{"id":11050,"date":"2017-09-08T21:12:11","date_gmt":"2017-09-08T21:12:11","guid":{"rendered":"https:\/\/expressplay.local\/?page_id=11050"},"modified":"2026-02-12T04:22:30","modified_gmt":"2026-02-12T12:22:30","slug":"restapi","status":"publish","type":"page","link":"https:\/\/www.expressplay.com\/ko\/developer\/restapi\/","title":{"rendered":"REST API Documentation"},"content":{"rendered":"<style>\n\th2,h3 {\n\t\tmargin: 20px 0;\n\t}\n\t.anchor-offset {\n\t\tscroll-margin-top: 40px;\n\t}\n\tcode {\n\t\tword-break: break-all;\n\t\twhite-space: pre-wrap;\n\t\tfont-size: 14px;\n\t\tcolor: #555;\n\t\tmargin: 20px 0;\n\t}\n\ttable {\n\t\tmargin: 10px 0;\n\t\tmin-width: 768px;\n\t}\n\ttd,th {\n\t\tpadding: 10px;\n\t}\n\ttable, td, th {\n\t\tborder: 1px solid #eee;\n\t}\n\tblockquote {\n\t\tborder-left: 5px solid #eee;\n\t\tpadding: 10px 20px;\n\t\tmargin-top: 20px;\n\t}\n\tdt {\n\t\tfont-weight: 600;\n\t}\n\tdd {\n\t\tpadding-left: 10px;\n\t\tmargin-bottom: 10px;\n\t\tword-break: break-all;\n\t}\n\t.section {\n\t\toverflow-x: auto;\n\t}\n        .link-to-page {\n              color:#001e61;\n              text-decoration: underline;\n         }\n\t<\/style>\n<h2>REST API Documentation<\/h2>\n<div class=\"bg-grey-100 p-8\">\n<ol class=\"\">\n<li><a id=\"offset\" href=\"#service-region-hosts\">Service Region Hosts<\/a><\/li>\n<li><a id=\"offset\" href=\"#record-retrieval\">Record Retrieval<\/a><\/li>\n<li><a id=\"offset\" href=\"#record-retrieval-by-time\">Record Retrieval by Time<\/a><\/li>\n<li><a id=\"offset\" href=\"#archived-record-retrieval\">Archived Record Retrieval<\/a><\/li>\n<li><a id=\"offset\" href=\"#ms3-token-request\">MS3 Token Request<\/a><\/li>\n<li><a id=\"offset\" href=\"#marlin-broadband-registration-token-request\">Marlin BB Registration Token Request<\/a><\/li>\n<li><a id=\"offset\" href=\"#marlin-broadband-license-token-request\">Marlin BB License Token Request<\/a><\/li>\n<li><a id=\"offset\" href=\"#marlin-broadband-deregistration-token-request\">Marlin BB Deregistration Token Request<\/a><\/li>\n<li><a id=\"offset\" href=\"#playready-license-token-request\">PlayReady LicenseToken Request<\/a><\/li>\n<li><a id=\"offset\" href=\"#fairplay-license-token-request\">FairPlay License Token Request<\/a><\/li>\n<li><a id=\"offset\" href=\"#widevine-license-token-request\">Widevine License Token Request<\/a><\/li>\n<li><a id=\"offset\" href=\"#license-proxy\">LICENSE PROXY<\/a><\/li>\n<li><a id=\"offset\" href=\"#manifest-generation\">A\/B Manifest Generation<\/a><\/li>\n<li><a id=\"offset\" href=\"#json-errors\">JSON Errors<\/a><\/li>\n<li><a id=\"offset\" href=\"#general-error-codes\">General Error Codes<\/a><\/li>\n<\/ol><\/div>\n<p>\t<!-- SECTION 1 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"service-region-hosts\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>1\u00a0\u00a0\u00a0Service Region Hosts<\/h2>\n<p>\tThe production URLs throughout this documentation use a placeholder domain name {prod_domain} that should be replaced by the appropriate region-specific domain name as listed below. Note that your production URLs are also visible in the ExpressPlay Admin dashboard, reflecting the service region to which your service is bound. Also note that your ExpressPlay service is physically located in the datacenter of your region of choice, but your ExpressPlay service is not restricted to requests from that region.<\/p>\n<pre class=\"bg-grey-100 p-8 mb-12 mt-12\">PRODUCTION DOMAINS:\r\n\tEurope:\r\n\tservice.expressplay.com\r\n\tChina:\r\n\tservice.expressplay.cn\r\n\t<\/pre>\n<p>\tNote: All request parameters are case-sensitive.<\/p><\/div>\n<p>\t<!-- SECTION 2 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"record-retrieval\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>2\u00a0\u00a0\u00a0Record Retrieval<\/h2>\n<dl class=\"docutils\">\n<dt class=\"mb-4\">Note: The getrecord API is intended to be used for trouble-shooting purpose only and it should not be used in a production workflow. A faster\/lower latency version of this api suitable for production workflow is available at additional cost. Please contact your account manager or\u00a0<a class=\"underline\" href=\"mailto:support@expressplay.com\">support@expressplay.com<\/a>\u00a0for details.<\/dt>\n<dt><\/dt>\n<dt>Purpose<\/dt>\n<dd>Queries ExpressPlay for transaction logs for your service. Logs may be queried by one of four methods:<\/dd>\n<\/dl>\n<ol class=\"arabic simple\">\n<li>The default, if nothing else is specified, returns the most recent 32 events.<\/li>\n<li>If a string &#8216;cookie&#8217; is specified, the API returns the recent event matching this cookie. This may not be used in combination with other querying methods.<\/li>\n<li>If integers &#8216;start&#8217; and &#8216;length&#8217; are specified, this API returns records matching that range. The parameter &#8216;start&#8217; is the offset, and &#8216;length&#8217; is the number of records returned, providing a window of records. This may be iteratively called to retrieve all known records. Note that &#8216;start&#8217; does not refer to an event_id, but rather a 0-based index of all records for a service. To progressively obtain all records, a caller would request (start=0, length=200), then (start=200, length=200) and so forth until no more records are returned.<\/li>\n<\/ol>\n<blockquote><p>Using more than one method simultaneously in a request is unsupported.<\/p><\/blockquote>\n<dl class=\"docutils\">\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/api.{prod_domain}\/cmiapi\/getrecord\/<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/api.test.expressplay.com\/cmiapi\/getrecord\/<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"request-parameters\" class=\"section\">\n<h2>2.1\u00a0\u00a0\u00a0Request Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production and test customerAuthenticator can be found in the ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>type<\/td>\n<td>Either &#8220;ms3&#8221; for MS3, &#8220;bb&#8221; for Broadband, &#8220;pr&#8221; for PlayReady, &#8220;fp&#8221; for FairPlay or &#8220;wv&#8221; for Widevine. Records returned will be of this type Defaults to &#8220;ms3&#8221; if not specified.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>cookie<\/td>\n<td>The arbitrary string up to 32 characters long carried in the token and logged by the token redemption server. If cookie parameter is specified, only one record is returned in the response.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>id<\/td>\n<td>Id of requested record. This is the event_id for<br \/>\n\t&#8216;pr&#8217;<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>start<\/td>\n<td>Beginning of requested range.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>length<\/td>\n<td>Requested items in range. Only used if &#8216;start&#8217;<br \/>\n\tpassed. Maximum of 200.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote: The customerAuthenticator parameter can also be passed in an HTTP header (i.e. &#8216;customerAuthenticator: 863255912,62981eb9f1ef49d5893d71bee6181735&#8217;)<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"example-queries\" class=\"section\">\n<h2>2.2\u00a0\u00a0\u00a0Example Queries<\/h2>\n<blockquote>\n<dl class=\"docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/api.{prod_domain}\/cmiapi\/getrecord?customerAuthenticator=553,d31ab64f35724f69beb177f0c3d01e41a&amp;type=ms3<\/dd>\n<dt>Test:<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>https:\/\/api.test.expressplay.com\/cmiapi\/getrecord?customerAuthenticator=553,d31cd34f35724f69beb177f0c3d01e41a&amp;type=bb<\/dt>\n<dd>https:\/\/api.test.expressplay.com\/cmiapi\/getrecord?customerAuthenticator=553,d31cd34f35724f69beb177f0c3d01e41a&amp;type=pr<\/dd>\n<\/dl>\n<\/dd>\n<\/dl>\n<\/blockquote><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"http-response\" class=\"section\">\n<h2>2.3\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No lowlevel error<\/td>\n<td>application\/json<\/td>\n<td>JSON result<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tThe response will be of Content-Type application\/json.<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"json-contents\" class=\"section\">\n<h2>2.4\u00a0\u00a0\u00a0JSON Contents<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Optional?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>valid<\/td>\n<td>Request was valid: the service was located and the customerAuthenticator was verified.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>error<\/td>\n<td>See below and <cite>JSON Errors<\/cite> for details.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>events<\/td>\n<td>This is only set if valid is &#8216;True&#8217;. This contains the list of found records. Note that this list may be empty if nothing was found.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"events-fields-for-bb-ms3-fp-wv-pt-and-tls\" class=\"section\">\n<h2>2.5\u00a0\u00a0\u00a0Events Fields for bb, ms3, fp and wv<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"33%\" \/>\n<col width=\"12%\" \/>\n<col width=\"55%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Field<\/th>\n<th class=\"head\">Type<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>event_id<\/td>\n<td>string<\/td>\n<td>ExpressPlay-assigned string for this record.<\/td>\n<\/tr>\n<tr>\n<td>type<\/td>\n<td>string<\/td>\n<td>Type of transaction. One of &#8216;ms3License&#8217;, &#8216;bbLicense&#8217;, &#8216;bbNodeAcquisition&#8217;, &#8216;bbLinkAcquisition&#8217;, &#8216;bbUnLink&#8217;, &#8216;fpLicense&#8217; and &#8216;wvLicense&#8217;<\/td>\n<\/tr>\n<tr>\n<td>error_code<\/td>\n<td>integer<\/td>\n<td>Error code as determined by token redemption service<br \/>\n\t(see below).<\/td>\n<\/tr>\n<tr>\n<td>start_time<\/td>\n<td>datetime<\/td>\n<td>Date and time of transaction expressed in ISO<br \/>\n\t8601 format.<\/td>\n<\/tr>\n<tr>\n<td>duration<\/td>\n<td>integer<\/td>\n<td>Duration of transaction in milliseconds.<\/td>\n<\/tr>\n<tr>\n<td>device_id<\/td>\n<td>string<\/td>\n<td>Device id of the device redeeming the token.<\/td>\n<\/tr>\n<tr>\n<td>cookie<\/td>\n<td>string<\/td>\n<td>The cookie provided during token generation.<\/td>\n<\/tr>\n<tr>\n<td>expiration<\/td>\n<td>datetime<\/td>\n<td>Expiration time of this token expressed in ISO 8601 format.<\/td>\n<\/tr>\n<tr>\n<td>rental_end_date<\/td>\n<td>datetime<\/td>\n<td>Expiration time of this rental expressed in ISO 8601 format. Can be null if this record is not a rental.<\/td>\n<\/tr>\n<tr>\n<td>rental_end_seconds<\/td>\n<td>integer<\/td>\n<td>If rights type is rental, this may be positive. It represents the relative number of seconds from the time the license is issued that the license will be valid.<\/td>\n<\/tr>\n<tr>\n<td>rental_play_duration<\/td>\n<td>integer<\/td>\n<td>Time, in seconds, that the content can be played once play has started.<\/td>\n<\/tr>\n<tr>\n<td>token_id<\/td>\n<td>string<\/td>\n<td>Token identifier.<\/td>\n<\/tr>\n<tr>\n<td>content_id<\/td>\n<td>string<\/td>\n<td>Only one ID is given, no matter how many were in content.<\/td>\n<\/tr>\n<tr>\n<td>content_key_hash<\/td>\n<td>string<\/td>\n<td>Only one hash is given, no matter how many keys were in content.<\/td>\n<\/tr>\n<tr>\n<td>device_id_binding<\/td>\n<td>string<\/td>\n<td>Device ID to which the token was bound.<\/td>\n<\/tr>\n<tr>\n<td>bb_fault_code<\/td>\n<td>string<\/td>\n<td>Code of possible Broadband error.<\/td>\n<\/tr>\n<tr>\n<td>bb_fault_string<\/td>\n<td>string<\/td>\n<td>Description of possible Broadband error.<\/td>\n<\/tr>\n<tr>\n<td>control_flags<\/td>\n<td>hex string<\/td>\n<td>MS3 control flags.<\/td>\n<\/tr>\n<tr>\n<td>output_control_value<\/td>\n<td>hex string<\/td>\n<td>MS3 or Broadband output control value.<\/td>\n<\/tr>\n<tr>\n<td>output_control_flags<\/td>\n<td>hex string<\/td>\n<td>MS3 or Broadband output control flags.<\/td>\n<\/tr>\n<tr>\n<td>transaction_account_name<\/td>\n<td>string<\/td>\n<td>transaction is counted against the service that obtained the token.<\/td>\n<\/tr>\n<tr>\n<td>extension<\/td>\n<td>string<\/td>\n<td>This includes the extension_type, extension_critical_flag and extension payload separated by a comma. Only 64 char wide values are returned. If the number of characters are more than 64, only the first 30 and last 30 characters are returned.<\/td>\n<\/tr>\n<tr>\n<td>extension_type<\/td>\n<td>string<\/td>\n<td>MS3 or FP extension type. Exists only in MS3 or FP token redemption, and only one type is given, no matter how<br \/>\n\tmany were in content.