Home docs switch Dragons (eLicenses)
Post

Dragons (eLicenses)

The dragons servers are responsible for managing e-licenses on the Nintendo Switch. An e-license carries the right to play a game, and is obtained by purchasing the game on the Nintendo eShop.

The dragons servers take JSON-encoded requests and respond with JSON-encoding. The dragons servers only accept connections with a valid device certificate.

Headers

The following headers are always present:

HeaderDescription
HostOne of the dragons servers
Accept*/*
User-AgentUser agent
DeviceAuthorizationBearer + device token

The following headers are optional and depend on the method and device type:

HeaderDescription
AccountAuthorizationBearer + account token
Nintendo-Account-IdNintendo account id (%016llx)
Nintendo-Application-IdTitle id (%016llx)
Nintendo-Nsa-Id-TokenBearer + id token
Nintendo-ReferToVirtualDeviceLinkOnly present on kiosk and development hardware. If present, always true.

If the request body is empty, the following headers are sent:

HeaderDescription
Content-Length0
Content-Typeapplication/x-www-form-urlencoded

Otherwise, the following headers are sent:

HeaderDescription
Content-Typeapplication/json
Content-LengthContent length

There is one exception. In /v1/contents_authorization_token_for_aauth/issue, the headers are ordered as follows: Host, User-Agent, Accept, Content-Type, DeviceAuthorization, Nintendo-Application-Id and Content-Length. The reason is that this request is performed by the account sysmodule instead of nim.

User Agents

The user agent looks as follows: NintendoSDK Firmware/<firmware version>-<revision> (platform:NX; did:<device id>; eid:lp1). The firmware version and revision number are obtained from the system version title.

Here is an example: NintendoSDK Firmware/15.0.0-4.0 (platform:NX; did:6265ca40780b1c0d; eid:lp1)

There is one exception: for /v1/contents_authorization_token_for_aauth/issue, the dauth user agent is used instead.

Methods

https://dragons.hac.lp1.dragons.nintendo.net:

Need more research:

URL
/quickTEST
/v1/contents_authorization_token/issue
/v1/elicense_archives/<id>/report
/v1/elicenses/eticket_token
/v1/elicenses/exercise
/v1/elicenses/extend
/v1/elicenses/report
/v1/elicenses/revoke
/v1/elicenses/revoke_all
/v1/elicenses/inactivated_reason
/v1/notification_token
/v1/rights/available_elicenses
/v1/rights/publish_device_linked_elicenses
/v1/rights/publish_elicenses

https://tigers.hac.lp1.dragons.nintendo.net:

URL
/quickTEST
/v1/etickets/publish

https://dragonst.hac.lp1.dragons.nintendo.net:

URL
/quickTEST
/v1/debug/edge_token/issue
/v1/edge_token/issuable_titles
/v1/edge_token/issue

POST /v1/contents_authorization_token_for_aauth/issue

This method was added in system version 15.0.0.

Starting with system version 15.0.0, a contents authorization token is required for digital application authentication. This method returns such a token.

Note that the Switch sends the headers for this method in a different order and uses a different user agent.

FieldDescription
elicense_idE-license id (32 hex digits)
na_idNintendo account id (16 hex digits)

Response on success:

FieldDescription
contents_authorization_tokenThe token

Example:

1
2
3
4
5
6
7
8
9
10
POST /v1/contents_authorization_token_for_aauth/issue HTTP/1.1
Host: dragons.hac.lp1.dragons.nintendo.net
User-Agent: libcurl (nnDauth; 16f4553f-9eee-4e39-9b61-59bc7c99b7c8; SDK 15.3.0.0)
Accept: */*
Content-Type: application/json
DeviceAuthorization: Bearer eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6ImNhOTdhNTIwLTA2NWItNGEwZC1iOGU4LTlhYzQ5OWFlNjkzZCIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2MjY1OTY2MWUzZmRmZTExIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6ImQ1YjZjYWMyYzE1MTRjNTYiLCJleHAiOjE2NjczMzQ4NjMsImlhdCI6MTY2NzI0ODQ2MywianRpIjoiYjMyYmIzYzYtMjQwNy00NGUzLWIwZjUtYjkzODljMGJmODNmIiwibmludGVuZG8iOnsic24iOiJYQUo3MDEyMzQ1Njc4OSIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.j7Iah1gCA1N5jnAOQnUFgowK3VlrjJi3wxzvM_F6KJLK23nYYNqg0Nn-pATZZ-yV7KJWkuyD07anxWErcYI47nsV4L_sYHvsnw_gXTwD7hlc02_VO1MEnG_CDUsVgrLhDFasQJgcya4vLDgPZpuf-VnpX_H9ZM8JYDusT0uCrv9x_5Ad_o6mpHZK9R56BJ6AoSV0JrRP7cJv2X-cYlDQCnat6CKZxxmNrd5_IrfP8dUBWI4w3wFsJWA2euOQr8pwn2hwG666VU_u4r-PUti8mzbLGFjI9dkvaSKkVwECL_27Xpqw5KxP70z3NhIFmguFo8AwzFLDR0Zvpt3y_tajiQ
Nintendo-Application-Id: 010040600c5ce000
Content-Length: 77

