": { "tags": [ "FairPlay-LS" ], "summary": "Get an OTT post-delivery license for FairPlay", "parameters": [ { "$ref": "#/components/parameters/xCorrelationId" }, { "$ref": "#/components/parameters/nvAuthorizationsPostDeliveryMode" } ], "requestBody": { "$ref": "#/components/requestBodies/FairPlayChallenge" }, "responses": { "200": { "$ref": "#/components/responses/FP200Response" }, "400": { "$ref": "#/components/responses/FP400Response" }, "500": { "$ref": "#/components/responses/FP500Response" } } } } }, "components": { "parameters": { "tenantId": { "in": "path", "name": "tenantId", "required": true, "schema": { "type": "string" }, "description": "Tenant ID which the device requesting the certificate belongs to. It should match the tenantId from the server's URL." }, "xCorrelationId": { "in": "header", "name": "x-correlation-id", "required": false, "schema": { "type": "string", "format": "uuid" }, "description": "<h2>Description</h2> If not provided (null or empty), a random UUID value is assigned to the incoming request UUID format recommended, but any string of max 68 bytes will be accepted <h2>Example</h2> <pre>123e4567-e89b-12d3-a456-426655440000</pre>\n" }, "nvQueryParamPlayReady": { "name": "renew", "in": "query", "description": "Indicates if this is a license renew(proactive) request or not.", "required": false, "schema": { "type": "boolean" } }, "nvAuthorizationsPostDeliveryMode": { "in": "header", "name": "nv-authorizations", "required": false, "schema": { "$ref": "#/components/schemas/nvAuthorizationsPostDeliveryMode" }, "description": "<h2>Description</h2> Comma-separated list of base-64 JWT <h2>Authorization modes</h2> <h3>Token-based authorization mode</h3> SSP tokens expected: <ul>\n <li>1 ContentAuthZ token\n <li>0..n Kc tokens\n <li>0..1 Session token when Secure Session Management (SSM) is used\n</ul> <h2>Examples</h2> <h3>Single token example</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiJhY2NvdW50XzEyMyIsInZlciI6IjEuMCIsInRlbmFudElkIjoidGVuYW50XzEyMyIsInR5cCI6IkRldkF1dGhOIiwiZXhwIjoxNjYzMzI2NjYyLCJkZXZpY2VJZCI6ImRldmljZV8xMjMifQ.CYKYCkYbcpCPSwxIbtI8h4rePdVv2OjgD5rSvXY76E\"</pre> <h3>Multiple tokens example (comma-separated tokens)</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", \"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\"</pre>\n" }, "nvAuthorizationsPostDeliveryModeTK": { "in": "header", "name": "nv-authorizations", "required": false, "schema": { "$ref": "#/components/schemas/nvAuthorizationsPostDeliveryMode" }, "description": "<h2>Description</h2> Comma-separated list of base-64 JWT <h2>Authorization modes</h2> <h3>Token-based authorization mode</h3> SSP tokens expected: <ul>\n <li>1 ContentAuthZ token\n <li>0..n Kc tokens\n <li>0..1 Session token when Secure Session Management (SSM) is used\n</ul> <h3>Server-based authorization mode</h3> <h4>Authentication using SSP tokens</h4> SSP tokens expected: <ul>\n <li>1 DevAuthN token\n <li>0..1 Session token when Secure Session Management (SSM) is used\n</ul> <h4>Authentication with no SSP token</h4> Alternatively, if the SoC UID of a TVKeyCloud device is already known from authorization server (ADM), token is not required. In this case, the authorization is based on TVKeyCloud challenge content. <h3>Callback-based authorization mode</h3> Not applicable (field nv-authorizations not provided) <h2>Examples</h2> <h3>Single token example</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiJhY2NvdW50XzEyMyIsInZlciI6IjEuMCIsInRlbmFudElkIjoidGVuYW50XzEyMyIsInR5cCI6IkRldkF1dGhOIiwiZXhwIjoxNjYzMzI2NjYyLCJkZXZpY2VJZCI6ImRldmljZV8xMjMifQ.CYKYCkYbcpCPSwxIbtI8h4rePdVv2OjgD5rSvXY76E\"</pre> <h3>Multiple tokens example (comma-separated tokens)</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", \"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\"</pre>\n" }, "nvAuthorizationsSWPRM": { "in": "payload", "name": "nv-authorizations", "required": true, "schema": { "$ref": "#/components/schemas/nvAuthorizationsPostDeliveryMode" }, "description": "<h2>Description</h2> Comma-separated list of base-64 JWT Content depends on nv-portal-id: <ul>\n <li>\"SSP AuthZ\" for token-based and server based authorization modes\n <li>\"SDP AuthZ\" for callback-based authorization mode\n</ul> <h2>Authorization modes</h2> <h3>Token-based authorization mode</h3> SSP tokens expected: <ul>\n <li>1 ContentAuthZ token\n <li>0..n Kc tokens\n</ul> <h3>Server-based authorization mode</h3> SSP token expected: <ul>\n <li>1 DevAuthN token\n</ul> <h3>Callback-based authorization mode</h3> SSP token expected: <ul>\n <li>1 MediaLive SDP token\n</ul> <h2>Examples</h2> <h3>Single token example</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiJhY2NvdW50XzEyMyIsInZlciI6IjEuMCIsInRlbmFudElkIjoidGVuYW50XzEyMyIsInR5cCI6IkRldkF1dGhOIiwiZXhwIjoxNjYzMzI2NjYyLCJkZXZpY2VJZCI6ImRldmljZV8xMjMifQ.CYKYCkYbcpCPSwxIbtI8h4rePdVv2OjgD5rSvXY76E\"</pre> <h3>Multiple tokens example (comma-separated tokens)</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", \"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\"</pre>\n" }, "SWPRMAPIVersion": { "in": "query", "name": "version", "required": false, "schema": { "$ref": "#/components/schemas/SWPRMAPIVersion" }, "description": "<h2>Description</h2> Version of the API, default: 1\n" }, "nvAuthorizationsPlayReady": { "in": "header", "name": "nv-authorizations", "required": false, "schema": { "$ref": "#/components/schemas/nvAuthorizationsPostDeliveryMode" }, "description": "<h2>Description</h2> Comma-separated list of base-64 JWT <h2>Modes available</h2> It can be provided in two different modes: <ul>\n <li>authorization tokens in payload (PlayReady CustomData in Challenge)\n <li>authorization tokens in header\n</ul> <h2>Mode: authorization tokens in payload</h2> Header parameter nv-authorizations is not applicable. <h2>Mode: authorization tokens in header</h2><h3>Token-based authorization mode</h3> SSP tokens expected: <ul>\n <li>1 ContentAuthZ token\n <li>0..n Kc tokens\n <li>0..1 Session token when Secure Session Management (SSM) is used\n</ul> (field nv-authorizations not provided) <h2>Examples</h2> <h3>Single token example</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWQiOiJhY2NvdW50XzEyMyIsInZlciI6IjEuMCIsInRlbmFudElkIjoidGVuYW50XzEyMyIsInR5cCI6IkRldkF1dGhOIiwiZXhwIjoxNjYzMzI2NjYyLCJkZXZpY2VJZCI6ImRldmljZV8xMjMifQ.CYKYCkYbcpCPSwxIbtI8h4rePdVv2OjgD5rSvXY76E\"</pre> <h3>Multiple tokens example (comma-separated tokens)</h3> <pre>\"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", \"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\"</pre>\n" } }, "responses": { "Certificate200Response": { "content": { "application/octet-stream": { "schema": { "$ref": "#/components/schemas/CertificateSuccessfulResponse" } } }, "description": "Successful response for license server certificate request" }, "WV200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WVSuccessfulResponseJSON" } }, "application/octet-stream": { "schema": { "$ref": "#/components/schemas/WVSuccessfulResponseOctetStream" } } }, "headers":{ "model":{"schema": {"type": "string"}, "description":"Contains the model of the device sending the license request"}, "drmDeviceId":{"schema":{"type": "base64 string"}, "description": "Contains the device id"} } , "description": "Successful response for Widevine license request License can be returned in two different ways: <ul>\n <li>Embedded as an array of licenses in a JSON object (content-type: application/json)\n <li>As a binary content directly (content-type: application/octet-stream)\n</ul> Several licenses can only be returned in a single request with a JSON object.