<\/td>\n<\/tr>\n<tr>\n<td>extension_critical_flag<\/td>\n<td>string<\/td>\n<td>MS3 extension critical flag. Exists only in MS3 token redemption, and only one critical flag is given, no matter how many were in content.<\/td>\n<\/tr>\n<tr>\n<td>extension_payload<\/td>\n<td>string<\/td>\n<td>MS3 or FP extension payload. Exists only in MS3 or FP token redemption, and only one payload is given, no matter how many were in content. Only 64 char wide values are returned. If the number of characters are more than 64, only the first 30 and last 30 characters are returned.<\/td>\n<\/tr>\n<tr>\n<td>output_control_override_id<\/td>\n<td>string<\/td>\n<td>Broadband outputControlOverrideId. Only 64 char wide values are returned. If the number of characters are more than 64, only the first 30 and last 30 characters are returned.<\/td>\n<\/tr>\n<tr>\n<td>output_control_override_parameter<\/td>\n<td>string<\/td>\n<td>Broadband outputControlOverrideParameter. Only 64 char wide values are returned. If the number of characters are more than 64, only the first 30 and last 30 characters are returned.<\/td>\n<\/tr>\n<tr>\n<td>output_control_override_value<\/td>\n<td>integer<\/td>\n<td>Broadband outputControlOverrideValue.<\/td>\n<\/tr>\n<tr>\n<td>output_control_obligation<\/td>\n<td>string<\/td>\n<td>Broadband outputControlObligation. Only 64 char wide values are returned. If the number of characters are more than 64, only the first 30 and last 30 characters are returned.<\/td>\n<\/tr>\n<tr>\n<td>output_control_override<\/td>\n<td>string<\/td>\n<td>Broadband outputControlOverride. Only 64 char wide values are returned. If the number of characters are more than 64, only the first 30 and last 30 characters are returned.<\/td>\n<\/tr>\n<tr>\n<td>express<\/td>\n<td>boolean<\/td>\n<td>true if transaction is from an Express client; false otherwise.<\/td>\n<\/tr>\n<tr>\n<td>bundled<\/td>\n<td>boolean<\/td>\n<td>true if transaction is from a bundled Express client; false otherwise.<\/td>\n<\/tr>\n<tr>\n<td>cfid<\/td>\n<td>string<\/td>\n<td>An 8 byte hexadecimal string reference to a manufacturer&#8217;s device super-encryption key used to encrypt the content key.<\/td>\n<\/tr>\n<tr>\n<td>active_user_id<\/td>\n<td>string<\/td>\n<td>A string representation of an active user id that is at most 64 characters long<\/td>\n<\/tr>\n<tr>\n<td>asset_owner<\/td>\n<td>string<\/td>\n<td>A string representation of an asset owner for a given content<\/td>\n<\/tr>\n<tr>\n<td>client_ip<\/td>\n<td>string<\/td>\n<td>Client ip only if that information is available<\/td>\n<\/tr>\n<tr>\n<td>client_os<\/td>\n<td>string<\/td>\n<td>Client OS as available from the client request<\/td>\n<\/tr>\n<tr>\n<td>client_version<\/td>\n<td>string<\/td>\n<td>Client version as available from the client request<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"events-fields-for-playready\" class=\"section\">\n<h2>2.6\u00a0\u00a0\u00a0Events Fields for PlayReady<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"33%\" \/>\n<col width=\"12%\" \/>\n<col width=\"55%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Field<\/th>\n<th class=\"head\">Type<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>timestamp<\/td>\n<td>date<\/td>\n<td>Date representing the time stamp of the event<\/td>\n<\/tr>\n<tr>\n<td>service_id<\/td>\n<td>integer<\/td>\n<td>Service id associated with the account<\/td>\n<\/tr>\n<tr>\n<td>key_id<\/td>\n<td>GUID<\/td>\n<td>Key id expressed as a globally unique identifier<\/td>\n<\/tr>\n<tr>\n<td>device_id<\/td>\n<td>string<\/td>\n<td>A string representing the device id<\/td>\n<\/tr>\n<tr>\n<td>device_security_level<\/td>\n<td>integer<\/td>\n<td>Integer to represent the device security level<\/td>\n<\/tr>\n<tr>\n<td>ip_address<\/td>\n<td>string<\/td>\n<td>String to represent the ip address<\/td>\n<\/tr>\n<tr>\n<td>cookie<\/td>\n<td>string<\/td>\n<td>The cookie provided during token generation.<\/td>\n<\/tr>\n<tr>\n<td>event_id<\/td>\n<td>string<\/td>\n<td>The event_id of the PlayReady record<\/td>\n<\/tr>\n<tr>\n<td>duration<\/td>\n<td>integer<\/td>\n<td>Duration of transaction in milliseconds.<\/td>\n<\/tr>\n<tr>\n<td>type<\/td>\n<td>string<\/td>\n<td>Type of transaction: prLicense<\/td>\n<\/tr>\n<tr>\n<td>min_cert_security_level<\/td>\n<td>integer<\/td>\n<td>Security Level (0-3000)<\/td>\n<\/tr>\n<tr>\n<td>content_key_hash<\/td>\n<td>string<\/td>\n<td>Only one hash is given, no matter how many keys were in content.<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"2.7-event-error-codes\" class=\"section\">\n<h2>2.7\u00a0\u00a0\u00a0Event Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2030<\/td>\n<td>ExpressPlay Admin Error<\/td>\n<\/tr>\n<tr>\n<td>-2031<\/td>\n<td>Service Account Disabled<\/td>\n<\/tr>\n<tr>\n<td>-4001<\/td>\n<td>Token could not be parsed<\/td>\n<\/tr>\n<tr>\n<td>-4002<\/td>\n<td>Token could not be authenticated<\/td>\n<\/tr>\n<tr>\n<td>-4003<\/td>\n<td>Error decrypting token contents<\/td>\n<\/tr>\n<tr>\n<td>-4005<\/td>\n<td>IP Address parse error<\/td>\n<\/tr>\n<tr>\n<td>-4006<\/td>\n<td>Device could not be authenticated<\/td>\n<\/tr>\n<tr>\n<td>-4010<\/td>\n<td>Invalid Token<\/td>\n<\/tr>\n<tr>\n<td>-4011<\/td>\n<td>Token Expired<\/td>\n<\/tr>\n<tr>\n<td>-4012<\/td>\n<td>Token cannot be redeemed from this IP Address<\/td>\n<\/tr>\n<tr>\n<td>-4013<\/td>\n<td>Token cannot be redeemed by this device<\/td>\n<\/tr>\n<tr>\n<td>-4014<\/td>\n<td>Token redemption disallowed<\/td>\n<\/tr>\n<tr>\n<td>-4015<\/td>\n<td>Device reported agent execution error<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 3 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"record-retrieval-by-time\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>3\u00a0\u00a0\u00a0Record Retrieval By Time<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Queries ExpressPlay for transaction logs for your service for a given time period. Logs may be queried by one of these methods:<\/dd>\n<\/dl>\n<ol class=\"arabic simple\">\n<li>startTime and endTime have to be provided. If page and size are not provided, by default it displays page 0 (first page) and 200 records per page.<\/li>\n<li>If integers &#8216;page&#8217; and &#8216;size&#8217; are specified, this API returns &#8216;size&#8217; records of the page number specified. This may be iteratively called to retrieve all known records. Note that &#8216;page&#8217; is a 0-based index.<\/li>\n<\/ol>\n<dl class=\"docutils\">\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/api.{prod_domain}\/cmiapi\/getrecordbytime\/<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/api.test.expressplay.com\/cmiapi\/getrecordbytime\/<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"id1\" class=\"section\">\n<h2>3.1\u00a0\u00a0\u00a0Request Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production and test customerAuthenticator can be found in the ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>type<\/td>\n<td>Either &#8220;ms3&#8221; for MS3, &#8220;bb&#8221; for Broadband, &#8220;pr&#8221; for PlayReady, &#8220;fp&#8221; for FairPlay or &#8220;wv&#8221; for Widevine. Records returned will be of this type Defaults to &#8220;ms3&#8221; if not specified.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>startTime<\/td>\n<td>The value MUST be a string in <cite>RFC 3339<\/cite> _ date\/time format in the &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;). An example of an RFC 3339 date\/time is 2006-04-14T12:01:10Z. startTime shouldn&#8217;t greater than 30 days from current time.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>endTime<\/td>\n<td>The value MUST be a string in <cite>RFC 3339<\/cite> _ date\/time format in the &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;). An example of an RFC 3339 date\/time is 2006-04-14T12:01:10Z. This time shouldn&#8217;t be greater than current time and less than startTime.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>page<\/td>\n<td>Page number. Defaults to page 0 (first page) Page is a 0-based index.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>size<\/td>\n<td>Requested items on each page. Defaults to 200 if not provided. Size is limited to 2000 records.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote: The customerAuthenticator parameter can also be passed in an HTTP header (i.e. &#8216;customerAuthenticator: 863255912,62981eb9f1ef49d5893d71bee6181735&#8217;)<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id2\" class=\"section\">\n<h2>3.2\u00a0\u00a0\u00a0Example Queries<\/h2>\n<blockquote>\n<dl class=\"docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/api.{prod_domain}\/cmiapi\/getrecordbytime?customerAuthenticator=553,d31ab64f35724f69beb177f0c3d01e41a&amp;type=ms3<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/api.test.expressplay.com\/cmiapi\/getrecordbytime?customerAuthenticator=553,d31cd34f35724f69beb177f0c3d01e41a&amp;type=bb<\/dd>\n<\/dl>\n<\/blockquote><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id3\" class=\"section\">\n<h2>3.3\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No lowlevel error<\/td>\n<td>application\/json<\/td>\n<td>JSON result<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tThe response will be of Content-Type application\/json.<br \/>\n\tRefer to &#8216;Events Fields for bb, ms3, fp, wv&#8217; and &#8216;Events fields for PlayReady&#8217; tables for the events returned in the events list.<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id4\" class=\"section\">\n<h2>3.4\u00a0\u00a0\u00a0JSON Contents<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Optional?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>valid<\/td>\n<td>Request was valid: the service was located and the customerAuthenticator was verified.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>error<\/td>\n<td>See below and <cite>JSON Errors<\/cite> for details.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>events<\/td>\n<td>This is only set if valid is &#8216;True&#8217;. This contains the list of found records. Note that this list may be empty if nothing was found. Refer to &#8216;Events Fields for bb, ms3, fp and wv&#8217; table for bb, ms3, fp and wv. Refer to table<br \/>\n\t&#8216;Events fields for PlayReady&#8217; for PlayReady<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>page<\/td>\n<td>This is only set if valid is &#8216;True&#8217;. This contains the page information and the total records available.<br \/>\n\tIt will be empty if nothing was found.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 4 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"archived-record-retrieval\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>4\u00a0\u00a0\u00a0Archived Record Retrieval<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Queries ExpressPlay for transaction logs for your service for a given date.<\/dd>\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/api.{prod_domain}\/cmiapi\/getarchivedlog\/<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/api.test.expressplay.com\/cmiapi\/getarchivedlog\/<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"id5\" class=\"section\">\n<h2>4.1\u00a0\u00a0\u00a0Request Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production and test customerAuthenticator can be found in the ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>date<\/td>\n<td>The value must be a string in <cite>ISO 8601<\/cite><br \/>\n\tcalendar date format, example: 2017-01-21<\/td>\n<td>Yes<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote: The customerAuthenticator parameter can also be passed in an HTTP header (i.e. &#8216;customerAuthenticator: 863255912,62981eb9f1ef49d5893d71bee6181735&#8217;)<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id6\" class=\"section\">\n<h2>4.2\u00a0\u00a0\u00a0Example Queries<\/h2>\n<blockquote>\n<dl class=\"docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/api.{prod_domain}\/cmiapi\/getarchivedlog?customerAuthenticator=553,d31ab64f35724f69beb177f0c3d01e41a&amp;date=2017-01-21<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/api.test.expressplay.com\/cmiapi\/getarchivedlog?customerAuthenticator=553,d31cd34f35724f69beb177f0c3d01e41a&amp;date=2017-01-21<\/dd>\n<\/dl>\n<\/blockquote><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id7\" class=\"section\">\n<h2>4.3\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No lowlevel error<\/td>\n<td>application\/javascript<\/td>\n<td>Gzip JSON result<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tThe response will be of Content-Type application\/javascript and compressed with gzip.