Home docs switch Dragons (eLicenses)
Post

Dragons (eLicenses)

The dragons servers are responsible for managing e-licenses on the Nintendo Switch. An e-license carries the right to play a game, and is obtained by purchasing the game on the Nintendo eShop.

The dragons servers take JSON-encoded requests and respond with JSON-encoding. The dragons servers only accept connections with a valid device certificate.

Headers

The following headers are always present:

HeaderDescription
HostOne of the dragons servers
Accept*/*
User-AgentUser agent
DeviceAuthorizationBearer + device token

The following headers are optional and depend on the method and device type:

HeaderDescription
AccountAuthorizationBearer + account token
Nintendo-Account-IdNintendo account id (%016llx)
Nintendo-Application-IdTitle id (%016llx)
Nintendo-Nsa-Id-TokenBearer + id token
Nintendo-ReferToVirtualDeviceLinkOnly present on kiosk and development hardware. If present, always true.

If the request body is empty, the following headers are sent:

HeaderDescription
Content-Length0
Content-Typeapplication/x-www-form-urlencoded

Otherwise, the following headers are sent:

HeaderDescription
Content-Typeapplication/json
Content-LengthContent length

There is one exception. In /v1/contents_authorization_token_for_aauth/issue, the headers are ordered as follows: Host, User-Agent, Accept, Content-Type, DeviceAuthorization, Nintendo-Application-Id and Content-Length. The reason is that this request is performed by the account sysmodule instead of nim.

User Agents

The user agent looks as follows: NintendoSDK Firmware/<firmware version>-<revision> (platform:NX; did:<device id>; eid:lp1). The firmware version and revision number are obtained from the system version title.

Here is an example: NintendoSDK Firmware/15.0.0-4.0 (platform:NX; did:6265ca40780b1c0d; eid:lp1)

There is one exception: for /<version>/contents_authorization_token_for_aauth/issue, the dauth user agent is used instead.

Methods

The API version is v1 up to system version 19.0.1 and v2 in system version 20.0.0 and later. Only the tigers server uses v1 on all system versions.

https://dragons.hac.lp1.dragons.nintendo.net:

MethodPath
POST/<version>/contents_authorization_token/issue
POST/<version>/contents_authorization_token_for_aauth/issue
PUT/<version>/debug/migration/state
POST/<version>/debug/rights/lending/extend
POST/<version>/elicense_archives/publish
PUT/<version>/elicense_archives/<id>/report
POST/<version>/elicense_archives/publish
POST/<version>/elicenses/exercise
PUT/<version>/elicenses/extend
GET/<version>/elicenses/inactivated_reason
GET/<version>/elicenses/migration_state
POST/<version>/elicenses/prune
POST/<version>/elicenses/report
POST/<version>/elicenses/revoke
POST/<version>/elicenses/revoke_all
POST/<version>/migration/migrate_device_linked_elicenses
PUT/<version>/migration/migrate_to_terminated
POST/<version>/migration/revoke_device_linked_elicenses
PUT/<version>/notification_token
PUT/<version>/penne_id
POST/<version>/rights/available_elicenses
POST/<version>/rights/lending/confirm
POST/<version>/rights/lending/reserve
POST/<version>/rights/lending/retrieve
POST/<version>/rights/lending/return
POST/<version>/rights/lending/revoke
POST/<version>/rights/lending/revoke_reservations
POST/<version>/rights/publish_device_linked_elicenses
POST/<version>/rights/publish_elicenses
POST/<version>/signing_key_for_pruning_elicenses/issue

https://dragonst.hac.lp1.dragons.nintendo.net:

MethodURL
POST/<version>/debug/edge_token/issue
PUT/<version>/debug/migration/state
POST/<version>/debug/rights/lending/extend
POST/<version>/edge_token/issuable_titles
POST/<version>/edge_token/issue

https://tigers.hac.lp1.dragons.nintendo.net:

MethodURL
POST/v1/etickets/publish

POST /<version>/contents_authorization/issue

FieldDescription
nonceNonce
elicensesList of elicenses

POST /<version>/contents_authorization_token_for_aauth/issue

This method was added in system version 15.0.0.