\n" }, "PR200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PRSuccessfulResponse" } } }, "description": "Successful response for PlayReady license request Response is embedded within custom data from PlayReady's license response Example: <pre>\n <soap:Envelope ...>\n <soap:Body>\n <AcquireLicenseResponse ...>\n <AcquireLicenseResult ...>\n <AcquireLicenseResult>\n <Response ...>\n <LicenseResponse ...>\n <Version ...>\n <Licenses ...>\n <License ...> WE1SAAAAAANzNAh9L....\n <CustomData ...>\n \n {\n \"sessionToken\": \"eyJraWQiOiI0NDMyMDgiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9....\",\n \"model\": \"Microsoft Windows 6.4.7.000\",\n \"drmDeviceId\": \"fb5134b6-7451-40e3-3fb5-54a243475149\"\n }\n \n </CustomData>\n </LicenseResponse>\n </Response>\n </AcquireLicenseResult>\n </AcquireLicenseResponse>\n </soap:Body>\n </soap:Envelope>\n</pre>\n" }, "PRM200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PRMSuccessfulResponse" } } }, "description": "Successful response for PRM license request" }, "SWPRM200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRMSuccessfulResponse" } } }, "description": "Error code 0 means a successful response for SWPRM license request otherwise see below for details about error codes 0: No error 5000: Internal error 5002: Missing EJB 5101: No active player for this crypto version 5102: Unknown operator 5103: Unknown device 5104: Forbidden zeroed sender ID 4001: No connection to KSS, either KSS failure or SLS configuration 4002: Unmanaged protocol version 6101: PRM Credentials authorization - Denied 6102: PRM Credentials authorization - Error 6103: PRM Credentials authorization - Error while converting the viewingWindow 6104: PRM Credentials authorization - Mismatch content ID 6105: PRM Credentials Error 6200: Whitebox crypto error 6201: Whitebox crypto error - Key obfuscation error 6202: Whitebox crypto error - PRM Keys generation error 6203: Whitebox crypto error - Unsupported crypto version 6300: Service KSS error 6301: KSS does not return EMI for this content ID 7100: Service credentials error 7101: Failed to build DCM (builder returned null) 7102: Failed to build DMM (builder returned null) 7103: Error while building HomeDomain entitlements 7201: Incoherent secret ID / sender ID 7202: Secret ID not found 7204: Error during reconcile operation 7300: Error with server certificate 7301: Error with PEM encoding 7401: Failed to unprotect the DVS-H content key 7402: Using fairplay license is not allowed for this credentials versions 8001: Parameter missing 8003: Wrong value for one of the parameter 8004: Incoherent secretId senderId 8011: Unmanaged DCM range 8012: Unmanaged DMM range 8013: Unmanaged certifacte range 8020: Fairplay parsing error 8021: Fairplay error in CKC building 8022: Fairplay - Server is not supporting used protocol 8023: Fairplay SKR1 integrity check failed 8024: Fairplay configuration internal error" }, "SWPRMInitializeDevice200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRMInitializeDeviceSuccessfulResponse" } } }, "description": "Error code 0 means a successful response for SWPRM license request otherwise see below for details about error codes 0: No error 5000: Internal error 5002: Missing EJB 5101: No active player for this crypto version 5102: Unknown operator 5103: Unknown device 5104: Forbidden zeroed sender ID 4001: No connection to KSS, either KSS failure or SLS configuration 4002: Unmanaged protocol version 6101: PRM Credentials authorization - Denied 6102: PRM Credentials authorization - Error 6103: PRM Credentials authorization - Error while converting the viewingWindow 6104: PRM Credentials authorization - Mismatch content ID 6105: PRM Credentials Error 6200: Whitebox crypto error 6201: Whitebox crypto error - Key obfuscation error 6202: Whitebox crypto error - PRM Keys generation error 6203: Whitebox crypto error - Unsupported crypto version 6300: Service KSS error 6301: KSS does not return EMI for this content ID 7100: Service credentials error 7101: Failed to build DCM (builder returned null) 7102: Failed to build DMM (builder returned null) 7103: Error while building HomeDomain entitlements 7201: Incoherent secret ID / sender ID 7202: Secret ID not found 7204: Error during reconcile operation 7300: Error with server certificate 7301: Error with PEM encoding 7401: Failed to unprotect the DVS-H content key 7402: Using fairplay license is not allowed for this credentials versions 8001: Parameter missing 8003: Wrong value for one of the parameter 8004: Incoherent secretId senderId 8011: Unmanaged DCM range 8012: Unmanaged DMM range 8013: Unmanaged certifacte range 8020: Fairplay parsing error 8021: Fairplay error in CKC building 8022: Fairplay - Server is not supporting used protocol 8023: Fairplay SKR1 integrity check failed 8024: Fairplay configuration internal error" }, "TK200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TKSuccessfulResponse" } } }, "description": "Successful response for TVKeyCloud license request\n" }, "FP200Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FPSuccessfulResponse" } } }, "headers":{ "drmDeviceId":{"schema":{"type": "base64 string"}, "description": "Contains the device id"} } , "description": "Successful response for FairPlay license request\n" }, "PRMPostDelivery400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: 1001: Invalid request format 1002: Invalid interface version in request URL 1003: Empty header 1004: Invalid authorizations format 1005: Correlation id format error 1006: Tenant id format error 2001: Invalid challenge format 2002: Challenge's active key generation not matching key package generation 2102: PSSH missing in license request 2103: No ContentId found in license request 2104: Invalid deviceId found in license request 3001: Content Authorization token version