<br \/>\n\tRefer to &#8216;Events Fields for bb, ms3, fp, wv&#8217; and &#8216;Events fields for PlayReady&#8217; tables for the events returned in the events list.<\/p><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 5 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"ms3-token-request\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>5\u00a0\u00a0\u00a0MS3 Token Request<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Requests a token that can be redeemed by customer for an MS3 license. Returned token is in the form of an MS3 Compound URI.<\/dd>\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/ms3-gen.{prod_domain}\/hms\/ms3\/token<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/ms3-gen.test.expressplay.com\/hms\/ms3\/token<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET, POST (with www-url-encoded body containing parameters for both the methods)<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"token-parameters\" class=\"section\">\n<h2>5.1\u00a0\u00a0\u00a0Token Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production and test customerAuthenticator can be found in the ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>errorFormat<\/td>\n<td>Either &#8220;html&#8221; or &#8220;json&#8221;. If &#8220;html&#8221; (the default) an HTML representation of any errors is provided in the entity body of the response. If &#8220;json&#8221; is specified, a structured response in json format is returned. See <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for details. The mime type of the response will be as either &#8220;text\/uri-list&#8221; on success, &#8220;text\/html&#8221; for &#8220;html&#8221; error format, or &#8220;application\/json&#8221; for &#8220;json&#8221; error format.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"license-parameters\" class=\"section\">\n<h2>5.2\u00a0\u00a0\u00a0License Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"28%\" \/>\n<col width=\"56%\" \/>\n<col width=\"16%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>\n<p class=\"first\">contentId<\/p>\n<p class=\"last\">contentId.N<\/p>\n<\/td>\n<td>URI that identifies a content id. Any number of these can be provided, but a matching number of contentKey parameters must be provided. If a single content id is supplied, the parameter contentId can be used. If multiple<br \/>\n\tcontent ids are supplied, the parameters should be named, contentId.0, contentId.1, etc. to match the corresponding contentKey.N parameters. Note that numbering is 0-based (the first content id should be contentId.0).<\/td>\n<td>Yes, unless kek and kid are provided<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">contentKey<\/p>\n<p class=\"last\">contentKey.N<\/p>\n<\/td>\n<td>A hexadecimal string representation of the<br \/>\n\tcontent key associated with the corresponding<br \/>\n\tcontentId. Any number of these can be provided,<br \/>\n\tbut a matching number of contentId parameters<br \/>\n\tmust be provided. If a single content key is<br \/>\n\tsupplied, the parameter contentKey can be used.<br \/>\n\tIf multiple content keys are supplied, the<br \/>\n\tparameters should be named contentKey.0,<br \/>\n\tcontentKey.1, etc. to match the corresponding<br \/>\n\tcontentId.N parameters. Note that numbering is<br \/>\n\t0-based (the first content key should be<br \/>\n\tcontentKey.0).<\/td>\n<td>Yes, unless kek, ek and kid are provided<\/td>\n<\/tr>\n<tr>\n<td>kek<\/td>\n<td>Key Encryption Key. Keys are stored encrypted<br \/>\n\twith a KEK using a key wrapping algorithm<br \/>\n\t(AES Key Wrap, RFC3394). If kek is supplied,<br \/>\n\teither one of kid or ek needs to be supplied<br \/>\n\tand not both. In both the cases, contentId<br \/>\n\tneeds to be provided.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">kid<\/p>\n<p class=\"last\">kid.N<\/p>\n<\/td>\n<td>A unique 16 byte key id or a string &#8216;^somestring&#8217;<br \/>\n\t. The length of the string followed by the &#8216;^&#8217;<br \/>\n\tcannot be greater than 128 characters. Any number<br \/>\n\tof these can be provided. If a single kid is<br \/>\n\tsupplied, the parameter kid can be used. If<br \/>\n\tmultiple key ids are supplied, the parameters<br \/>\n\tare to be named, kid.0, kid.1, etc. Note that<br \/>\n\tthe numbering is 0-based (the first key id<br \/>\n\tshould be kid.0).<br \/>\n\tThese have to match the number of content ids.<br \/>\n\tIf kid is passed as a &#8216;^somestring&#8217;, kid is<br \/>\n\tsimply computed as the truncated SHA1 hash of<br \/>\n\tthe string. Check the note below for an example.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">ek<\/p>\n<p class=\"last\">ek.N<\/p>\n<\/td>\n<td>A hex string representation of the encrypted<br \/>\n\tcontent key associated with the corresponding<br \/>\n\tcontentId. Any number of these can be provided,<br \/>\n\tbut a matching number of contentId parameters<br \/>\n\tmust be provided. If a single encrypted content<br \/>\n\tkey is supplied, the parameter ek can be used.<br \/>\n\tIf multiple keys are supplied, the<br \/>\n\tparameters should be named ek.0,<br \/>\n\tek.1, etc. to match the corresponding<br \/>\n\tcontentId.N parameters. Note that numbering is<br \/>\n\t0-based (the first encrypted content key should<br \/>\n\tbe ek.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>contentURL<\/td>\n<td>Content URL. See note below regarding its<br \/>\n\ttreatment as a template.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>contentUrlAuthenticator<\/td>\n<td>Arbitrary string to be used to authenticate the<br \/>\n\tcontent URL (optional). This value is<br \/>\n\tautomatically embedded in the Content URL, if<br \/>\n\tthat url specifies the placeholder<br \/>\n\t{s:authenticator}.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>logContentInfo<\/td>\n<td>if &#8220;true&#8221;, logs contentURL,<br \/>\n\tcontentUrlAuthenticator, content ids, and<br \/>\n\ta hash of the content keys.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>controlFlags<\/td>\n<td>MS3 Control Flags, as a 1-byte hex value.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>outputControlFlags<\/td>\n<td>MS3 Output Control Flags, as a 4-byte hex value.<br \/>\n\tMust be provided if outputControlValue is<br \/>\n\tspecified.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>outputControlValue<\/td>\n<td>MS3 Output Control Value, as a 4-byte hex value.<br \/>\n\tMust be provided if outputControlFlags is<br \/>\n\tspecified.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>ms3Extension<\/td>\n<td>A short form wrapping extensionType,<br \/>\n\textensionCriticalFlag, and extensionPayload,<br \/>\n\tas a comma separated string.<br \/>\n\tEither one of ms3Extension or extensionType\/<br \/>\n\textensionCriticalFlag\/extensionPayload can be<br \/>\n\tpassed. See format below.<br \/>\n\tExample:<br \/>\n\t&#8230;&amp;ms3Extension=wudo,false,AAAAAA==&amp;&#8230;<\/td>\n<td>No,<br \/>\n\tany number<br \/>\n\tcan be used<\/td>\n<\/tr>\n<tr>\n<td>extensionType<\/td>\n<td>An arbitrary 4-letter word representing a 32-bit<br \/>\n\tidentifier for an Extension. Each letter&#8217;s 8-bit<br \/>\n\tASCII code is the corresponding 8-bit byte<br \/>\n\tportion of the identifier. For example, the<br \/>\n\tidentifier value 0x61626364 (hexadecimal) would<br \/>\n\tbe written &#8216;abcd&#8217;, because the ASCII code for &#8216;a&#8217;<br \/>\n\tis 0x61, etc.<\/td>\n<td>No,<br \/>\n\tif used<br \/>\n\tonly one<br \/>\n\tshould be<br \/>\n\tprovided<\/td>\n<\/tr>\n<tr>\n<td>extensionCriticalFlag<\/td>\n<td>&#8220;true&#8221; if critical, &#8220;false&#8221; if not critical.<\/td>\n<td>Yes, when<br \/>\n\textensionType<br \/>\n\tis specified.<\/td>\n<\/tr>\n<tr>\n<td>extensionPayload<\/td>\n<td>A base64 encoded string of the Extension<br \/>\n\tdescription.<\/td>\n<td>Yes, when<br \/>\n\textensionType<br \/>\n\tis specified.<\/td>\n<\/tr>\n<tr>\n<td>ms3Scheme<\/td>\n<td>If &#8220;true&#8221;, the url scheme of the token response<br \/>\n\twill begin with ms3:\/\/. If &#8220;false&#8221; or parameter<br \/>\n\tnot specified, the url scheme will start with<br \/>\n\thttps:\/\/<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>cfid<\/td>\n<td>An 8 byte hexadecimal string reference to a<br \/>\n\tmanufacturer&#8217;s device super-encryption key<br \/>\n\tused to encrypt the content key. This can be<br \/>\n\tused only with device bound licenses.<br \/>\n\tOnly one content key can be specified.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>activeUserId<\/td>\n<td>A string representation of an active user id<br \/>\n\tthat is at most 64 characters long.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>ms3SchemaType<\/td>\n<td>The system supports only the ms3 schema type. License services ms3h and ms3hs are not enabled by default<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"token-restriction-parameters\" class=\"section\">\n<h2>5.3\u00a0\u00a0\u00a0Token Restriction Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>expirationTime<\/td>\n<td>Expiration time of this token. This value MUST<br \/>\n\tbe in the &#8216;RFC 3339&#8217; _ date\/time format in<br \/>\n\tthe &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;) format or<br \/>\n\tan integer preceded by a + sign. An<br \/>\n\texample of an RFC 3339 date\/time is<br \/>\n\t2006-04-14T12:01:10Z.<br \/>\n\tIf the value is a string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a><br \/>\n\tdate\/time format, then it represents an absolute<br \/>\n\texpiration date\/time for the token.<br \/>\n\tIf the value is an integer<br \/>\n\tpreceded by a + sign, then it is interpreted as<br \/>\n\ta relative number of seconds, from issuance, that<br \/>\n\tthe token is valid. For example, +60 specifies<br \/>\n\tone minute. The maximum and default (if not<br \/>\n\tspecified) token lifetime is 30 days.<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>deviceId<\/td>\n<td>Device id to which to bind token. This value<br \/>\n\twill be the same as the NEMO node id of the<br \/>\n\tclient device.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote about kid: For example, if the hash of string is: 0123456789ABCDEF0123456789ABCDEF01234567, the truncated SHA1 hash is 0123456789ABCDEF0123456789ABCDEF (first 32 characters)<\/p>\n<p>\tNote: The contentURL parameter is treated as a template, with template parameters<br \/>\n\treplaced with appropriate values. The only currently defined template parameter<br \/>\n\tis s:authenticator, which will be replaced by the value of the authenticator<br \/>\n\tparameter specified in the token generation request. A sample contentURL might<br \/>\n\tbe http:\/\/www.bok.net\/music\/get-token?auth= {s:authenticator}&amp;cid=8967F56D<\/p>\n<p>\tNote: For MS3, contentId is not mandatory when kid\/kek are provided in the token request. The MS3 service computes the contentId as the implicit content ID per Marlin spec, as &#8220;urn:marlin:kid:&#8221; + KID,. If your content IDs differ from this pattern, as for instance when using Marlin BBTS content IDs, the contentId parameter has to be specified explicitly.<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"correlation-parameters\" class=\"section\">\n<h2>5.4\u00a0\u00a0\u00a0Correlation Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>cookie<\/td>\n<td>Arbitrary string up to 32 characters long<br \/>\n\tcarried in the token and logged<br \/>\n\tby the token redemption server. Can be used to<br \/>\n\tcorrelate log entries at the redemption server<br \/>\n\tand those at the service provider&#8217;s servers.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id8\" class=\"section\">\n<h2>5.5\u00a0\u00a0\u00a0Example Queries<\/h2>\n<blockquote>\n<dl class=\"docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/ms3-gen.{prod_domain}\/hms\/ms3\/token?customerAuthenticator=790,0e8c78e70c574ddd82731f77b889c1b0&amp;contentId.0=1234123412341234&amp;contentKey.0=12311232123312341235123612371238&amp;contentURL=www.test1234.com\/test\/test\/test.mp4<\/dd>\n<dd>https:\/\/ms3-gen.