Starting with system version 15.0.0, a contents authorization token is required for digital application authentication. This method returns such a token.

Note that the Switch sends the headers for this method in a different order and uses a different user agent.

FieldDescription
elicense_idE-license id (32 hex digits)
na_idNintendo account id (16 hex digits)

Response on success:

FieldDescription
contents_authorization_tokenThe token

Example:

1
2
3
4
5
6
7
8
9
10

POST /v1/contents_authorization_token_for_aauth/issue HTTP/1.1
Host: dragons.hac.lp1.dragons.nintendo.net
User-Agent: libcurl (nnDauth; 16f4553f-9eee-4e39-9b61-59bc7c99b7c8; SDK 15.3.0.0)
Accept: */*
Content-Type: application/json
DeviceAuthorization: Bearer eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6ImNhOTdhNTIwLTA2NWItNGEwZC1iOGU4LTlhYzQ5OWFlNjkzZCIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2MjY1OTY2MWUzZmRmZTExIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6ImQ1YjZjYWMyYzE1MTRjNTYiLCJleHAiOjE2NjczMzQ4NjMsImlhdCI6MTY2NzI0ODQ2MywianRpIjoiYjMyYmIzYzYtMjQwNy00NGUzLWIwZjUtYjkzODljMGJmODNmIiwibmludGVuZG8iOnsic24iOiJYQUo3MDEyMzQ1Njc4OSIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.j7Iah1gCA1N5jnAOQnUFgowK3VlrjJi3wxzvM_F6KJLK23nYYNqg0Nn-pATZZ-yV7KJWkuyD07anxWErcYI47nsV4L_sYHvsnw_gXTwD7hlc02_VO1MEnG_CDUsVgrLhDFasQJgcya4vLDgPZpuf-VnpX_H9ZM8JYDusT0uCrv9x_5Ad_o6mpHZK9R56BJ6AoSV0JrRP7cJv2X-cYlDQCnat6CKZxxmNrd5_IrfP8dUBWI4w3wFsJWA2euOQr8pwn2hwG666VU_u4r-PUti8mzbLGFjI9dkvaSKkVwECL_27Xpqw5KxP70z3NhIFmguFo8AwzFLDR0Zvpt3y_tajiQ
Nintendo-Application-Id: 010040600c5ce000
Content-Length: 77

{"elicense_id":"337c8aaef372df9c2c239ebaaf49f723","na_id":"72b0f0bdb31753d5"}

1
2
3
4
5
6
7
8
9
10
11
12
13

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Length: 951
Server: nginx
X-Content-Type-Options: nosniff
Expires: Mon, 31 Oct 2022 19:34:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 17 Oct 2022 08:31:43 GMT
x-nintendo-akamai-reference-id: 0.38ac1666.1667248479.7ecea70
Connection: keep-alive

{"contents_authorization_token":"eyJqa3UiOiJodHRwczpcL1wvcHVia2V5LmxwMS5kcmFnb25zLm5pbnRlbmRvLm5ldFwvY2F0YVwvdjFcL2p3a3MiLCJraWQiOiI2YzI2MjRkOC0zMGQ0LTRlYjgtYWJjOC0wNmZiODMzYzhjNGIiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiIwMTAwNDA2MDBjNWNlMDAwIiwiZGV2aWNlX2lkIjoiNjI2NTk2NjFlM2ZkZmUxMSIsImlzcyI6ImxwMS5kcmFnb25zLm5pbnRlbmRvLm5ldCIsImV4cCI6MTY2NzMzNDg3OSwiaWF0IjoxNjY3MjQ4NDc5LCJqdGkiOiI0ZGYyZTY1Ni04ZTk2LTQwOWEtOGE3ZS1iZDFkZDFiYmM1NzIiLCJjb250ZW50Ijp7InRpdGxlX2lkIjoiMDEwMDQwNjAwYzVjZTAwMCIsIm5hX2lkIjoiNzJiMGYwYmRiMzE3NTNkNSIsInRpY2tldF9pZCI6NzIyMTI4OTQzNDk2MDQ5MzksImlzX293bmVkX3JpZ2h0cyI6dHJ1ZX19.MqMnkyEWuVp9TOtbpPhRJGcHRd-fCK_8rGa7rO0HeiC6pkIn7qafBzpc-TD1Xf_DYN_C0m9OXjlX0rVs0vosIzXsoqVDQodB6XAteRWfDNUc6odpW-rgqOiNpbIBymcpbRYOsdJh41zQjl_hpdM44UOR6ZgvL1hKoQVaw7XVz5NANig-WlKyNDVCcSsWhycyBuRkZOPb9OblTbvRkIzluRTFG9lxHCDnwczxGiaLoZjEgUrqIcWQJBUyOxB2UiL5sitK53GsHhFHxVZqTwjM7wl7nzrQaVDsp_Zc26hkIrUeuvDTBZHWXNPrte-nja5CZ-lN-UNIwe2j9N61baD9YQ"}