not supported 3002: Content Key token version not supported 3003: One or more header parameter is missing 3004: Token encryption key is not valid 3005: Token type is unknown 3006: Token format not supported 3007: Content Rights format not supported 3008: Entitlements format not supported 3009: Account format not supported 3011: Account profile format not supported 4000: Ungranted request 4001: Content Authorization token missing in request 4002: Content Key token referenced missing in request 4003: Several Content Authorization tokens in request 4004: Duplicate content keys 4005: Invalid expiration date (exp field value) 4006: Token already played (jti field value) 4007: Device ID mismatch between token and challenge 4008: Device security level insufficient 4009: Tenant ID mismatch between request and tokens 4010: Credential Privilege Mismatch 4011: No valid key found for key id 4012: Invalid api in header request 4013: Invalid caller in header request 4014: Problem related to kid in request 4015: Credential not found 4016: Missing mandatory field 4017: Device is disabled 4018: Device specified in the token doesn't exist 4019:Device is not associated to the provided account 4020: Account is not in the ACTIVE state 4021: Product specified doesn't have any entitlement 4022: Specified tenant doesn't exist in Rights Management system 4024: Tenant not found 4025: Tenant is not Active 4027: Device binding error 4028: No compliant track was found 4029: Airplay output not supported 4030: Token hdcp and playbackDigitalAVAdapter Usage Rules not supported 4031: Usage rule profile does not exist 4032: Unexpected Content Key token received in the request 4033: Session token missing in request 4034: Multiple session token not allowed 4035: AccountId mismatch between auth token and session token 4036: Missing accountId field in ContentAuthZ 4037: Missing maxSessions field in ContentAuthZ 4038: Unexpected token type 4039: Device referenced in challenge doesn't exist 4040: ContentAuthZ or DevAuthN token signature missing in Session token 4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN token 4042: Multiple keys w/o startDate have been found 4043: Content startDate too far in the future 4044: Device hdcp protection failure 4046: HWPRMLS doesn't support SDP token 4047: Content rights end date in the past 4103: Content not approved for playback over airplay 4104: Content not approved for playback over digital av adapter 4106: Content not allowed for drm 4107: Content not distributed by operator 4109: Token not reusable on device 4111: Content Authorization, Device Authentication or SDP token missing in request 4112: No content rights found matching the license request 4113: Number of allowed requests exceeded\n" }, "TKLSLicense400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: 1000: Invalid license request message 1001: Invalid ASN1 1002: Invalid application data 1003: Invalid tenant identifier 1004: Invalid correlation id 1005: Invalid authorization token\n" }, "TKLSLicense404Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard404ErrorResponse" } } }, "description": "Error codes: 2000: Resource not found 2001: Cannot retrieve global keys 2002: CLM resource not found\n" }, "TKLSLicense500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error codes: 9000: An unexpected error occured 9001: Internal server error 9002: Unexpected error from TVKey SDK 9003: PDS global keys format error 9004: CLM License response format error 9005: CLM Licence request format error 9006: CLM response error\n" }, "SWPRM400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRM400ErrorResponse" } } }, "description": "Error codes: 1001: Invalid request format 1002: Invalid interface version in request URL 1003: Empty header 1004: Invalid authorizations format 2001: Invalid challenge format 2002: Challenge's active key generation not matching key package generation 2102: PSSH missing in license request 2103: No ContentId found in license request 2104: Invalid deviceId found in license request 3001: Content Authorization token version not supported 3002: Content Key token version not supported 3003: One or more header parameter is missing 3004: Token encryption key is not valid 3005: Token type is unknown 3006: Token format not supported 3007: Content Rights format not supported 3008: Entitlements format not supported 3010: The drm does not support to have multiple content rights 4000: Ungranted request 4001: Content Authorization token missing in request 4002: Content Key token referenced missing in request 4003: Several Content Authorization tokens in request 4004: Duplicate content keys 4005: Invalid expiration date (exp field value) 4006: Token already played (jti field value) 4007: Device ID mismatch between token and challenge 4008: Device security level insufficient 4009: Tenant ID mismatch between request and tokens 4010: Credential Privilege Mismatch 4011: No valid key found for key id 4012: Invalid api in header request 4013: Invalid caller in header request 4014: Problem related to kid in request 4016: Missing mandatory field 4022: Specified tenant doesn't exist in Rights Management system 4027: Device binding error 4028: No compliant track was found 4029: Airplay output not supported 4031: Usage rule profile does not exist 4032: Unexpected Content Key token received in the request 4036: Missing accountId field in ContentAuthZ 4037: Missing maxSessions field in ContentAuthZ 4038: Unexpected token type 4040: ContentAuthZ or DevAuthN token signature missing in Session token 4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN token 4042: Multiple keys w/o startDate have been found 4043: Content startDate too far in the future 4106: Content not allowed for drm 4107: Content not distributed by operator 4109: Token not reusable on device 4111: Content Authorization, Device Authentication or SDP token missing in request 4112: No content rights found matching the license request 4113: Number of allowed requests exceeded\n" }, "PRMPreDelivery400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Errors codes: 1001: Invalid request format 1002: Invalid interface version in request URL 1003: Empty header 1004: Invalid authorizations format 1005: Correlation id format error 1006: Tenant if format error 2001: Invalid challenge format 2002: Challenge's active key generation not matching key package generation 2102: PSSH missing in license request 2103: No ContentId found in license request 2104: Invalid deviceId found in license request 3001: Content Authorization token version not supported 3002: Unsupported content key token version 3003: One or more header parameter is missing 3004: Decryption error 3005: Token type is