{prod_domain}\/hms\/ms3\/token?customerAuthenticator=790,0e8c78e70c574ddd82731f77b889c1b0&amp;contentId.0=1234123412341234&amp;kek=01112233445566778899aabbccddeeff&amp;kid.0=519139C2BD60DBE70F8C15714BF2A00B&amp;contentURL=www.test1234.com\/test\/test\/test.mp4<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/ms3-gen.test.expressplay.com\/hms\/ms3\/token?customerAuthenticator=790,0e8c78e70c574ddd82731f77b889c1b0&amp;contentId.0=1234123412341234&amp;contentKey.0=12311232123312341235123612371238&amp;contentURL=www.test1234.com\/test\/test\/test.mp4<\/dd>\n<dd>https:\/\/ms3-gen.test.expressplay.com\/hms\/ms3\/token?customerAuthenticator=790,0e8c78e70c574ddd82731f77b889c1b0&amp;contentId.0=1234123412341234&amp;kek=01112233445566778899aabbccddeeff&amp;kid.0=519139C2BD60DBE70F8C15714BF2A00BcontentURL=www.test1234.com\/test\/test\/test.mp4<\/dd>\n<\/dl>\n<\/blockquote><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id9\" class=\"section\">\n<h2>5.6\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No error.<\/td>\n<td>text\/uri-list<\/td>\n<td>MS3 Compound URI<\/td>\n<\/tr>\n<tr>\n<td>400 Bad Request<\/td>\n<td>Invalid args<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>401 Unauthorized<\/td>\n<td>Auth failed<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote: Depending on the value of the errorFormat parameter, the response will either be of<br \/>\n\tContent-Type text\/html or application\/json. In the case of text\/html, the message, formatted<br \/>\n\tas HTML will provide an error code and error message in human-readable format. In the case<br \/>\n\tof application\/json, see <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for the representation of the error code and error<br \/>\n\tmessage.<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id10\" class=\"section\">\n<h2>5.7\u00a0\u00a0\u00a0Event Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2001<\/td>\n<td>Invalid token version<\/td>\n<\/tr>\n<tr>\n<td>-2002<\/td>\n<td>Invalid token expiration time: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2003<\/td>\n<td>Invalid IP address<\/td>\n<\/tr>\n<tr>\n<td>-2005<\/td>\n<td>Invalid content key: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2006<\/td>\n<td>Mismatch in number of content IDs and content keys specified<\/td>\n<\/tr>\n<tr>\n<td>-2007<\/td>\n<td>Invalid control flags specified: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2008<\/td>\n<td>Invalid output control flags specified: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2009<\/td>\n<td>Invalid output control value specified: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2017<\/td>\n<td>Authentication token must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-2018<\/td>\n<td>Authentication token invalid: &lt;details&gt; Note: This can happen<br \/>\n\tif the authenticator is wrong or when accessing the test API<br \/>\n\tat *.test.expressplay.com using the production authenticator<br \/>\n\tand vice versa. IMPORTANT: The Test SDK and Advanced Test<br \/>\n\tTool (ATT) only work with *.test.expressplay.com, whereas<br \/>\n\tproduction devices must use *.service.expressplay.com.<\/td>\n<\/tr>\n<tr>\n<td>-2019<\/td>\n<td>Insufficient tokens available<\/td>\n<\/tr>\n<tr>\n<td>-2026<\/td>\n<td>Missing content ID<\/td>\n<\/tr>\n<tr>\n<td>-2027<\/td>\n<td>Content key must be 32-hexadecimal digits long<\/td>\n<\/tr>\n<tr>\n<td>-2029<\/td>\n<td>Invalid content ID<\/td>\n<\/tr>\n<tr>\n<td>-2030<\/td>\n<td>ExpressPlay Admin error<\/td>\n<\/tr>\n<tr>\n<td>-2031<\/td>\n<td>Service Account Disabled<\/td>\n<\/tr>\n<tr>\n<td>-2032<\/td>\n<td>Invalid MS3 Token Type<\/td>\n<\/tr>\n<tr>\n<td>-2033<\/td>\n<td>Invalid cookie<\/td>\n<\/tr>\n<tr>\n<td>-2035<\/td>\n<td>No corresponding value specified<\/td>\n<\/tr>\n<tr>\n<td>-2036<\/td>\n<td>Extension type should be 4 characters<\/td>\n<\/tr>\n<tr>\n<td>-2037<\/td>\n<td>Extension payload should be Base64 encoded<\/td>\n<\/tr>\n<tr>\n<td>-2038<\/td>\n<td>Extension critical flag should be true or false<\/td>\n<\/tr>\n<tr>\n<td>-2045<\/td>\n<td>Only one of ms3Scheme or ms3SchemeType can be specified<\/td>\n<\/tr>\n<tr>\n<td>-2046<\/td>\n<td>Invalid ms3SchemeType value<\/td>\n<\/tr>\n<tr>\n<td>-2048<\/td>\n<td>Log content info flag should be true or false<\/td>\n<\/tr>\n<tr>\n<td>-2054<\/td>\n<td>Invalid cfid length specified<\/td>\n<\/tr>\n<tr>\n<td>-2055<\/td>\n<td>Invalid cfid specified<\/td>\n<\/tr>\n<tr>\n<td>-2056<\/td>\n<td>Invalid active user id length specified<\/td>\n<\/tr>\n<tr>\n<td>-2057<\/td>\n<td>Unauthorized service specified<\/td>\n<\/tr>\n<tr>\n<td>-2058<\/td>\n<td>Request parameters specified are unacceptable<\/td>\n<\/tr>\n<tr>\n<td>-2059<\/td>\n<td>Invalid MS3Extension parameters specified<\/td>\n<\/tr>\n<tr>\n<td>-2060<\/td>\n<td>Only one content key can be specified if cfid is provided<\/td>\n<\/tr>\n<tr>\n<td>-2062<\/td>\n<td>Marlin option disabled<\/td>\n<\/tr>\n<tr>\n<td>-2149<\/td>\n<td>Use either extensionType or ms3Extension parameter<\/td>\n<\/tr>\n<tr>\n<td>-2150<\/td>\n<td>Use only one parameter set with extensionType<br \/>\n\tuse ms3Extenstion parameter if several are required<\/td>\n<\/tr>\n<tr>\n<td>-3004<\/td>\n<td>Invalid error format specified: &lt;format&gt;<\/td>\n<\/tr>\n<tr>\n<td>-3006<\/td>\n<td>Content URL must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-4001<\/td>\n<td>Device could not be authenticated<\/td>\n<\/tr>\n<tr>\n<td>-4010<\/td>\n<td>Invalid token<\/td>\n<\/tr>\n<tr>\n<td>-4017<\/td>\n<td>Mismatch in number of content IDs and kids specified<\/td>\n<\/tr>\n<tr>\n<td>-4018<\/td>\n<td>Missing Kid<\/td>\n<\/tr>\n<tr>\n<td>-4019<\/td>\n<td>Failed to get content key from key storage service<\/td>\n<\/tr>\n<tr>\n<td>-4020<\/td>\n<td>Kid must be 32 hexadecimal characters long<\/td>\n<\/tr>\n<tr>\n<td>-4021<\/td>\n<td>Kid must be 64 characters long after the ^<\/td>\n<\/tr>\n<tr>\n<td>-4023<\/td>\n<td>Mismatch in number of content IDs and encrypted keys specified<\/td>\n<\/tr>\n<tr>\n<td>-4024<\/td>\n<td>Invalid encrypted key or kek<\/td>\n<\/tr>\n<tr>\n<td>-4025<\/td>\n<td>Only one of ek or kid can be provided<\/td>\n<\/tr>\n<tr>\n<td>-7001<\/td>\n<td>At least one content ID must be supplied<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 6 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"marlin-broadband-registration-token-request\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>6\u00a0\u00a0\u00a0Marlin Broadband Registration Token Request<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Requests a token that can be redeemed by customer to register a broadband device.<br \/>\n\tToken is in the form of a Marlin action token.<\/dd>\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/bb-gen.{prod_domain}\/hms\/bb\/token<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET, POST (with www-url-encoded body containing parameters for both the methods)<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"id11\" class=\"section\">\n<h2>6.1\u00a0\u00a0\u00a0Token Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production<br \/>\n\tand test customerAuthenticator can be found in<br \/>\n\tthe ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>actionTokenType<\/td>\n<td>Must be 0. Signifies registration action token.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>errorFormat<\/td>\n<td>Either &#8220;html&#8221; or &#8220;json&#8221;. If &#8220;html&#8221; (the default)<br \/>\n\tan HTML representation of any errors is provided<br \/>\n\tin the entity body of the response. If &#8220;json&#8221; is<br \/>\n\tspecified, a structured response in json format<br \/>\n\tis returned. See <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for details.<br \/>\n\tThe mime type of the response will be as either<br \/>\n\t&#8220;text\/uri-list&#8221; on success, &#8220;text\/html&#8221; for<br \/>\n\t&#8220;html&#8221; error format, or &#8220;application\/json&#8221; for<br \/>\n\t&#8220;json&#8221; error format.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"registration-parameters\" class=\"section\">\n<h2>6.2\u00a0\u00a0\u00a0Registration Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>userId<\/td>\n<td>An id used to uniquely identify a user. This can<br \/>\n\tbe any value generated and managed by the<br \/>\n\trequestor that uniquely identifies an end user.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>userKey<\/td>\n<td>The hexadecimal representation of a 16-byte<br \/>\n\tseed value that ExpressPlay uses to generate a<br \/>\n\tkey to protect content keys in user-bound<br \/>\n\tlicenses. This value is should be generated,<br \/>\n\thard to guess, and permanently associated with<br \/>\n\tthe corresponding userId. Broadband license<br \/>\n\ttoken requests for user-bound licenses will need<br \/>\n\tto specify this same value (and userId).<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>registrationEndTime<\/td>\n<td>Registration end date. This value MUST<br \/>\n\tbe in the &#8216;RFC 3339&#8217; _ date\/time format in<br \/>\n\tthe &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;) format or<br \/>\n\tan integer preceded by a + sign.<br \/>\n\tIf the value is a string<br \/>\n\tin <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time format, then it represents<br \/>\n\tan absolute expiration date\/time for the<br \/>\n\tregistration. An example of an RFC 3339 date\/time<br \/>\n\tis 2006-04-14T12:01:10Z. If the value is an<br \/>\n\tinteger preceded by a + sign, it is taken as a<br \/>\n\trelative number of seconds from the time the<br \/>\n\tregistration is issued that the registration will<br \/>\n\tbe valid.<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id12\" class=\"section\">\n<h2>6.3\u00a0\u00a0\u00a0Token Restriction Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"25%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>expirationTime<\/td>\n<td>Expiration time of this token. This value MUST<br \/>\n\tbe in the &#8216;RFC 3339&#8217; _ date\/time format in<br \/>\n\tthe &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;) format or<br \/>\n\tan integer preceded by a + sign. If the value is<br \/>\n\ta string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time format, then it<br \/>\n\trepresents an absolute expiration date\/time for<br \/>\n\tthe token. An example of an RFC 3339 date\/time is<br \/>\n\t2006-04-14T12:01:10Z. If the value is an integer<br \/>\n\tpreceded by a + sign, then it is interpreted as<br \/>\n\ta relative number of seconds, from issuance, that<br \/>\n\tthe token is valid. For example, +60 specifies<br \/>\n\tone minute. The maximum and default (if not<br \/>\n\tspecified) token lifetime is 30 days.<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>deviceId<\/td>\n<td>Device id to which to bind token. This value<br \/>\n\twill be the same as the NEMO node id of the<br \/>\n\tclient device.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id13\" class=\"section\">\n<h2>6.4\u00a0\u00a0\u00a0Correlation Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>cookie<\/td>\n<td>Arbitrary string up to 32 characters long<br \/>\n\tcarried in the token and logged<br \/>\n\tby the token redemption server. Can be used to<br \/>\n\tcorrelate log entries at the redemption server<br \/>\n\tand those at the service provider&#8217;s servers.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id14\" class=\"section\">\n<h2>6.5\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No error.<\/td>\n<td>\n<dl class=\"first last docutils\">\n<dt>application\/vnd.marlin.<\/dt>\n<dd>drm.actiontoken+xml<\/dd>\n<\/dl>\n<\/td>\n<td>Registration Action<br \/>\n\tToken<\/td>\n<\/tr>\n<tr>\n<td>400 Bad Request<\/td>\n<td>Invalid args<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>401 Unauthorized<\/td>\n<td>Auth failed<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote: Depending on the value of the errorFormat parameter, the response will either be of<br \/>\n\tContent-Type text\/html or application\/json. In the case of text\/html, the message, formatted<br \/>\n\tas HTML will provide an error code and error message in human-readable format. In the case<br \/>\n\tof application\/json, see <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for the representation of the error code and error<br \/>\n\tmessage.<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id15\" class=\"section\">\n<h2>6.6\u00a0\u00a0\u00a0Event Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2001<\/td>\n<td>Invalid token version<\/td>\n<\/tr>\n<tr>\n<td>-2002<\/td>\n<td>Invalid token expiration time: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2003<\/td>\n<td>Invalid IP address<\/td>\n<\/tr>\n<tr>\n<td>-2010<\/td>\n<td>Invalid User Key: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2011<\/td>\n<td>Missing user key<\/td>\n<\/tr>\n<tr>\n<td>-2014<\/td>\n<td>Missing action token type<\/td>\n<\/tr>\n<tr>\n<td>-2017<\/td>\n<td>Authentication token must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-2018<\/td>\n<td>Authentication token invalid: &lt;details&gt; Note: This can happen<br \/>\n\tif the authenticator is wrong or when accessing the test API<br \/>\n\tat *.test.expressplay.com using the production authenticator<br \/>\n\tand vice versa. IMPORTANT: The Test SDK and Advanced Test<br \/>\n\tTool (ATT) only work with *.test.expressplay.com, whereas<br \/>\n\tproduction devices must use *.service.expressplay.com.