POST /<version>/debug/edge_token/issue

FieldDescription 
title_idsList of title ids 
na_id_tokensList of Nintendo account id tokens 
vendorVendorakamai, lumen, llnw, fastly or cloudflare

Response on success:

FieldDescription
expires_inExpiration in seconds (21600)
dragons_edge_tokenEdge token
title_idsList of title ids

PUT /<version>/debug/migration/state

FieldDescription
stateState

POST /<version>/debug/rights/lending/extend

FieldDescription
owner_na_idOwner Nintendo account id (16 hex digits)
rights_idsList of rights ids (16 hex digits each)
expire_dateExpiration date (optional)

The server sends an empty response on success.

POST /<version>/edge_token/issuable_titles

FieldDescription
title_idsList of rights ids
application_idsList of title ids
na_id_tokensList of Nintendo account id tokens

POST /<version>/edge_token/issue

FieldDescription 
title_idsList of title ids 
na_id_tokensList of Nintendo account id tokens 
vendorVendorakamai, lumen, llnw, fastly or cloudflare

PUT /<version>/elicense_archives/<id>/report

The id must contain 32 hex digits.

POST /<version>/elicense_archives/publish

FieldDescription
challengeChallenge (16 hex digits)
certificateDevice certificate (base64)

Response on success:

FieldDescription
elicense_archiveE-license archive (base64)

POST /<version>/elicenses/exercise

FieldDescription
elicense_idsE-license ids
account_idsAccount ids

The server sends an empty response on success.

PUT /<version>/elicenses/extend

FieldDescription
elicense_idsE-license ids

GET /<version>/elicenses/inactivated_reason

ParamDescription
elicense_idsE-license ids

Response on success:

FieldDescription
inactivated_reasonsInactivated reasons

GET /<version>/elicenses/migration_state

This method takes no parameters.

POST <version>/elicenses/prune

FieldDescription
exclude_account_idsList of account ids to exclude
signatureSignature

POST /<version>/elicenses/report

FieldDescription
elicense_idsE-license ids
account_idsAccount ids

POST /<version>/elicenses/revoke

FieldDescription
elicense_idsE-license ids

The server sends an empty response on success.

POST /<version>/elicenses/revoke_all

This method takes no arguments.

The server sends an empty response on success.

POST /<version>migration/migrate_device_linked_elicenses

This method takes no arguments.

PUT /<version>migration/migrate_to_terminated

This method takes no arguments.

POST /<version>migration/revoke_device_linked_elicenses

This method takes no arguments.

POST /<version>/notification_token

FieldDescription
notification_token36 characters

The server sends an empty response on success.

POST /<version>/penne_id

FieldDescription
penne_idA ‘p’ followed by 32 characters

The server sends an empty response on success.