unknown 3006: Token format not supported 3007: Content Rights format not supported 3008: Entitlements format not supported 3009: Account format not supported 3011: Account Profile format not supported 4000: Ungranted request 4001: Content Authorization token missing in request 4003: Found several auth token in ATM response, but only one is allowed 4004: Duplicate content keys 4005: Invalid expiration date 4006: Token already played 4007: Device ID mismatch between token and challenge 4008: Device security level insufficient 4009: Tenant ID mismatch between request and tokens 4010: Credential Privilege Mismatch 4011: No valid key found for key id 4012: Invalid api in header request 4013: Invalid caller in header request 4014: Problem related to kid in request 4015: Device, Account or Content selection cannot be authorized 4016: Missing mandatory field 4017: Device is disabled 4018: Device specified in the token doesn't exist 4019: Device is not associated to the provided account 4020: Account is not in the ACTIVE state 4021: ContentId specified in the token doesn't have any product in OACS 4022: Specified tenant doesn't exist in Rights Management system 4024: Tenant not found 4025: Tenant is not Active 4027: Device binding error 4028: No compliant track was found 4029: Airplay output not supported 4030: Token hdcp and playbackDigitalAVAdapter Usage Rules not supported 4031: Unknown DRM type 4032: Unexpected Content Key token received in the request 4033: Session token missing in request 4034: Multiple session tokens not allowed 4035: AccountId mismatch between auth token and session token 4036: Missing accountId in contentAuthZ token 4037: MaxSession is invalid or missing 4038: Unexpected token type 4039: Device referenced in challenge doesn't exist 4040: ContentAuthZ or DevAuthN token signature missing in Session token 4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN 4042: Multiple keys w/o startDate have been found 4043: Content startDate too far in the future 4044: Device hdcp protection failure 4046: HWPRMLS doesn't support SDP token 4047: Content rights end date is in the past 4100: Device does not exist 4101: Device reregistration required 4102: Device not authorized 4103: Content not approved for playback over airplay 4104: Content not approved for playback over digital av adapter 4105: Account not authorized 4109: Token not reusable on device 4111: Content Authorization, Device Authentication or SDP token missing in request 4112: No content rights found matching the license request 4113: Number of allowed requests exceeded 4114: Either AccountId or DeviceId has to be provided in devAuthN token\n" }, "WV400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: 1001: Invalid request format 1002: Invalid interface version in request URL 1003: Empty header 1004: Invalid authorizations format 1005: Mandatory header fields are missing in the request 1006: Missing atm url in the configuration 1007: Invalid date 1008: Missing configuration in SSP for tenant 1009: Certificates in request are invalid 1010: Invalid track type 2001: Invalid challenge format 2002: Challenge's active key generation not matching key package generation 2102: PSSH missing in license request 2103: No ContentId object found in license request 2104: Invalid max HDCP version in license request 3001: Content Authorization token version not supported 3002: Content Key token version not supported 3003: One or more header parameter is missing 3004: Token encryption key is not valid 3005: Token type is unknown 3006: Token format not supported 3007: Content Rights format not supported 3008: Entitlements format not supported 3009: Account format not supported 3010: The drm does not support to have multiple content rights 3011: Accound Profile format not supported 4000: Ungranted request 4001: Content Authorization token missing in request 4002: Content Key token referenced missing in request 4003: Several Content Authorization tokens in request 4004: Duplicate content keys 4005: Invalid expiration date (exp field value) 4006: Token already played (jti field value) 4007: Device ID mismatch between token and challenge 4008: Device security level insufficient 4009: Tenant ID mismatch between request and tokens 4010: Credential Privilege Mismatch 4011: No valid key found for key id 4012: Invalid api in header request 4013: Invalid caller in header request 4014: Problem related to kid in request 4015: Device, Account or Content selection cannot be authorized 4016: Missing mandatory field 4017: Device is disabled 4018: Device specified in the token doesn't exist 4019: Device is not associated to the provided account 4020: Account is not in the ACTIVE state 4021: Product specified doesn't have any entitlement 4022: Specified tenant doesn't exist in Rights Management system 4023: ContentId specified in the token doesn't have any product 4024: Specified content does not exist in Information Management system 4025: Subscribed product has expired 4026: Product status is unsubscribed 4027: Device binding error 4028: Specified URI profile does not exist in Information Management system 4029: ExplicitIv is mandatory if Fairplay is present in DRMSystemList 4030: Incosistent Request 4031: Could not find usage rule profile 4032: Unexpected Content Key token received in the request 4033: Session token missing 4034: Multiple session tokens not allowed 4035: AccountId mismatch between auth token and session token 4036: Missing accountId in contentAuthZ token 4037: MaxSession is invalid or missing 4038: Unexpected token type 4039: Device referenced in challenge doesn't exist 4040: ContentAuthZ or DevAuthZ token signature missing in Session token 4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN 4042: Multiple keys w/o startDate have been found 4043: Content startDate too far in the future 4044: Device hdcp protection failure 4047: Content rights end date in the past 4100: Device does not exist 4101: Device reregistration required 4102: Device not authorized 4103: Content not approved for playback over airplay 4104: Content not approved for playback over digital av adapter 4105: Account not authorized 4106: Content not allowed for drm 4107: Content not distributed by operator 4108: Widevine client persistent mode not working 4109: Token not reusable on device 4110: Offline license is not allowed 4111: Invalid token 4112: Multiple keys for same time window are not allowed 4113: Data Not Found 4400: Device revoked \n" }, "FP400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: 1001: Invalid request format 1002: Invalid interface version in request URL 1003: Empty header 1004: Invalid authorizations format 1005: Mandatory header fields are missing