<\/td>\n<\/tr>\n<tr>\n<td>-2019<\/td>\n<td>Insufficient tokens available<\/td>\n<\/tr>\n<tr>\n<td>-2030<\/td>\n<td>ExpressPlay Admin error<\/td>\n<\/tr>\n<tr>\n<td>-2031<\/td>\n<td>Service Account Disabled<\/td>\n<\/tr>\n<tr>\n<td>-2033<\/td>\n<td>Invalid cookie<\/td>\n<\/tr>\n<tr>\n<td>-2048<\/td>\n<td>Log content info flag should be true or false<\/td>\n<\/tr>\n<tr>\n<td>-3004<\/td>\n<td>Invalid error format specified: &lt;format&gt;<\/td>\n<\/tr>\n<tr>\n<td>-4001<\/td>\n<td>Device could not be authenticated<\/td>\n<\/tr>\n<tr>\n<td>-4016<\/td>\n<td>Invalid registration end time<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 7 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"marlin-broadband-license-token-request\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>7\u00a0\u00a0\u00a0Marlin Broadband License Token Request<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Requests a token that can be redeemed by customer for a broadband license.<br \/>\n\tToken is in the form of a Marlin action token.<\/dd>\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/bb-gen.{prod_domain}\/hms\/bb\/token<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET, POST (with www-url-encoded body containing parameters for both the methods)<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"id16\" class=\"section\">\n<h2>7.1\u00a0\u00a0\u00a0Token Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production<br \/>\n\tand test customerAuthenticator can be found in<br \/>\n\tthe ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>actionTokenType<\/td>\n<td>Must be 1. Signifies license action token.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>errorFormat<\/td>\n<td>Either &#8220;html&#8221; or &#8220;json&#8221;. If &#8220;html&#8221; (the default)<br \/>\n\tan HTML representation of any errors is provided<br \/>\n\tin the entity body of the response. If &#8220;json&#8221; is<br \/>\n\tspecified, a structured response in json format<br \/>\n\tis returned. See <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for details.<br \/>\n\tThe mime type of the response will be as either<br \/>\n\t&#8220;text\/uri-list&#8221; on success, &#8220;text\/html&#8221; for<br \/>\n\t&#8220;html&#8221; error format, or &#8220;application\/json&#8221; for<br \/>\n\t&#8220;json&#8221; error format.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id17\" class=\"section\">\n<h2>7.2\u00a0\u00a0\u00a0License Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"29%\" \/>\n<col width=\"42%\" \/>\n<col width=\"29%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>\n<p class=\"first\">contentId<\/p>\n<p class=\"last\">contentId.N<\/p>\n<\/td>\n<td>URI that identifies the content id. Any number<br \/>\n\tof these can be provided, but a matching<br \/>\n\tnumber of contentKey parameters must be<br \/>\n\tprovided. If multiple contentId values are<br \/>\n\tprovided, they are correlated with<br \/>\n\tcorresponding contentKey values positionally.<br \/>\n\tAlternatively, the parameters can be named<br \/>\n\tcontentId.0, contentId.1, etc. to match the<br \/>\n\tcorresponding contentKey.N parameters. Note<br \/>\n\tthat numbering is 0-based (the first content<br \/>\n\tid must be contentId.0).<\/td>\n<td>Yes, unless kek and kid are<br \/>\n\tprovided.<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">contentKey<\/p>\n<p class=\"last\">contentKey.N<\/p>\n<\/td>\n<td>A hexadecimal string representation of the<br \/>\n\tcontent key associated with the corresponding<br \/>\n\tcontentId. Any number of these can be<br \/>\n\tprovided, but a matching number of contentId<br \/>\n\tparameters must be provided. If contentKey<br \/>\n\tparameter name is used to specify the content<br \/>\n\tids, then contentKey parameter name should be<br \/>\n\tused for the content keys, and the order of<br \/>\n\tcontent keys should match the content ids. If<br \/>\n\tthe content ids are specified using the<br \/>\n\tcontentId.N nomenclature, corresponding<br \/>\n\tcontent keys must be named contentKey.0,<br \/>\n\tcontentKey.1, etc. to match the content ids.<br \/>\n\tNote that numbering is 0-based (the first<br \/>\n\tcontent key should be contentKey.0).<\/td>\n<td>Yes, unless kek, ek and kid are<br \/>\n\tprovided.<\/td>\n<\/tr>\n<tr>\n<td>kek<\/td>\n<td>Key Encryption Key. Keys are stored encrypted<br \/>\n\twith a KEK using a key wrapping algorithm<br \/>\n\t(AES Key Wrap, RFC3394). If kek is supplied,<br \/>\n\teither one of kid or ek needs to be supplied<br \/>\n\tand not both. In both the cases, contentId<br \/>\n\tneeds to be provided.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">kid<\/p>\n<p class=\"last\">kid.N<\/p>\n<\/td>\n<td>A unique 16 byte key id or a string &#8216;^somestring&#8217;. The length of the string followed by the &#8216;^&#8217; cannot be greater than 128 characters. Any number of these can be provided. If a single kid is supplied, the parameter kid can be used. If multiple key ids are supplied, the parameters are to be named, kid.0, kid.1, etc. Note that<br \/>\n\tthe numbering is 0-based (the first key id should be kid.0).<br \/>\n\tThese have to match the number of content ids<br \/>\n\tIf kid is passed as a &#8216;^somestring&#8217;, kid is simply computed as the truncated SHA1 hash of the string.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">ek<\/p>\n<p class=\"last\">ek.N<\/p>\n<\/td>\n<td>A hex string representation of the encrypted<br \/>\n\tcontent key associated with the corresponding<br \/>\n\tcontentId. Any number of these can be provided<br \/>\n\tbut a matching number of contentId parameters<br \/>\n\tmust be provided. If a single encrypted<br \/>\n\tcontent key is supplied, the parameter ek can<br \/>\n\tbe used. If multiple keys are supplied, the<br \/>\n\tparameters should be named ek.0,<br \/>\n\tek.1, etc. to match the corresponding<br \/>\n\tcontentId.N parameters. Note that numbering is<br \/>\n\t0-based (the first encrypted content key<br \/>\n\tshould be ek.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>logContentInfo<\/td>\n<td>if &#8220;true&#8221;, logs content ids, and a hash of<br \/>\n\tcontent keys.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>rightsType<\/td>\n<td>Specifies the kind of rights. Must be BuyToOwn<br \/>\n\tor Rental.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>rental.periodEndTime<\/td>\n<td>Rental end date. This value MUST be in the<br \/>\n\t&#8216;RFC 3339&#8217; _ date\/time format in the &#8216;Z&#8217; zone<br \/>\n\tdesignator (&#8220;Zulu time&#8221;) format or an integer<br \/>\n\tpreceded by a + sign.<br \/>\n\tIf the value is a <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time<br \/>\n\tformat, then it represents an<br \/>\n\tabsolute expiration date\/time for the<br \/>\n\tlicense. An example of an RFC 3339 date\/time<br \/>\n\tis 2006-04-14T12:01:10Z. If the value is an<br \/>\n\tinteger preceded by a + sign, it is taken as<br \/>\n\ta relative number of seconds from the time the<br \/>\n\tlicense is issued that the license will be<br \/>\n\tvalid. The content cannot be played after this<br \/>\n\ttime. Only valid if rightsType is Rental.<br \/>\n\tRental date cannot exceed 5555-12-31T12:00:00Z<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>Yes, when rightsType is<br \/>\n\tRental.<\/td>\n<\/tr>\n<tr>\n<td>rental.playDuration<\/td>\n<td>Time, in seconds, that the content can be<br \/>\n\tplayed once play has started. Only valid if<br \/>\n\trightsType is Rental and the license is bound<br \/>\n\tto a user.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>userId<\/td>\n<td>An id used to uniquely identify a user. This<br \/>\n\tcan be any value generated and managed by the<br \/>\n\trequestor that uniquely identifies an end<br \/>\n\tuser. It should match the value provided in<br \/>\n\tthe registration request for the same user.<br \/>\n\tThe hexadecimal representation of a 16-byte<br \/>\n\tIf not provided, the license will be bound to<br \/>\n\tdevice.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>userKey<\/td>\n<td>The hexadecimal representation of a 16-byte<br \/>\n\tseed value that ExpressPlay uses to generate<br \/>\n\ta key to protect content keys in user-bound<br \/>\n\tlicenses. This value should match the value<br \/>\n\tduring the registration token request for the<br \/>\n\tcorresponding user. If userId is provided,<br \/>\n\tthen userKey must be supplied. If neither is<br \/>\n\tsupplied the license will be bound to the<br \/>\n\tdevice.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>outputControlFlags<\/td>\n<td>A 4-byte hex value to indicate which values<br \/>\n\tfrom the outputControlValue will be used. See<br \/>\n\toutputControlFlags section below for details.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>outputControlValue<\/td>\n<td>A 4-byte hex value used to store values of<br \/>\n\tthe desired OutputControl in the license. See<br \/>\n\toutputControlValue section below for details.<\/td>\n<td>Yes, if outputControlFlags is<br \/>\n\tspecified<\/td>\n<\/tr>\n<tr>\n<td>outputControlObligation<\/td>\n<td>\n<p class=\"first\">A comma separated list of 3 strings indicating<br \/>\n\tthe technology ID, the parameter name, and the<br \/>\n\tparameter value. Any number can be provided.<br \/>\n\tWhen the technology is SecureContentPath and<br \/>\n\tthe parameter name is SecurityClass, the value<br \/>\n\tis a . separated list of 3 strings:<br \/>\n\t&#8211; base64 encoded content ID<br \/>\n\tASCII encoding is used for contentId prior<br \/>\n\tto base64 encoding<br \/>\n\t&#8211; an int representing the &#8220;portions&#8221;<br \/>\n\t&#8211; base64 encoded predicate byte array<br \/>\n\tSee the OutputControl Specification 1.0.3+<br \/>\n\tExamples:<br \/>\n\toutputControlObligation=SecureContentPath,<br \/>\n\tDefaultSecurityClass,0<\/p>\n<dl class=\"last docutils\">\n<dt>outputControlObligation=SecureContentPath,<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>SecurityClass,&lt;base64 contentid&gt;<\/dt>\n<dd>.&lt;int portion&gt;.&lt;base64 predicate&gt;<\/dd>\n<\/dl>\n<\/dd>\n<\/dl>\n<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>outputControlOverride<\/td>\n<td>A comma separated list of 3 strings indicating<br \/>\n\tthe technology ID, the parameter name, and the<br \/>\n\tparameter value. Any number can be provided.<br \/>\n\tSee above for SecureContentPath handling.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>outputControlOverrideId<br \/>\n\tdeprecated use<br \/>\n\toutputControlObligation<\/td>\n<td>Unique identifier for output control<br \/>\n\ttechnology. A string id, for example<br \/>\n\t&#8220;<a class=\"reference external\" href=\"urn:marlin:organization:intertrust:wudo\">urn:marlin:organization:intertrust:wudo<\/a>&#8220;.<br \/>\n\tMust not contain &#8216; &#8216;, &#8216;\\&#8217;, &#8221;, &#8216;&amp;&#8217;, &#8216;&lt;&#8216;,<br \/>\n\t&#8216;&gt;&#8217;, &#8216;[&#8216;, &#8216;]&#8217;, &#8216;^&#8217;, &#8216;`&#8217;, &#8216;{&#8216;, &#8216;|&#8217;, &#8216;}&#8217;, &#8216;~&#8217;.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>outputControlOverrideParameter<br \/>\n\tdeprecated use<br \/>\n\toutputControlObligation<\/td>\n<td>A string parameter name, for example<br \/>\n\t&#8220;ImageConstraintLevel&#8221;. Valid if<br \/>\n\toutputControlOverrideId is specified. Must<br \/>\n\tnot contain &#8216; &#8216;, &#8216;\\&#8217;, &#8221;, &#8216;&amp;&#8217;, &#8216;&lt;&#8216;, &#8216;&gt;&#8217;,<br \/>\n\t&#8216;[&#8216;, &#8216;]&#8217;, &#8216;^&#8217;, &#8216;`&#8217;, &#8216;{&#8216;, &#8216;|&#8217;, &#8216;}&#8217;, &#8216;~&#8217;.<\/td>\n<td>Yes, if<br \/>\n\toutputControlOverrideId<br \/>\n\tis present<\/td>\n<\/tr>\n<tr>\n<td>outputControlOverrideValue<br \/>\n\tdeprecated use<br \/>\n\toutputControlObligation<\/td>\n<td>An integer value. for example 0. Valid if<br \/>\n\toutputControlOverrideParameter is specified.