POST /<version>/rights/available_elicenses

FieldDescription
rights_idsList of rights ids (16 hex digits each)

Response on success:

FieldDescription
available_elicensesList of elicenses

Each entry contains the following fields:

FieldDescription
rights_idThe rights id
is_availableBoolean
reasonno_rights, not_device_linked, not_released, expired, used_by_another, requested_by_client, device_link_unknown, requires_online_subscription, requires_online_subscription_ex, online_subscription_unknown, not_device_registered, device_registration_unknown, offline_initialization_recovery, requested_by_offdevice, revoked_by_cs, lending_rights, borrowing_requirements_not_met, retrieved_by_owner, limit_exceeded or revoked_by_leaving_family
elicense_typetemporary, permanent, device_linked_permanent, promotion, sapico, v_permanent or v_sharable_temporary

POST /<version>/rights/lending/confirm

FieldDescription
owner_na_idOwner Nintendo account id
rights_idsList of rights ids

POST /<version>/rights/lending/reserve

FieldDescription
borrower_na_idBorrower Nintendo account id
rights_idsList of rights ids

POST /<version>/rights/lending/retrieve

FieldDescription
rights_idsList of rights ids

POST /<version>/rights/lending/return

FieldDescription
owner_na_idOwner Nintendo account id
rights_idsList of rights ids

POST /<version>/rights/lending/revoke

FieldDescription
owner_na_idOwner Nintendo account id
rights_idsList of rights ids

The server sends an empty response on success.

POST /<version>/rights/lending/revoke_reservations

FieldDescription
rights_idsList of rights ids

The server sends an empty response on success.

POST /<version>/rights/publish_device_linked_elicenses

This method takes no arguments.

Response on success:

FieldDescription
elicensesList of e-licenses

Each entry has the following fields:

FieldDescription
account_idNintendo account id
rights_idRights id
device_idDevice id
statusStatus (e.g. active)
elicense_idE-license id (32 hex digits)
elicense_typetemporary, permanent, device_linked_permanent, promotion, sapico, v_permanent or v_sharable_temporary

POST /<version>/rights/publish_elicenses

FieldDescription
rights_idsList of rights ids
elicense_typeE-license type

POST /<version>/signing_key_for_pruning_elicenses

FieldDescription
certificateDevice certificate (base64 encoded)

POST /v1/etickets/publish

FieldDescription
certificateDevice certificate (base64 encoded)
titlesList of titles

Errors

On error, the server sends the following response:

FieldDescription
typehttps://problems.dragons.nintendo.net/errors/v1/<status>/<code>
titleError title
detailError details. This field is an empty string in all errors that have been observed so far.
numberHTTP status code

If the error code is invalid_parameter, the response may contain more details under the invalid-params key, for example:

  • 'invalid-params': [{'name': 'naId', 'reason': 'must not be null'}]
  • 'invalid-params': [{'name': 'naId.accountId', 'reason': 'must match "\\p{XDigit}{16}"'}]

Known Errors

StatusCodeTitle
400duplicate_rights_id 
400exceed_upper_lending_limit 
400invalid_account_for_borrowing 
400invalid_device_certificateDevice certificate is invalid
400invalid_device_for_lending 
400invalid_eticket_template 
400invalid_lending_stateLending state is invalid
400invalid_parameterParameter is invalid
400license_active_on_lender_device 
400rights_has_already_lent 
401account_id_requiredAccount ID is required
401authentication_requiredAuthentication is required
403edge_token_not_grantable 
403invalid_rights_for_lending 
403invalid_migration_state 
403invalid_tokenToken is invalid
403license_archive_not_allowed 
403license_inactiveELicense is inactive
403license_not_grantable 
403rights_policy_not_allowed 
403system_update_required 
404license_archive_not_foundELicense archive is not found
404license_not_foundELicense is not found
404page_not_foundPage not found
404promotion_policy_not_found 
404title_not_found 
405method_not_allowedMethod not allowed
406not_acceptable 
415unsupported_media_type 
500delete_record_failed 
500insert_record_failed 
500op2_error 
500shogun_error 
500unexpected_error 
500unknown_issuer 
500update_record_failed 
503abort_retry 
503op2_maintenance 
503service_unavailable 
Contents