in the request 1006: Missing atm url in the configuration 1007: Invalid date 1008: Missing configuration in SSP for tenant 1009: Certificates in request are invalid 1010: Invalid track type 2001: Invalid challenge format 2002: Challenge's active key generation not matching key package generation 2100: Unsupported FPS version 2101: Unknown FPS certificate fingerprint 2102: PSSH missing in license request 2103: No ContentId object found in license request 2104: Invalid max HDCP version in license request 3001: Content Authorization token version not supported 3002: Content Key token version not supported 3003: One or more header parameter is missing 3004: Token encryption key is not valid 3005: Token type is unknown 3006: Token format not supported 3007: Content Rights format not supported 3008: Entitlements format not supported 3009: Account format not supported 3010: Drm doesn't support to have multiple content right 3011: Account profile not supported 4000: Ungranted request 4001: Content Authorization token missing in request 4002: Content Key token referenced missing in request 4003: Several Content Authorization tokens in request 4004: Duplicate content keys 4005: Invalid expiration date (exp field value) 4006: Token already played (jti field value) 4007: Device ID mismatch between token and challenge 4008: Device security level insufficient 4009: Tenant ID mismatch between request and tokens 4010: Credential Privilege Mismatch 4011: No valid key found for key id 4012: Invalid api in header request 4013: Invalid caller in header request 4014: Problem related to kid in request 4015: Device, Account or Content selection cannot be authorized 4016: Missing mandatory field 4017: Device is disabled 4018: Device specified in the token doesn't exist 4019: Device is not associated to the provided account 4020: Account is not in the ACTIVE state 4021: Product specified doesn't have any entitlement 4022: Specified tenant doesn't exist in Rights Management system 4023: ContentId specified in the token doesn't have any product 4024: Specified content does not exist in Information Management system 4025: Subscribed product has expired 4026: Product status is unsubscribed 4027: Device binding error 4028: Specified URI profile does not exist in Information Management system 4029: ExplicitIv is mandatory if Fairplay is present in DRMSystemList 4030: Inconsistent Request 4031: Could not find usage rule profile 4032: Unexpected Content Key token received in the request 4033: Session token missing 4034: Multiple session token not allowed 4035: Missing AccountId in ContentAuthZ token 3037: Max session is invalid or missing 4038: Unexpected token type 4039: Device referenced in challenge doesn't exist 4040: ContentAuthZ or DevAuthN token signature missing in Session token 4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN 4042: Multiple keys w/o startDate have been found 4043: Content startDate too far in the future 4044: Device hdcp protection failure 4047: Content Right end date is in the past 4100: Device does not exist 4101: Device reregistration required 4102: Device not authorized 4103: Content not approved for playback over airplay 4104: Content not approved for playback over digital av adapter 4105: Account not authorized 4106: Content not allowed for drm 4107: Content not distributed by operator 4109: Token not reusable on device 4110: Offline license is not allowed 4111: Invalid token 4112: Multiple keys for same time window are not allowed 4113: Data Not Found \n" }, "400Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard400ErrorResponse" } } }, "description": "Error codes: 1001: Invalid request format 1002: Invalid interface version in request URL 1003: Empty header 1004: Invalid authorizations format 2001: Invalid challenge format 2002: Challenge's active key generation not matching key package generation 2100: Unsupported FPS version 2101: Unknown FPS certificate fingerprint 2102: PSSH missing in license request 2103: No ContentId found in license request 2104: Invalid deviceId found in license request 3001: Content Authorization token version not supported 3002: Content Key token version not supported 3003: One or more header parameter is missing 3004: Token encryption key is not valid 3005: Token type is unknown 3006: Token format not supported 3007: Content Rights format not supported 3008: Entitlements format not supported 3009: Account format not supported 3010: The drm does not support to have multiple content rights 4000: Ungranted request 4001: Content Authorization token missing in request 4002: Content Key token referenced missing in request 4003: Several Content Authorization tokens in request 4004: Duplicate content keys 4005: Invalid expiration date (exp field value) 4006: Token already played (jti field value) 4007: Device ID mismatch between token and challenge 4008: Device security level insufficient 4009: Tenant ID mismatch between request and tokens 4010: Credential Privilege Mismatch 4011: No valid key found for key id 4012: Invalid api in header request 4013: Invalid caller in header request 4014: Problem related to kid in request 4015: Device, Account or Content selection cannot be authorized 4016: Missing mandatory field 4017: Device is disabled 4018: Device specified in the token doesn't exist 4019: Device is not associated to the provided account 4020: Account is not in the ACTIVE state 4021: Product specified doesn't have any entitlement 4022: Specified tenant doesn't exist in Rights Management system 4023: ContentId specified in the token doesn't have any product 4024: Specified content does not exist in Information Management system 4025: Subscribed product has expired 4026: Product status is unsubscribed 4027: Device binding error 4028: No compliant track was found 4023: Content startDate too far in the future 4031: Usage rule profile does not exist 4032: Unexpected Content Key token received in the request 4033: Missing Session token in the request 4034: Multiple session tokens have been received in the same request 4035: Missmatch between the account id in ContentAuthZ and Session tokens 4036: Missing accountId field in ContentAuthZ 4037: Missing maxSessions field in ContentAuthZ 4038: Unexpected token type 4039: Device referenced in challenge doesn't exist 4040: ContentAuthZ or DevAuthN token signature missing in Session token 4041: Signature from Session token does not match signature from ContentAuthZ or DevAuthN token 4042: Multiple keys w/o startDate have been found 4043: Content startDate too far in the future 4100: Device does not exist 4101: Device reregistration required 4102: Device not authorized 4103: Content not approved for playback over airplay 