<\/td>\n<td>Yes, if<br \/>\n\toutputControlOverrideParameter<br \/>\n\tis present<\/td>\n<\/tr>\n<tr>\n<td>cfid<\/td>\n<td>An 8 byte hexadecimal string reference to a<br \/>\n\tmanufacturer&#8217;s device super-encryption key<br \/>\n\tused to encrypt the content key. This can be<br \/>\n\tused only with device bound licenses. Only<br \/>\n\tone content key can be specified.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>activeUserId<\/td>\n<td>A string representation of an active user id<br \/>\n\tthat is at most 64 characters long.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id18\" class=\"section\">\n<h2>7.3\u00a0\u00a0\u00a0Token Restriction Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"25%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>expirationTime<\/td>\n<td>Expiration time of this token. This value MUST<br \/>\n\ta string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time format in<br \/>\n\tthe &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;) or an<br \/>\n\tinteger preceded by a + sign.<br \/>\n\tAn example of an RFC 3339 date\/time is<br \/>\n\t2006-04-14T12:01:10Z.<br \/>\n\tIf the value is a string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a><br \/>\n\tdate\/time format, then it represents an absolute<br \/>\n\texpiration date\/time for the token.<br \/>\n\tIf the value is an integer preceded by a<br \/>\n\t+ sign, then it is interpreted as a relative<br \/>\n\tnumber of seconds, from issuance, that<br \/>\n\tthe token is valid. For example, +60 specifies<br \/>\n\tone minute. The maximum and default (if not<br \/>\n\tspecified) token lifetime is 30 days.<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>deviceId<\/td>\n<td>Device id to which to bind token. This value<br \/>\n\twill be the same as the NEMO node id of the<br \/>\n\tclient device.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id19\" class=\"section\">\n<h2>7.4\u00a0\u00a0\u00a0Correlation Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>cookie<\/td>\n<td>Arbitrary string up to 32 characters long<br \/>\n\tcarried in the token and logged<br \/>\n\tby the token redemption server. Can be used to<br \/>\n\tcorrelate log entries at the redemption server<br \/>\n\tand those at the service provider&#8217;s servers.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"outputcontrolflags\" class=\"section\">\n<h2>7.5\u00a0\u00a0\u00a0outputControlFlags:<\/h2>\n<div class=\"line-block\">\n<div class=\"line\">bit vector of flags indicating which fields are signalled in the outputControlValue. When a flag in this vector is set to 1, the Client SHALL set the output control parameters as specified by the corresponding bit-field in the outputControlValue.<\/div>\n<\/p><\/div>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"25%\" \/>\n<col width=\"42%\" \/>\n<col width=\"33%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Flag Bit<br \/>\n\t(0 is the least<br \/>\n\tsignificant bit)<\/th>\n<th class=\"head\">Output Control Technology<\/th>\n<th class=\"head\">Field name<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>0<\/td>\n<td>BasicCCI<\/td>\n<td>DigitalOnlyToken<\/td>\n<\/tr>\n<tr>\n<td>1<\/td>\n<td>BasicCCI<\/td>\n<td>EPN<\/td>\n<\/tr>\n<tr>\n<td>2<\/td>\n<td>BasicCCI<\/td>\n<td>CCI<\/td>\n<\/tr>\n<tr>\n<td>3<\/td>\n<td>BasicCCI<\/td>\n<td>ImageConstraintToken<\/td>\n<\/tr>\n<tr>\n<td>4<\/td>\n<td>BasicCCI<\/td>\n<td>APS<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>DTCP<\/td>\n<td>RetentionMoveMode<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>DTCP<\/td>\n<td>RetentionState<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>DTCP<\/td>\n<td>EPN<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>DTCP<\/td>\n<td>DTCP_CCI<\/td>\n<\/tr>\n<tr>\n<td>9<\/td>\n<td>DTCP<\/td>\n<td>ImageConstraintToken<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>DTCP<\/td>\n<td>APS<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"outputcontrolvalue\" class=\"section\">\n<h2>7.6\u00a0\u00a0\u00a0outputControlValue:<\/h2>\n<div class=\"line-block\">\n<div class=\"line\">bit fields indicating the value of zero or more output control fields.The fields are encoded as follows:<\/div>\n<\/p><\/div>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"25%\" \/>\n<col width=\"42%\" \/>\n<col width=\"33%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Bit range<br \/>\n\t(0 is the least<br \/>\n\tsignificant bit)<\/th>\n<th class=\"head\">Output Control Technology<\/th>\n<th class=\"head\">Field name<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>0<\/td>\n<td>BasicCCI<\/td>\n<td>DigitalOnlyToken<\/td>\n<\/tr>\n<tr>\n<td>1.4<\/td>\n<td>BasicCCI<\/td>\n<td>Reserved<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>BasicCCI<\/td>\n<td>EPN<\/td>\n<\/tr>\n<tr>\n<td>6.7<\/td>\n<td>BasicCCI<\/td>\n<td>CCI<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>BasicCCI<\/td>\n<td>ImageConstraintToken<\/td>\n<\/tr>\n<tr>\n<td>9.10<\/td>\n<td>BasicCCI<\/td>\n<td>APS<\/td>\n<\/tr>\n<tr>\n<td>11<\/td>\n<td>DTCP<\/td>\n<td>RetentionMoveMode<\/td>\n<\/tr>\n<tr>\n<td>12..14<\/td>\n<td>DTCP<\/td>\n<td>RetentionState<\/td>\n<\/tr>\n<tr>\n<td>15<\/td>\n<td>DTCP<\/td>\n<td>EPN<\/td>\n<\/tr>\n<tr>\n<td>16..17<\/td>\n<td>DTCP<\/td>\n<td>DTCP_CCI<\/td>\n<\/tr>\n<tr>\n<td>18<\/td>\n<td>DTCP<\/td>\n<td>ImageConstraintToken<\/td>\n<\/tr>\n<tr>\n<td>19..20<\/td>\n<td>DTCP<\/td>\n<td>APS<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id20\" class=\"section\">\n<h2>7.7\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No error.<\/td>\n<td>\n<dl class=\"first last docutils\">\n<dt>application\/vnd.marlin.<\/dt>\n<dd>drm.actiontoken+xml<\/dd>\n<\/dl>\n<\/td>\n<td>License Action<br \/>\n\tToken<\/td>\n<\/tr>\n<tr>\n<td>400 Bad Request<\/td>\n<td>Invalid args<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>401 Unauthorized<\/td>\n<td>Auth failed<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote about kid: For example, if the hash of string is: 0123456789ABCDEF0123456789ABCDEF01234567, the truncated SHA1 hash is 0123456789ABCDEF0123456789ABCDEF (first 32 characters)<\/p>\n<p>\tNote: Depending on the value of the errorFormat parameter, the response will either be of<br \/>\n\tContent-Type text\/html or application\/json. In the case of text\/html, the message, formatted<br \/>\n\tas HTML will provide an error code and error message in human-readable format. Error codes will be negative integer values.<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id21\" class=\"section\">\n<h2>7.8\u00a0\u00a0\u00a0Event Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2001<\/td>\n<td>Invalid token version<\/td>\n<\/tr>\n<tr>\n<td>-2002<\/td>\n<td>Invalid token expiration time: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2003<\/td>\n<td>Invalid IP address<\/td>\n<\/tr>\n<tr>\n<td>-2005<\/td>\n<td>Invalid content key: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2006<\/td>\n<td>Mismatch in number of content IDs and content keys specified<\/td>\n<\/tr>\n<tr>\n<td>-2008<\/td>\n<td>Invalid output control flags specified: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2009<\/td>\n<td>Invalid output control value specified: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2010<\/td>\n<td>Invalid user key: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2011<\/td>\n<td>Missing user key<\/td>\n<\/tr>\n<tr>\n<td>-2013<\/td>\n<td>Invalid action token type: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2014<\/td>\n<td>Missing action token type<\/td>\n<\/tr>\n<tr>\n<td>-2017<\/td>\n<td>Authentication token must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-2018<\/td>\n<td>Authentication token invalid: &lt;details&gt; Note: This can happen<br \/>\n\tif the authenticator is wrong or when accessing the test API<br \/>\n\tat *.test.expressplay.com using the production authenticator<br \/>\n\tand vice versa. IMPORTANT: The Test SDK and Advanced Test<br \/>\n\tTool (ATT) only work with *.test.expressplay.com, whereas<br \/>\n\tproduction devices must use *.service.expressplay.com.<\/td>\n<\/tr>\n<tr>\n<td>-2019<\/td>\n<td>Insufficient tokens available<\/td>\n<\/tr>\n<tr>\n<td>-2020<\/td>\n<td>Missing rights type<\/td>\n<\/tr>\n<tr>\n<td>-2021<\/td>\n<td>Invalid rights type<\/td>\n<\/tr>\n<tr>\n<td>-2022<\/td>\n<td>Missing rental period end time<\/td>\n<\/tr>\n<tr>\n<td>-2023<\/td>\n<td>Missing rental play duration<\/td>\n<\/tr>\n<tr>\n<td>-2025<\/td>\n<td>Invalid rental play duration<\/td>\n<\/tr>\n<tr>\n<td>-2026<\/td>\n<td>Missing content ID<\/td>\n<\/tr>\n<tr>\n<td>-2027<\/td>\n<td>Content key must be 32-hexadecimal digits long<\/td>\n<\/tr>\n<tr>\n<td>-2029<\/td>\n<td>Invalid content ID<\/td>\n<\/tr>\n<tr>\n<td>-2030<\/td>\n<td>ExpressPlay Admin error: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2031<\/td>\n<td>Service Account Disabled<\/td>\n<\/tr>\n<tr>\n<td>-2033<\/td>\n<td>Invalid cookie<\/td>\n<\/tr>\n<tr>\n<td>-2034<\/td>\n<td>Invalid Output Control, values out of specified range<\/td>\n<\/tr>\n<tr>\n<td>-2035<\/td>\n<td>No corresponding value specified<\/td>\n<\/tr>\n<tr>\n<td>-2039<\/td>\n<td>OutputControlFlags and OutputControlValue are inconsistent<\/td>\n<\/tr>\n<tr>\n<td>-2040<\/td>\n<td>OutputControlFlag must be encode 4 bytes<\/td>\n<\/tr>\n<tr>\n<td>-2041<\/td>\n<td>OutputControlValue must encode 4 bytes<\/td>\n<\/tr>\n<tr>\n<td>-2042<\/td>\n<td>Invalid outputControlOverrideId<\/td>\n<\/tr>\n<tr>\n<td>-2043<\/td>\n<td>Invalid outputControlOverrideParameter<\/td>\n<\/tr>\n<tr>\n<td>-2048<\/td>\n<td>Log content info flag should be true or false<\/td>\n<\/tr>\n<tr>\n<td>-2054<\/td>\n<td>Invalid cfid length specified<\/td>\n<\/tr>\n<tr>\n<td>-2055<\/td>\n<td>Invalid cfid specified<\/td>\n<\/tr>\n<tr>\n<td>-2056<\/td>\n<td>Invalid active user id length specified<\/td>\n<\/tr>\n<tr>\n<td>-2060<\/td>\n<td>Only one content key can be specified if cfid is provided<\/td>\n<\/tr>\n<tr>\n<td>-2145<\/td>\n<td>OutputControl Params are of the form technology,param,value<\/td>\n<\/tr>\n<tr>\n<td>-2146<\/td>\n<td>Invalid SecurityClass parameter format<\/td>\n<\/tr>\n<tr>\n<td>-2147<\/td>\n<td>Use either outputControlFlags or outputControlObligation<br \/>\n\tfor specifying output control technologies<\/td>\n<\/tr>\n<tr>\n<td>-2148<\/td>\n<td>Invalid output control parameter for this technology<\/td>\n<\/tr>\n<tr>\n<td>-2151<\/td>\n<td>Use either outputControlOverrideId or outputControlOverride<br \/>\n\tfor specifying output control override technologies<\/td>\n<\/tr>\n<tr>\n<td>-3004<\/td>\n<td>Invalid error format specified: &lt;format&gt;<\/td>\n<\/tr>\n<tr>\n<td>-3006<\/td>\n<td>Content URL must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-4001<\/td>\n<td>Device could not be authenticated<\/td>\n<\/tr>\n<tr>\n<td>-4017<\/td>\n<td>Mismatch in number of content IDs and kids specified<\/td>\n<\/tr>\n<tr>\n<td>-4018<\/td>\n<td>Missing Kid<\/td>\n<\/tr>\n<tr>\n<td>-4019<\/td>\n<td>Failed to get content key from key storage service<\/td>\n<\/tr>\n<tr>\n<td>-4020<\/td>\n<td>Kid must be 32 hexadecimal characters long<\/td>\n<\/tr>\n<tr>\n<td>-4021<\/td>\n<td>Kid must be 64 characters long after the ^<\/td>\n<\/tr>\n<tr>\n<td>-4023<\/td>\n<td>Mismatch in number of content IDs and encrypted keys specified<\/td>\n<\/tr>\n<tr>\n<td>-4024<\/td>\n<td>Invalid encrypted key or kek<\/td>\n<\/tr>\n<tr>\n<td>-4025<\/td>\n<td>Only one of ek or kid can be provided<\/td>\n<\/tr>\n<tr>\n<td>-7001<\/td>\n<td>At least one content ID must be supplied<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 8 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"marlin-broadband-deregistration-token-request\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>8\u00a0\u00a0\u00a0Marlin Broadband Deregistration Token Request<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Requests a token that can be redeemed by customer to deregister a broadband<br \/>\n\tdevice. Token is in the form of a Marlin action token.<\/dd>\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/bb-gen.{prod_domain}\/hms\/bb\/token<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET, POST (with www-url-encoded body containing parameters for both the methods)<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"id22\" class=\"section\">\n<h2>8.1\u00a0\u00a0\u00a0Token Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production<br \/>\n\tand test customerAuthenticator can be found in<br \/>\n\tthe ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>actionTokenType<\/td>\n<td>Must be 2. Signifies deregister action token.