{"elicense_id":"337c8aaef372df9c2c239ebaaf49f723","na_id":"72b0f0bdb31753d5"}
1
2
3
4
5
6
7
8
9
10
11
12
13
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 951
Server: nginx
X-Content-Type-Options: nosniff
Expires: Mon, 31 Oct 2022 19:34:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 17 Oct 2022 08:31:43 GMT
x-nintendo-akamai-reference-id: 0.38ac1666.1667248479.7ecea70
Connection: keep-alive

{"contents_authorization_token":"eyJqa3UiOiJodHRwczpcL1wvcHVia2V5LmxwMS5kcmFnb25zLm5pbnRlbmRvLm5ldFwvY2F0YVwvdjFcL2p3a3MiLCJraWQiOiI2YzI2MjRkOC0zMGQ0LTRlYjgtYWJjOC0wNmZiODMzYzhjNGIiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiIwMTAwNDA2MDBjNWNlMDAwIiwiZGV2aWNlX2lkIjoiNjI2NTk2NjFlM2ZkZmUxMSIsImlzcyI6ImxwMS5kcmFnb25zLm5pbnRlbmRvLm5ldCIsImV4cCI6MTY2NzMzNDg3OSwiaWF0IjoxNjY3MjQ4NDc5LCJqdGkiOiI0ZGYyZTY1Ni04ZTk2LTQwOWEtOGE3ZS1iZDFkZDFiYmM1NzIiLCJjb250ZW50Ijp7InRpdGxlX2lkIjoiMDEwMDQwNjAwYzVjZTAwMCIsIm5hX2lkIjoiNzJiMGYwYmRiMzE3NTNkNSIsInRpY2tldF9pZCI6NzIyMTI4OTQzNDk2MDQ5MzksImlzX293bmVkX3JpZ2h0cyI6dHJ1ZX19.MqMnkyEWuVp9TOtbpPhRJGcHRd-fCK_8rGa7rO0HeiC6pkIn7qafBzpc-TD1Xf_DYN_C0m9OXjlX0rVs0vosIzXsoqVDQodB6XAteRWfDNUc6odpW-rgqOiNpbIBymcpbRYOsdJh41zQjl_hpdM44UOR6ZgvL1hKoQVaw7XVz5NANig-WlKyNDVCcSsWhycyBuRkZOPb9OblTbvRkIzluRTFG9lxHCDnwczxGiaLoZjEgUrqIcWQJBUyOxB2UiL5sitK53GsHhFHxVZqTwjM7wl7nzrQaVDsp_Zc26hkIrUeuvDTBZHWXNPrte-nja5CZ-lN-UNIwe2j9N61baD9YQ"}

POST /v1/elicense_archives/publish

FieldDescription
challengeChallenge (16 hex digits)
certificateDevice certificate (base64)

Response on success:

FieldDescription
elicense_archiveE-license archive (base64)

Errors

On error, the server sends the following response:

FieldDescription
typehttps://problems.dragons.nintendo.net/errors/v1/<status>/<code>
titleError title
detailError details. This field is an empty string in all errors that have been observed so far.
numberHTTP status code

If the error code is invalid_parameter, the response may contain more details under the invalid-params key, for example:

  • 'invalid-params': [{'name': 'naId', 'reason': 'must not be null'}]
  • 'invalid-params': [{'name': 'naId.accountId', 'reason': 'must match "\\p{XDigit}{16}"'}]

Known Errors

StatusCodeTitle
400duplicate_rights_id 
400invalid_device_certificateDevice certificate is invalid
400invalid_eticket_template 
400invalid_parameterParameter is invalid
401account_id_required 
401authentication_required 
403edge_token_not_grantable 
403invalid_tokenToken is invalid
403license_archive_not_allowed 
403license_inactiveELicense is inactive
403license_not_grantable 
403rights_policy_not_allowed 
403system_update_required 
404license_archive_not_foundELicense archive is not found
404license_not_foundELicense is not found
404page_not_foundPage not found
404promotion_policy_not_found 
404title_not_found 
405method_not_allowedMethod not allowed
406not_acceptable 
415unsupported_media_type 
500delete_record_failed 
500insert_record_failed 
500op2_error 
500shogun_error 
500unexpected_error 
500unknown_issuer 
500update_record_failed 
503abort_retry 
503op2_maintenance 
503service_unavailable 
Contents