4104: Content not approved for playback over digital av adapter 4105: Account not authorized 4106: Content not allowed for drm 4107: Content not distributed by operator 4108: Widevine client persistent mode not working 4109: Token not reusable on device 4110: Offline license is not allowed 4111: Content Authorization, Device Authentication or SDP token missing in request 4112: No content rights found matching the license request 4113: Number of allowed requests exceeded 4114: Either AccountId or DeviceId has to be provided in devAuthN token\n" }, "500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error codes:\n 5001: License generation error reported by DRM SDK\n 5002: Key package initialization error\n 6001: Internal error\n 6002: Connection or communication protocol error\n 6003: Server configuration error\n" }, "SWPRM500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRM500ErrorResponse" } } }, "description": "Error codes:\n 5001: License generation error reported by DRM SDK\n 5002: Key package initialization error\n 6001: Internal error\n 6002: Connection or communication protocol error\n 6003: Server configuration error\n" }, "PR500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error response for PlayReady license request is embedded within custom data.\n \n Examples:\n <pre>\n <soap:Envelope ...>\n Â <soap:Body>\n Â Â <AcquireLicenseResponse ...>\n Â Â Â <AcquireLicenseResult>\n Â Â Â Â <Response ...>\n Â Â Â Â Â <LicenseResponse ...>\n Â Â Â Â Â Â (...)\n Â Â Â Â Â Â <CustomData>\n \n Â Â Â Â Â Â Â {\n Â Â Â Â Â Â Â Â \"errorCode\": 6001,\n Â Â Â Â Â Â Â Â \"code\": 500,\n Â Â Â Â Â Â Â Â \"message\": \"Internal error\"\n Â Â Â Â Â Â Â }\n \n Â Â Â Â Â Â </CustomData>\n Â Â Â Â Â </LicenseResponse>\n Â Â Â Â </Response>\n Â Â Â </AcquireLicenseResult>\n Â Â </AcquireLicenseResponse>\n Â </soap:Body>\n </soap:Envelope>\n</pre>\n <pre>\n <soap:Envelope ...>\n Â <soap:Body>\n Â Â <AcquireLicenseResponse ...>\n Â Â Â <AcquireLicenseResult>\n Â Â Â Â <Response ...>\n Â Â Â Â Â <LicenseResponse ...>\n Â Â Â Â Â Â (...)\n Â Â Â Â Â Â <CustomData>\n \n Â Â Â Â Â Â Â \n Â Â Â Â Â Â Â Â System.Web.Services.Protocols.SoapException: Device Certificate Revoked.\n Â Â Â Â Â Â \n Â Â Â Â Â Â StatusCode 0x8004c065 /StatusCode \n Â Â Â Â Â Â \n Â Â Â Â Â Â \n \n Â Â Â Â Â Â </CustomData>\n Â Â Â Â Â </LicenseResponse>\n Â Â Â Â </Response>\n Â Â Â </AcquireLicenseResult>\n Â Â </AcquireLicenseResponse>\n Â </soap:Body>\n </soap:Envelope>\n</pre>\nError codes:\n 1001: Invalid request format\n 2001: Invalid challenge format\n 4000: Ungranted request\n 6001: Internal error\n 6002: Connection or communication protocol error\n 6003: Server configuration error\n 7001: Service temporarily unavailable\n" }, "FP500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description":"Error codes: 5001: License generation error reported by DRM SDK 5002: Key package initialization error 6001: Internal error 6002: Connection or communication protocol error 6003: Server configuration error 6004: Error occurred while key encryption 6005: Error while generating random key 6006: Error while generating MAC key/value 6007: Key-manager service is not reachable 6008: Error occurred while key decryption 6009: Missing atm url in the configuration \n" }, "WV500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error codes: 5001: License generation error reported by DRM SDK 5002: Key package initialization error 6001: Internal error 6002: Connection or communication protocol error 6003: Server configuration error 6004: Error occurred while key encryption 6005: Error while generating random key 6006: Error while generating MAC key/value 6007: Key-manager service is not reachable 6008: Error occurred while key decryption 6009: Missing atm url in the configuration \n" }, "Certificate500Response": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Standard500ErrorResponse" } } }, "description": "Error codes:\n 6001: Internal error\n" } }, "requestBodies": { "WidevineChallenge": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChallengeJSON" }, "example": { "challenge" : "CAESyg0KzgwIARLrCQquAggCEhA+2BC9XRe4U+BtVfxdYvtsGJuyo84FIo4CMIIBCgKCAQEA0LzejJbi4h7l7RB5y6eMEjx0p6fFHrApjm3clzRUUeaIEGoQvbM92kkC46pJMkAPmYOmN2ljiiMuVqdlesgHeDT3KoTpmUrA26mafUo/Fx82mw8YKRyP/nwiQHTinI8Ty66Pwr/WivQyNm45Gk2263Yw37a7EIu8Z29nLzaJwluLrEVjxYTIjDsuY4O6RyFkS98p63xiVR/E8oWEDDU1QFdA0jphbxwUNchcllay+Jj++9Yi52Y2nVx2zldwo6DgmUuT6i6ys+VkvORkqDvqx89VfZSvWR6t6anS3upUi4ZYxc2rZFIsjkE3tko/ZUv9KAA94uy3xnTIXPUuYv1+fQIDAQABKMA0EoACYeLipVAWKzWXuh1GSXbkrS8uKj4+5289nxypWybFamLNsaLq6sSaZ5m0P9lbGew9r84ZFz+jrxFhxsrSYoIs+vtDvqTg9/EPBZhHRhbWDEbE74L9AQim/BRx8f5dXs0ePrSu8JC+2woRAD6kPqMoUAA7XYqXM4PAML+jwzK57lmfQAhcq8iuLmH7srD7Ti8RjF1YD8JwZF7yFkuer//bI6FCtVmcHoClWb2FhAqlXG3IEQ2VLjtfiLFVl4qY1zeSwz60XJUQBGoLvvqGwRDUOhTBVZTJinWyPdqRZXnbnvFFVkV4FnI5koBXarYl53IS9u2NF0Dv1MNMdY9XzEFvfhq0BQquAggBEhASqgK+FxGhlxP70rVZ8RnzGMjgnbgFIo4CMIIBCgKCAQEAslO3gaTon+lSqGB33pfvFpVFUb2WITRegpbjA7u8iv+44xv53N0ZggOdJME14i460kOaYZ+PEDlaU10HlBqv5yn8Nk2tnwHs+1rY+AufTBuBWhKWaCg35YdGiCFm3/QHnBbtYqE1GqoCyHLmS7FUbj0iBJF6tOr7/qR4NW2/eRsfe89K/qNi73lP97JUQrZn8pKVZ8pijET+aTFFE+iZi7IQnuqFibGIAmzcrQLDbYLlgrrTdp/AxPsjUHgAE9GF3PnsVZfmbChaK+wV1fG5p/Ke0LLXvQRS5XpefD+3aH/tNWGfr+RDFeAwht/oFX0pOVHEZLTiXpxq/iE/SE3k9wIDAQABKMA0EoADsmVh9iHXpzmob8Wxy+GUAyfUHBOQG8TvlD/n6BiBz4F3lY1HiHQSJVNGTvboZZNkg0oI6o7mhh616Y/4RlfSiVGqHzRaGol4SFow82DZnyF4ozsUrJpi/FFMc5KpwSEE4N0GIMq4asbsbK5RXUrtaRpG8rH80tu50Ft4veei6bzwACvS9QrkFcL7zvby3DT9mHZtn46ytrGqmogftrT6FfvOUCdoyfizLBfQM0LY3zRUp5h03W7GhwueR0Jg/4g5XZKvA2LzQov9120qczOxP9RtE0PP1h/EnsXidfdYsbOP+IgYcBHHaqtVaFWPWKxt9+cPy/0gYYzfnpT5axotlo96aJm96arZnt5QxZUAASq/OwSzqgRojZqmB91tTwP7LOrFaNfwq4Icb29gSAN2nofl4WFZx/VSvXBB/alBlc8tOJxM0wzzKw5c2EFC2qRjuPsIDF6MJWaicUERdcDoO24JaRItXCeW0rv+PQSuwbU+oJOI9HWGmtcKU/1fYLABGhYKDGNvbXBhbnlfbmFtZRIGR29vZ2xlGhYKCm1vZGVsX25hbWUSCFBpeGVsIFhMGh4KEWFyY2hpdGVjdHVyZV9uYW1lEglhcm02NC12OGEaFQoLZGV2aWNlX25hbWUSBm1hcmxpbhoWCgxwcm9kdWN0X25hbWUSBm1hcmxpbhpSCgpidWlsZF9pbmZvEkRnb29nbGUvbWFybGluL21hcmxpbjo4LjAuMC9PUFIzLjE3MDYyMy4wMDgvNDI5NDc4Mzp1c2VyL3JlbGVhc2Uta2V5cxotCglkZXZpY2VfaWQSIDQwNEUzNjFERkVDOQAAAAAAAAAAAAAAAAAAAAAAAAAAGiYKFHdpZGV2aW5lX2NkbV92ZXJzaW9uEg52NS4wLjAtYW5kcm9pZBokCh9vZW1fY3J5cHRvX3NlY3VyaXR5X3BhdGNoX2xldmVsEgEwMgwQASAEKAswAUAASAASZwplCj8IARIQZqG5xJnoRgyQCujhkz492RoFbmFncmEiIm1nbV9jYXNpbm9yb3lhbGUyMDA2X3ZtX2hkX2ZlYXR1cmUQARogMTNENUIzRDI5OTBGOTQ4QjEzMDAwMDAwMDAwMDAwMDAYASCGnaPPBTAVOO709cIFGoAClij7B6/xJHElumMyJeTc57UIdqX3Fy2PocBtuFO07LI1+eLakFVNPHQevJB6sSqAX0f9KNusI9TsVFuTbzgi6NvBhQyrGe/UiYQ1VCzxHnrM8dVb/AvrlI7amHLPJ6nnXAnnDnutFW01mDFlxwQNThWHfKpqkZH20PtKeIZ1JLmhwCojITKf7RzuKPS8tlHpr5IelS3Yjry306iBVagLIvXzFnA2skZxDzXESaR+7gmWUEi8dKPdm/2b6T1wsFhML1vGObTOiRtORW+nAzHgZ3b62JB/SRffEgDljiHblqnGUxKrFcsylJYzoXUgZ9IqsVsCVBbXl5yY07vSDDfxUQ==" } }, "application/octet-stream": { "schema": { "$ref": "#/components/schemas/ChallengeBinary" }, "example": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXAiOiJDb250ZW50QXV0aFoifQ.Zg96EpL7WrMALBv1OnMFx-EJqqDlLwR3hO2R_4xZW0w" } }, "required": true, "description": "<body> <h2>Widevine challenge</h2> Two modes available: <ul>\n <li>application/json\n <li>application/octet-stream\n</ul> <h2>application-json</h2> The challenge case be embedded in a JSON structure. In this case, the license will be returned in a JSON structure as well. <h2>application/octet-stream</h2> The challenge can be sent directly as a binary payload. In this case, the license will be returned as a binary payload as well.