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>errorFormat<\/td>\n<td>Either &#8220;html&#8221; or &#8220;json&#8221;. If &#8220;html&#8221; (the default)<br \/>\n\tan HTML representation of any errors is provided<br \/>\n\tin the entity body of the response. If &#8220;json&#8221; is<br \/>\n\tspecified, a structured response in json format<br \/>\n\tis returned. See <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for details.<br \/>\n\tThe mime type of the response will be as either<br \/>\n\t&#8220;text\/uri-list&#8221; on success, &#8220;text\/html&#8221; for<br \/>\n\t&#8220;html&#8221; error format, or &#8220;application\/json&#8221; for<br \/>\n\t&#8220;json&#8221; error format.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"deregistration-parameters\" class=\"section\">\n<h2>8.2\u00a0\u00a0\u00a0Deregistration Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>userId<\/td>\n<td>An id used to uniquely identify a user. This can<br \/>\n\tbe any value generated and managed by the<br \/>\n\trequestor that uniquely identifies an end user.<br \/>\n\t&#8220;userId&#8221; must be the same value as the &#8220;userId&#8221;<br \/>\n\tin the corresponding &#8220;register&#8221; action token<br \/>\n\trequest.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id23\" class=\"section\">\n<h2>8.3\u00a0\u00a0\u00a0Token Restriction Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>expirationTime<\/td>\n<td>Expiration time of this token. This value MUST<br \/>\n\ta string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time format in<br \/>\n\tthe &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;) or an<br \/>\n\tinteger preceded by a + sign. If the value is a<br \/>\n\tstring in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time format, then it<br \/>\n\trepresents an absolute expiration date\/time for<br \/>\n\tthe token. An example of an RFC 3339 date\/time is<br \/>\n\t2006-04-14T12:01:10Z. If the value is an integer<br \/>\n\tpreceded by a + sign,then it is interpreted as a<br \/>\n\trelative number of seconds, from issuance, that<br \/>\n\tthe token is valid.For example,+60 specifies one<br \/>\n\tminute. The maximum and default(if not specified)<br \/>\n\ttoken lifetime is 30 days.<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>deviceId<\/td>\n<td>Device id to which to bind token. This value will<br \/>\n\tbe the same as the NEMO node id of the client<br \/>\n\tdevice.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id24\" class=\"section\">\n<h2>8.4\u00a0\u00a0\u00a0Correlation Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>cookie<\/td>\n<td>Arbitrary string up to 32 characters long<br \/>\n\tcarried in the token and logged<br \/>\n\tby the token redemption server. Can be used to<br \/>\n\tcorrelate log entries at the redemption server<br \/>\n\tand those at the service provider&#8217;s servers.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id25\" class=\"section\">\n<h2>8.5\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No error.<\/td>\n<td>application\/vnd.marlin.drm.act<br \/>\n\tiontoken+xml<\/td>\n<td>Deregistration Action<br \/>\n\tToken<\/td>\n<\/tr>\n<tr>\n<td>400 Bad Request<\/td>\n<td>Invalid args<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>401 Unauthorized<\/td>\n<td>Auth failed<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote: Depending on the value of the errorFormat parameter, the response will either be of<br \/>\n\tContent-Type text\/html or application\/json. In the case of text\/html, the message, formatted<br \/>\n\tas HTML will provide an error code and error message in human-readable format. In the case<br \/>\n\tof application\/json, see <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for the representation of the error code and error<br \/>\n\tmessage.<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id26\" class=\"section\">\n<h2>8.6\u00a0\u00a0\u00a0Event Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2001<\/td>\n<td>Invalid token version<\/td>\n<\/tr>\n<tr>\n<td>-2002<\/td>\n<td>Invalid token expiration time: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2013<\/td>\n<td>Invalid action token type: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2014<\/td>\n<td>Missing action token type<\/td>\n<\/tr>\n<tr>\n<td>-2017<\/td>\n<td>Authentication token must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-2018<\/td>\n<td>Authentication token invalid: &lt;details&gt; Note: This can happen<br \/>\n\tif the authenticator is wrong or when accessing the test API<br \/>\n\tat *.test.expressplay.com using the production authenticator<br \/>\n\tand vice versa. IMPORTANT: The Test SDK and Advanced Test<br \/>\n\tTool (ATT) only work with *.test.expressplay.com, whereas<br \/>\n\tproduction devices must use *.service.expressplay.com.<\/td>\n<\/tr>\n<tr>\n<td>-2019<\/td>\n<td>Insufficient tokens available<\/td>\n<\/tr>\n<tr>\n<td>-2030<\/td>\n<td>ExpressPlay Admin error<\/td>\n<\/tr>\n<tr>\n<td>-2031<\/td>\n<td>Service Account Disabled<\/td>\n<\/tr>\n<tr>\n<td>-2033<\/td>\n<td>Invalid cookie<\/td>\n<\/tr>\n<tr>\n<td>-2048<\/td>\n<td>Log content info flag should be true or false<\/td>\n<\/tr>\n<tr>\n<td>-3004<\/td>\n<td>Invalid error format specified: &lt;format&gt;<\/td>\n<\/tr>\n<tr>\n<td>-4001<\/td>\n<td>Device could not be authenticated<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 9 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"playready-license-token-request\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>9\u00a0\u00a0\u00a0PlayReady License Token Request<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Requests a token that can be redeemed by customer for a PlayReady license.<\/dd>\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/pr-gen.{prod_domain}\/hms\/pr\/token<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/pr-gen.test.expressplay.com\/hms\/pr\/token<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET, POST (with www-url-encoded body containing parameters for both the methods)<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"id27\" class=\"section\">\n<h2>9.1\u00a0\u00a0\u00a0Token Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production<br \/>\n\tand test customerAuthenticator can be found in<br \/>\n\tthe ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>errorFormat<\/td>\n<td>Either &#8220;html&#8221; or &#8220;json&#8221;. If &#8220;html&#8221; (the default)<br \/>\n\tan HTML representation of any errors is provided<br \/>\n\tin the entity body of the response. If &#8220;json&#8221; is<br \/>\n\tspecified, a structured response in json format<br \/>\n\tis returned. See <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for details.<br \/>\n\tThe mime type of the response will be as either<br \/>\n\t&#8220;text\/uri-list&#8221; on success, &#8220;text\/html&#8221; for<br \/>\n\t&#8220;html&#8221; error format, or &#8220;application\/json&#8221; for<br \/>\n\t&#8220;json&#8221; error format.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id28\" class=\"section\">\n<h2>9.2\u00a0\u00a0\u00a0License Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"28%\" \/>\n<col width=\"44%\" \/>\n<col width=\"28%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>generalFlags<\/td>\n<td>A 4 byte hexadecimal string representing the<br \/>\n\tlicense flags. When set to \u201800000000\u2019 the<br \/>\n\tlicense will be non-persistent, eg a new license<br \/>\n\twill be required for each playback such as<br \/>\n\tis usual in streaming scenarios. Rental<br \/>\n\tlicenses (rightsType=Rental) and Buy-To-Own<br \/>\n\tlicense SHOULD be flagged with \u201800000001&#8242; to<br \/>\n\tpersist at the client, and to allow content<br \/>\n\tto be played repeatedly without requiring a new<br \/>\n\tlicense each time.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>kek<\/td>\n<td>Key Encryption Key. Keys are stored encrypted<br \/>\n\twith a KEK using a key wrapping algorithm<br \/>\n\t(AES Key Wrap, RFC3394).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">kid<\/p>\n<p class=\"last\">kid.N<\/p>\n<\/td>\n<td>A 16 byte hexadecimal string representation<br \/>\n\tof the content encryption key id or a string<br \/>\n\t&#8216;^somestring&#8217;. The length of the string<br \/>\n\tfollowed by the &#8216;^&#8217; cannot be greater than<br \/>\n\t128 characters. Any number of these can be<br \/>\n\tprovided. If a single kid is supplied,<br \/>\n\tthe parameter kid can be used. If<br \/>\n\tmultiple key ids are supplied, the parameters<br \/>\n\tare to be named, kid.0, kid.1, etc. Note that<br \/>\n\tthe numbering is 0-based (the first key id<br \/>\n\tshould be kid.0).<br \/>\n\tThese have to match the number of content keys.<br \/>\n\tIf kid is passed as a &#8216;^somestring&#8217;, kid is<br \/>\n\tsimply computed as the truncated SHA1 hash of<br \/>\n\tthe string.<\/td>\n<td>\n<p>Yes<\/p>\n<p>Note: Non-mandatory for LICENSE PROXY<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">ek<\/p>\n<p class=\"last\">ek.N<\/p>\n<\/td>\n<td>A hex string representation of the encrypted<br \/>\n\tcontent key associated with the corresponding<br \/>\n\tkey id. Any number of these can be<br \/>\n\tbut a matching number of kid parameters<br \/>\n\tmust be provided. If a single encrypted<br \/>\n\tcontent key is supplied, the parameter ek can<br \/>\n\tbe used. If multiple keys are supplied, the<br \/>\n\tparameters should be named ek.0,<br \/>\n\tek.1, etc. to match the corresponding<br \/>\n\tkid.N parameters. Note that numbering is<br \/>\n\t0-based (the first encrypted content key<br \/>\n\tshould be ek.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">contentKey<\/p>\n<p class=\"last\">contentKey.N<\/p>\n<\/td>\n<td>A 16 byte hexadecimal string representation of<br \/>\n\tthe content encryption key. Any number<br \/>\n\tof these can be provided, but a<br \/>\n\tmatching number of kid parameters<br \/>\n\tmust be provided. If a single contentKey<br \/>\n\tis supplied, the parameter contentKey can be<br \/>\n\tused. If multiple keys are supplied, the<br \/>\n\tparameters should be named contentKey.0,<br \/>\n\tcontentKey.1, etc. to match the corresponding<br \/>\n\tkid.N parameters. Note that numbering is<br \/>\n\t0-based (the first content key<br \/>\n\tshould be contentKey.0).<\/td>\n<td>Yes, unless kek, ek and kid are<br \/>\n\tprovided.<\/td>\n<\/tr>\n<tr>\n<td>rightsType<\/td>\n<td>Specifies the kind of rights. Must be BuyToOwn<br \/>\n\tor Rental.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>rental.periodEndTime<\/td>\n<td>Rental end date. This value MUST be in the<br \/>\n\t&#8216;RFC 3339&#8217; _ date\/time format in the &#8216;Z&#8217; zone<br \/>\n\tdesignator (&#8220;Zulu time&#8221;) format or an integer<br \/>\n\tpreceded by a + sign.<br \/>\n\tIf the value is a <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time<br \/>\n\tformat, then it represents an<br \/>\n\tabsolute expiration date\/time for the<br \/>\n\tlicense. An example of an RFC 3339 date\/time<br \/>\n\tis 2006-04-14T12:01:10Z. If the value is an<br \/>\n\tinteger preceded by a + sign, it is taken as<br \/>\n\ta relative number of seconds from the time the<br \/>\n\ttoken is issued. The content cannot be played<br \/>\n\tafter this time. Only valid if rightsType is<br \/>\n\tRental. Use the encoded form &#8220;%2B&#8221; when<br \/>\n\tspecifying the + sign.<\/td>\n<td>Yes, when rightsType is<br \/>\n\tRental.<\/td>\n<\/tr>\n<tr>\n<td>rental.playDuration<\/td>\n<td>Time, in seconds, that the content can be<br \/>\n\tplayed once play has started. Only valid if<br \/>\n\trightsType is Rental.