\n" }, "FairPlayChallenge": { "content": { "description": { "schema": { "$ref": "#/components/schemas/ChallengeBinary" } } }, "required": true, "description": "<h2>FairPlay challenge (SPC)</h2> One mode available: <ul>\n <li>application/octet-stream\n</ul>" }, "TKRequestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TKRequestJSON" }, "example": { "OttLicenseRequestMessage": { "ASN1": "MIIEmoCCBIQwggSAgIIEEDmjWos50rMnt1gnhsciuj+QE8Tm4tFMtua7zyFK+jozN5I4ncu594uXCm/Mhufruz0hIe+C7LoQuN2GiIV4u3V3bFYDvYJCAhb/d6176SMbih5x9w7SmA84ASPzHcJLKbXPSQ/S1wVCkfHZT+OUQ2jqwOYez9q5VpobhlfvD6GZFEkXp/3Z3yju1/wJWv8GW4uZKT1qeJYERUhHqT8wE0GgcC1/1QVdG8+jJ2VFWUzWkL7oK0OhOEcz0uSBjSgTTIZTA2aedkLQRxpU5tv/aS6/+FfFMm9mu+yMERs5kETS7e03lhKZBHc2vm0Si+KBuO5rdWiysMhsyQksjZsi1BnbTDiIqxT8P/UJ9gEB+0Md5pWkdhvOwKLAkM8FXIS+tYsamvU6QAXBZgHrxpITz15B2Qojz45dkYcVmmuYjFEtJ9d9ZemP05kfe/2XQmzsEHQEr+5xG4NAwe9Vpqgj/IJFuuVufNQzLIN79GICQvJKBNUWlXa554dLxjCO77Pe9eOXTkijn8jeGCJMX7DrJf4n2owsXmbh4hcqZn0QornjPKhWWCWCutwBwxvxB9iV3i4zB8zZnJJ2hSUatBzNYdHd7PAb58HtmlFmGkOR/fKQkLDFcLEVCpy6xOEE0zfU4z1/9CE3cvEhcDqQK0GtAR+VUguPXqzEM5ImvVv3RDwBJipGwybbfgezd/AC3rKefuGY4vnMAfc1SnwhQeUqIaUl99+09LqoTt30Noav2L+jD098z+MximVH7lkF2s+hsC+8sdnMv2zbP47yZkCfh3NGwJBVF0qtwb144RwQ6WmHfAxGuVJqZ96TBo2QYodVePxSbH7uoViC2xLl3AOhwqnvv3TmXzVvJV+sYYPk5m7KW1o7PQTbZimCo+0kThO7SopeuqZEOOUYbjsPhyNOoJ+mv8x5snFBtyBGXxODcT4IXhHEhe6AQD13YKdIc/j5/q3jOANhlTZ33wJsvvAokBEE9h5n672zeqvXWVn20Lm9IMUeZewh2y4j+P+nJPW6NTbNPSLvcHdqUDLhyZajHfc7znAGB+WHWrE6r+6iwC+6m3wX93tR+OQhtpyTyBt6pTFz5XdkFyo/qkGFYbWu+EzoNUZvZhhXgtzJ64xIAfLYfFWiSEYvzUltF+yC6Be3HrbWFjf3EGKesUkOhauxvhHXt6Zss5Q10xCD9VdSE0BYz5R/iXWm7mk2H80BfEt82RuWOUW8hT99nmF25NErfGHApuE+xzBMT1Qy0j6xkFUQPbs3gdeCA+xh6+/INCmETECDt1ulZGySeBnUZ7QDH4sGg51pCHmUd2M5IKi/4Vlhvm97ZJkDhwfHsOtd/64cSwdjdR1MnAEA0E6juWHSvv8ug2+RHgFIVuLpWhj71BQZgWCgkbZGPV6M66EUdAkGLYZ2k1Z58DIK5zyWkXCHs5LPFV3VQ8B8RUyUMi7XBeGQCmpmIcwGs4cGv57Dbm3/zd4Nj24NKZf/dxTVb9R4A8iWvxZ+Ts6PP8SwUZBFJqGc/ViCCAAAAAAAAL4BgRA0tUQlgn43diO5hhw1wzhE", "ApplicationData5": "" } } } }, "required": true, "description": "It is the message request sent by the TVkeyCloud device to the server when it needs to retrieve licenses." }, "PlayReadyChallenge": { "content": { "text/xml": { "schema": { "$ref": "#/components/schemas/PlayReadyChallenge" }, "example": "<challenge>\n <CustomData> \n { \"nv-authorizations\": [ \"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", \"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\" ] }\n </CustomData>\n</challenge>\n" } }, "required": true, "description": "<body> <h2>PlayReady challenge</h2> To ensure compatibility with few PlayReady clients, PlayReady-LS may alternatively find list of tokens (nv-authorizations) or SDP token (nv-application-data) within challenge's custom data, rather than in request header. <h2>Format</h2> <pre> <challenge>\n <CustomData> \n JSON object encompassing nv-authorizations or nv-application-data\n </CustomData>\n</challenge> </pre> <h2>Examples</h2> <h3>Example: nv-authorizations</h3> <pre> <challenge>\n <CustomData> \n { \"nv-authorizations\": [ \"eyJraWQiOiIyNjg3NTUiLCJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ2ZXIiOiIxLjAiLCJ0eXAiOiJDb250ZW50QXV0aFoiLCJleHAiOjE2ODI5NDA2MjYsImNvbnRlbnRSaWdodHMiOlt7ImNvbnRlbnRJZCI6Imhsc18xMjM0NTY3ODkiLCJ1c2FnZVJ1bGVzUHJvZmlsZUlkIjoiVGVzdCJ9XX0.8fBrGQCEwIx6CIXk2d4sBHihnuGs2ECOuoV3y2Wkgg\", \"eyJrY0lkcyI6WyJmZmZmZmZmZi1hYWFhLWJiYmItMDAwMS0wMDAwMDAwMDAwMDEiXSwidHlwIjoiSldUIiwiZW5jIjoiQTEyOENCQy1IUzI1NiIsImFsZyI6ImRpciIsImtpZCI6IjMwNjQ2MSJ9..x0vtRBvGx_1WR4ku1ZY1rg.RUpPh0VUd_OPQTl8ewY2mTmyx-97svWsslBEjWRFJ6bam47qPTSrW_zod_EkMP9PDkrCqSeC1GCeJx78pOXSPIeuX_E6pGBYMiyr6KMdxEgwhDO7cABoA0U8l0ue0AhbtoZ3PuayJsXe99wqhEBxqEPVpcNWeTjC7gJZTMCdM_o.urONPLCZ0t2TX9PHRLGtZQ\" ] }\n </CustomData>\n</challenge> </pre> <h3>Example: nv-application-data</h3> <pre> <challenge>\n <CustomData> \n { \"nv-application-data\": \"{\\\"com.nagra.applicationData\\\":\\\"kEPkNczR...GlkZGVu\\\"}\" }\n </CustomData>\n</challenge> </pre>\n" }, "PRMChallenge": { "content": { "application/json": { "schema": { "type": "object", "oneOf": [ { "$ref": "#/components/schemas/PRMChallenge" }, { "$ref": "#/components/schemas/PRMChallengeCallbackMode" } ] }, "example": { "challenge": { "SIGNED_DATA": { "PUBLIC_DATA": { "applicationClearData": "01020304050607080910", "signalingData": { "contentID": "P08.02. OTT VOD single license postdelivery (VOD)", "keyID": "ffffffff-aaaa-bbbb-cccc-222000000229" }, "prmcVersion": "1.6.0", "generation": 2, "credentialsId": "43cd3747-55e8-3917-00fc-41113113c398", "operatorId": 48641, "deviceTime": 1494428124, "deviceUniqueId": "prm.NON-NAGRA/0211/EBX.DeviceId-01", "prmaVersion": "1.6.0", "opvaultVersion": "opv_1.1.0" }, "PRIVATE_DATA": { "credentialsRanges": { "dcm": [ "0x0400", "0x0400" ], "dmm": [ "0x0400", "0x0401" ], "certificate": [ "0x0001", "0x0001" ] }, "certificate": { "SIGNED_DATA": { "PUBLIC_DATA": { "version": "0x0001", "credentialsId": "53f34fd3-861d-4a29-a918-91338aec079b", "creationDate": 1494426966, "entity": { "type": "NAGRA_PRM_OP_Device", "deviceUniqueId": "prm.NON-NAGRA/0211/EBX.DeviceId-01", "name": "Non_Nagra_STB", "platform": "NON-NAGRA/0211/EBX", "securityLevel": 1000, "operatorId": 48641, "icCredentialsId": "ece3496c-fd69-4d8b-b5ce-6b7bd6a745c8", "protectionFunctions": { "EMI": [ "0x0000", "0x0020", "0x4023", "0x4024" ], "F1": [ { "algorithmId": "0x0002" } ], "F2": [ { "algorithmId": "0x0005" } ], "Chal-S": [ { "algorithmId": "0x0004" } ], "DMM-E": [ { "algorithmId": "0x0006" } ] }, "provisioningData": "<blabla>" } } }, "SIGNATURE": { "signingCredentialsId": "fa725102-b56b-4408-abae-1385e9d7015d", "signatureData": "<blabla>" } } }, "PROTECTED_DATA": { "encryptedData": "Callback-based authorization mode: SDP token", "encryptedKey": "<blabla>" }, "HEADER": { "type": "PostPerso_Challenge", "version": "0x0400" } }, "SIGNATURE": { "privateSignatureData": "n9d8h/LYB62so71z0E3qIoRZIzAkJ2/qXhGUsXUFxf0=" } } } } }, "required": true, "description": "<body> <h2>PRM challenge</h2> Request body accepts two different schemas and depends on authorization mode: <h3>Token-based and server-based authorization modes</h3> Request body expects a PRMChallenge object. <h3>Callback-based authorization mode</h3> Request body expects a PRMChallengeCallbackMode object.\n" }, "SWPRMChallenge": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SWPRMChallenge" }, "example": { "challenge": { "SIGNED_DATA": { "PUBLIC_DATA": { "applicationClearData": "01020304050607080910", "signalingData": { "contentID": "P08.02. OTT VOD single license postdelivery (VOD)", "keyID": "ffffffff-aaaa-bbbb-cccc-222000000229" }, "prmcVersion": "1.6.0", "generation": 2, "credentialsId": "43cd3747-55e8-3917-00fc-41113113c398", "operatorId": 48641, "deviceTime": 1494428124, "deviceUniqueId": "prm.NON-NAGRA/0211/EBX.DeviceId-01", "prmaVersion": "1.6.0", "opvaultVersion": "opv_1.1.0" }, "PRIVATE_DATA": { "credentialsRanges": { "dcm": [ "0x0400", "0x0400" ], "dmm": [ "0x0400", "0x0401" ], "certificate": [ "0x0001", "0x0001" ] }, "certificate": { "SIGNED_DATA": { "PUBLIC_DATA": { "version": "0x0001", "credentialsId": "53f34fd3-861d-4a29-a918-91338aec079b", "creationDate": 1494426966, "entity": { "type": "NAGRA_PRM_OP_Device", "deviceUniqueId": "prm.NON-NAGRA/0211/EBX.DeviceId-01", "name": "Non_Nagra_STB", "platform": "NON-NAGRA/0211/EBX", "securityLevel": 1000, "operatorId": 48641, "icCredentialsId": "ece3496c-fd69-4d8b-b5ce-6b7bd6a745c8", "protectionFunctions": { "EMI": [ "0x0000", "0x0020", "0x4023", "0x4024" ], "F1": [ { "algorithmId": "0x0002" } ], "F2": [ { "algorithmId": "0x0005" } ], "Chal-S": [ { "algorithmId": "0x0004" } ], "DMM-E": [ { "algorithmId": "0x0006" } ] }, "provisioningData": "<blabla>" } } }, "SIGNATURE": { "signingCredentialsId": "fa725102-b56b-4408-abae-1385e9d7015d", "signatureData": "<blabla>" } } }, "PROTECTED_DATA": { "encryptedData": "Callback-based authorization mode: SDP token", "encryptedKey": "<blabla>" }, "HEADER": { "type": "PostPerso_Challenge", "version": "0x0400" } }, "SIGNATURE": { "privateSignatureData": "n9d8h/LYB62so71z0E3qIoRZIzAkJ2/qXhGUsXUFxf0=" } } } } }, "required": true, "description": "<body> <h2>SWPRM challenge</h2>\n" } }, "schemas": { "nvAuthorizationsPostDeliveryMode": { "type": "array", "items": { "type": "string", "format": "binary" }, "minItems": 0 }, "PRSuccessfulResponse": { "type": "object", "description": "PlayReady successful response for license request", "required": [ "code", "errorCode" ], "properties": { "sessionToken": { "type": "string", "example": "eyJraWQiOiI2Nzk5NSIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.IHsKICAicmVxdWVzdFRva2VuU2lnbmF0dXJlIjogIlJhN3FIY0JHTHZRQmQtSG93cS1oU2JaX01kUEpUMm5oYU9LOGVxdGNFOE0iLAogICJhY2NvdW50SWQiOiAicHliX2FjY291bnRfMSIsCiAgInZlciI6ICIxLjAiLAogICJoZWFydGJlYXQiOiAzMDAsCiAgInNob3J0VmFsaWRpdHlEdXJhdGlvbiI6IDQyMCwKICAidGVuYW50SWQiOiAiQkJBTkQiLAogICJ0eXAiOiAiU2Vzc2lvbiIsCiAgInNlc3Npb25JZCI6ICIxNTY0NDg3NTE1IiwKICAiZXhwIjogMTU2NDQ4NzUxNQp9IA==.68zz74XXJDQVan9xOCvyFAkkWO7WeVwigpzAg9ho_d4", "description": "Session token" }, "model": { "type": "string", "example": "Microsoft Windows 6.4.7.000", "description": "Model of device" }, "drmDeviceId": { "type": "string", "example": "fb5134b6-7451-40e3-3fb5-54a243475149", "description": "Globally unique device ID" } } }, "FPSuccessfulResponse": { "type": "object", "description": "FairPlay successful response for license request", "required": [ "CkcMessage" ], "properties": { "CkcMessage": { "type": "string", "format": "binary", "description": "Binary FairPlay license, base64-encoded" } } }, "WVSuccessfulResponseJSON": { "type": "object", "description": "Widevine successful response for license request as a JSON structure", "required": [ "code", "errorCode" ], "properties": { "errorCode": { "type": "integer", "example": 0, "description": "Error code null if request is successful" }, "code": { "type": "integer", "example": 200, "description": "HTTP status code, same value as from header" }, "message": { "type": "string", "example": "", "description": "No message if request is successful" }, "privateData": { "type": "string", "example": "", "description": "Data returned by the authorization application to the client" }, "license": { "type": "array", "items": { "type": "string", "format": "binary" }, "minItems": 0, "example": [ "dGhpcyBpcyBhbiBlbnRpdGxlbWVudA==" ], "description": "License entitlements granted" } } }, "WVSuccessfulResponseOctetStream": { "type": "string", "format": "binary", "description": "Widevine successful response for license request as a binary object. In this case, only one license can be delivered.", "example": "dGhpcyBpcyBhbiBlbnRpdGxlbWVudA==" }, "CertificateSuccessfulResponse": { "type": "string", "format": "binary", "description": "License server certificate", "example": "dGhpcyBpcyBhbiBlbnRpdGxlbWVudA==" }, "ChallengeJSON": { "properties": { "challenge": { "type": "object" } }, "required": [ "challenge" ] }, "PlayReadyChallenge": { "description": "<h3>Description</h3>\nChallenge generated by the device, which might encompass nv-authorizations or nv-application-data in custom data according to the context\n", "type": "string", "format": "xml" }, "ChallengeBinary": { "description": "<h3>Description</h3>\nChallenge generated by the device\n Format: Binary\n", "type": "binary", "format": "binary" }, "Standard400ErrorResponse": { "type": "object", "required": [ "code", "errorCode", "message" ], "properties": { "code": { "type": "integer", "example": 400, "description": "HTTP status code, same value as from header" }, "errorCode": { "type": "integer", "example": 2001, "description": "Business error code" }, "message": { "type": "string", "example": "Invalid request", "description": "Error family", "enum": [ "Invalid request", "Forbidden" ] } } }, "Standard404ErrorResponse": { "type": "object", "required": [ "code", "errorCode", "message" ], "properties": { "code": { "type": "integer", "example": 404, "description": "HTTP status code, same value as from header" }, "errorCode": { "type": "integer", "example": 2001, "description": "Business error code" }, "message": { "type": "string", "example": "Invalid request", "description": "Error family", "enum": [ "Invalid request", "Forbidden" ] } } }, "Standard500ErrorResponse": { "type": "object", "required": [ "code", "errorCode", "message" ], "properties": { "code": { "type": "integer", "example": 500, "description": "HTTP status code, same value as from header" }, "errorCode": { "type": "integer", "example": 6001, "description": "Business error code" }, "message": { "type": "string", "example": "Internal error", "description": "Error family", "enum": [ "Internal error" ] } } } } } }