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>analogVideoOPL, analogVideoOPL.N<\/td>\n<td>Integer value to indicate the Output Protection Level for analog video. Any number of these can be provided to represent for each track. If a single analogVideoOPL is supplied, the parameter analogVideoOPL can be used. If multiple of these are supplied, the parameters should be named analogVideoOPL.0, analogVideoOPL.1, etc. Note that numbering 0-based (the first analogVideoOPL should be analogVideoOPL.0). The values allowed by Microsoft are: 100, 150, 200<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>compressedDigitalAudioOPL, compressedDigitalAudioOPL.N<\/td>\n<td>Integer value to indicate the Output Protection Level for compressed digital audio. Any number of these can be provided to represent for each track. If a single compressedDigitalAudioOPL is supplied, the parameter compressedDigitalAudioOPL can be used. If multiple of these are supplied, the parameters should be named compressedDigitalAudioOPL.0, compressedDigitalAudioOPL.1, etc. Note that numbering 0-based (the first compressedDigitalAudioOPL should be compressedDigitalAudioOPL.0). The values allowed by Microsoft are: 100, 150, 200, 250, 300<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>compressedDigitalVideoOPL, compressedDigitalVideoOPL.N<\/td>\n<td>Integer value to indicate the Output Protection Level for compressed digital video. Any number of these can be provided to represent for each track. If a single compressedDigitalVideoOPL is supplied, the parameter compressedDigitalVideoOPL can be used. If multiple of these are supplied, the parameters should be named compressedDigitalVideoOPL.0, compressedDigitalVideoOPL.1, etc. Note that numbering 0-based (the first compressedDigitalVideoOPL should be compressedDigitalVideoOPL.0). The values allowed by Microsoft are: 400, 500<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>uncompressedDigitalAudioOPL, uncompressedDigitalAudioOPL.N<\/td>\n<td>Integer value to indicate the Output Protection Level for uncompressed digital audio. Any number of these can be provided to represent for each track. If a single uncompressedDigitalAudioOPL is supplied, the parameter compressedDigitalVideoOPL can be used. If multiple of these are supplied, the parameters should be named uncompressedDigitalAudioOPL.0, uncompressedDigitalAudioOPL.1, etc. Note that numbering 0-based (the first uncompressedDigitalAudioOPL should be uncompressedDigitalAudioOPL.0). The values allowed by Microsoft are: 100, 150, 200, 250, 300<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>uncompressedDigitalVideoOPL, uncompressedDigitalVideoOPL.N<\/td>\n<td>Integer value to indicate the Output Protection Level for uncompressed digital video. Any number of these can be provided to represent for each track. If a single uncompressedDigitalVideoOPL is supplied, the parameter uncompressedDigitalVideoOPL can be used. If multiple of these are supplied, the parameters should be named uncompressedDigitalVideoOPL.0, uncompressedDigitalVideoOPL.1, etc. Note that numbering 0-based (the first uncompressedDigitalVideoOPL should be uncompressedDigitalVideoOPL.0). The values allowed by Microsoft are: 100, 250, 270, 300<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>unknownOutputBehavior<\/td>\n<td>Required behavior when the output is unknown. Allowed values: &#8216;Allow&#8217;, &#8216;Disallow&#8217; or &#8216;SDOnly&#8217; Default is &#8216;Disallow&#8217;.<\/td>\n<td>No<\/td>\n<\/tr>\n<p>\t<!--\n\t\n\n<tr>\n\t\n\n<td>outputControlFlags<\/td>\n\n\n\t\n\n<td>A 4-byte hex value to indicate the flags\n\tfor other output control options<\/td>\n\n\n\t\n\n<td>No<\/td>\n\n\n\t<\/tr>\n\n\n\t\n\n<tr>\n\t\n\n<td>extensionType<\/td>\n\n\n\t\n\n<td>An arbitrary 4-letter word representing a 32-bit\n\tidentifier for an Extension. Each letter's 8-bit\n\tASCII code is the corresponding 8-bit byte\n\tportion of the identifier. For example, the\n\tidentifier value 0x61626364 (hexadecimal) would\n\tbe written 'abcd', because the ASCII code for 'a'\n\tis 0x61, etc.<\/td>\n\n\n\t\n\n<td>No<\/td>\n\n\n\t<\/tr>\n\n\n\t\n\n<tr>\n\t\n\n<td>extensionPayload<\/td>\n\n\n\t\n\n<td>A base64 encoded string of the Extension.<\/td>\n\n\n\t\n\n<td>Yes, when extensionType is\n\tspecified.<\/td>\n\n\n\t<\/tr>\n\n\n\t--><\/p>\n<tr>\n<td>minCertSecurityLevel, minCertSecurityLevel.N<\/td>\n<td>Security level (150, 2000, 3000. Default is 2000. Any number of these can be provided to represent for each track. If a single minCertSecurityLevel is supplied, the parameter minCertSecurityLevel can be used. If multiple of these are supplied, the parameters should be named minCertSecurityLevel.0, minCertSecurityLevel.1, etc. Note that numbering 0-based (the first minCertSecurityLevel should be minCertSecurityLevel.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>useHttps<\/td>\n<td>If a value of &#8220;true&#8221; is passed, license service<br \/>\n\turl will contain https in the response.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>automaticGainControlAndColorStripe, automaticGainControlAndColorStripe.N<\/td>\n<td>Valid values are 0, 1, 2 and 3. PlayReady CRs, table 6.5.1 Explicit Analog Video Output Protection GUID: {C3FD11C6-F8B7-4d20-B008-1DB17D61F2DA} Any number of these can be provided to represent for each track. If a single automaticGainControlAndColorStripe is supplied, the parameter autmaticGainControlAndColorStripe can be used. If multiple of these are supplied, the parameters should be named automaticGainControlAndColorStripe.0, automcaticGainControlAndColorStripe.1, etc. Note that numbering 0-based (the first automaticGainControlAndColorStripe should be automaticGainControlAndColorStripe.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>algId<\/td>\n<td>Valid values are &#8216;aescbc&#8217; and &#8216;aesctr&#8217;. If the challenge has this value specified, it has to match the value passed in the token request.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>hdcpTypeRestriction, hdcpTypeRestriction.N<\/td>\n<td>Valid value is true. HDCP Type 1 enforced. PlayReady CRs, table 6.6.1 Explicit Digital Video Output Restriction GUID: {ABB2C6F1-E663-4625-A945-972D17B231E7} Any number of these can be provided to represent for each track. If a single hdcpTypeRestriction is supplied, the parameter hdcpTypeRestriction can be used. If multiple of these are supplied, the parameters should be named hdcpTypeRestriction.0, hdcpTypeRestriction.1, etc. Note that numbering 0-based (the first hdcpTypeRestriction should be hdcpTypeRestriction.0). Default is false.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>maximumResolutionDecode, maximumResolutionDecode.N<\/td>\n<td>Parameters correspond to \u201cMaximum Frame Width in Pixels, Maximum Frame Height in Pixels\u201d PlayReady CRs, table 6.6.1 Explicit Digital Video Output Restriction GUID: {9645E831- E01D-4FFF-8342-0A720E3E028F} integer, integer. Any value between 0 and 4294967294 are allowed for width and height Any number of these can be provided to represent for each track. If a single maximumResolutionDecode is supplied, the parameter maximumResolutionDecode can be used. If multiple of these are supplied, the parameters should be named maximumResolutionDecode.0, maximumResolutionDecode.1, etc. Note that numbering 0-based (the first maximumResolutionDecode should be maximumResolutionDecode.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>prFlag<\/td>\n<td>Default value is false. When enabled, the ready to use token will be returned instead of the json format(the default case)<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id29\" class=\"section\">\n<h2>9.3\u00a0\u00a0\u00a0Token Restriction Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"25%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>expirationTime<\/td>\n<td>Expiration time of this token. This value MUST<br \/>\n\ta string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time format in<br \/>\n\tthe &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;) or an<br \/>\n\tinteger preceded by a + sign.<br \/>\n\tAn example of an RFC 3339 date\/time is<br \/>\n\t2006-04-14T12:01:10Z.<br \/>\n\tIf the value is a string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a><br \/>\n\tdate\/time format, then it represents an absolute<br \/>\n\texpiration date\/time for the token.<br \/>\n\tIf the value is an integer preceded by a<br \/>\n\t+ sign, then it is interpreted as a relative<br \/>\n\tnumber of seconds, from issuance, that<br \/>\n\tthe token is valid. For example, +60 specifies<br \/>\n\tone minute. The maximum and default (if not<br \/>\n\tspecified) token lifetime is 30 days.<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>deviceId<\/td>\n<td>A 16 byte hexadecimal string to represent the<br \/>\n\tDevice id to which to bind token.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id30\" class=\"section\">\n<h2>9.4\u00a0\u00a0\u00a0Correlation Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>cookie<\/td>\n<td>Arbitrary string up to 32 characters long<br \/>\n\tcarried in the token and logged<br \/>\n\tby the token redemption server. Can be used to<br \/>\n\tcorrelate log entries at the redemption server<br \/>\n\tand those at the service provider&#8217;s servers.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id31\" class=\"section\">\n<h2>9.5\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No error.<\/td>\n<td>text\/uri-list<\/td>\n<td>License acquisition<br \/>\n\turl and token<\/td>\n<\/tr>\n<tr>\n<td>400 Bad Request<\/td>\n<td>Invalid args<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>401 Unauthorized<\/td>\n<td>Auth failed<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tThe response of the ExpressPlay REST API for PlayReady License Token Request is a JSON payload that contains two fields:<br \/>\n\t\u201clicenseAcquisitionUrl&#8221; and \u201ctoken&#8221;. Refer to the following link for more details:<\/p>\n<p>\t<a href=\"\/developer\/playready-apps\/\">https:\/\/expressplay.local\/developer\/playready-apps\/<\/a><\/p>\n<p>\tNote about kid: For example, if the hash of string is: 0123456789ABCDEF0123456789ABCDEF01234567, the truncated SHA1 hash is 0123456789ABCDEF0123456789ABCDEF (first 32 characters)<\/p>\n<p>\tNote: Depending on the value of the errorFormat parameter, the response will either be of<br \/>\n\tContent-Type text\/html or application\/json. In the case of text\/html, the message, formatted<br \/>\n\tas HTML will provide an error code and error message in human-readable format.Error codes will be negative integer values.<\/p>\n<p>\tNote about PlayReady license redemption: When redeeming the PlayReady license using the generated token, it\u2019s mandatory to specify the &#8216;content-type: text\/xml&#8217; HTTP header<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id32\" class=\"section\">\n<h2>9.6\u00a0\u00a0\u00a0Event Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2002<\/td>\n<td>Invalid token expiration time: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2003<\/td>\n<td>Invalid IP address<\/td>\n<\/tr>\n<tr>\n<td>-2005<\/td>\n<td>Invalid content encryption key: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2008<\/td>\n<td>Invalid output control flags specified: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2017<\/td>\n<td>Authentication token must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-2018<\/td>\n<td>Authentication token invalid: &lt;details&gt; Note: This can happen<br \/>\n\tif the authenticator is wrong or when accessing the test API<br \/>\n\tat *.test.expressplay.com using the production authenticator<br \/>\n\tand vice versa. IMPORTANT: The Test SDK and Advanced Test<br \/>\n\tTool (ATT) only work with *.test.expressplay.com, whereas<br \/>\n\tproduction devices must use *.service.expressplay.com.<\/td>\n<\/tr>\n<tr>\n<td>-2019<\/td>\n<td>Insufficient tokens available<\/td>\n<\/tr>\n<tr>\n<td>-2020<\/td>\n<td>Missing rights type<\/td>\n<\/tr>\n<tr>\n<td>-2021<\/td>\n<td>Invalid rights type<\/td>\n<\/tr>\n<tr>\n<td>-2022<\/td>\n<td>Missing rental period end time<\/td>\n<\/tr>\n<tr>\n<td>-2023<\/td>\n<td>Missing rental play duration<\/td>\n<\/tr>\n<tr>\n<td>-2025<\/td>\n<td>Invalid rental play duration<\/td>\n<\/tr>\n<tr>\n<td>-2027<\/td>\n<td>Content encryption key must be 32-hexadecimal digits long<\/td>\n<\/tr>\n<tr>\n<td>-2030<\/td>\n<td>ExpressPlay Admin error: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2031<\/td>\n<td>Service Account Disabled<\/td>\n<\/tr>\n<tr>\n<td>-2033<\/td>\n<td>Invalid cookie<\/td>\n<\/tr>\n<tr>\n<td>-2034<\/td>\n<td>Invalid Output Control, values out of specified range<\/td>\n<\/tr>\n<tr>\n<td>-2035<\/td>\n<td>No corresponding value specified<\/td>\n<\/tr>\n<tr>\n<td>-2036<\/td>\n<td>Extension type should be 4 characters<\/td>\n<\/tr>\n<tr>\n<td>-2037<\/td>\n<td>Extension payload should be Base64 encoded<\/td>\n<\/tr>\n<tr>\n<td>-2040<\/td>\n<td>OutputControlFlag must be encode 4 bytes<\/td>\n<\/tr>\n<tr>\n<td>-3004<\/td>\n<td>Invalid error format specified: &lt;format&gt;<\/td>\n<\/tr>\n<tr>\n<td>-4001<\/td>\n<td>Device could not be authenticated<\/td>\n<\/tr>\n<tr>\n<td>-4018<\/td>\n<td>Missing Kid<\/td>\n<\/tr>\n<tr>\n<td>-4019<\/td>\n<td>Failed to get content key from key storage service<\/td>\n<\/tr>\n<tr>\n<td>-4020<\/td>\n<td>Kid must be 32 hexadecimal characters long<\/td>\n<\/tr>\n<tr>\n<td>-4021<\/td>\n<td>Kid must be 64 characters long after the ^<\/td>\n<\/tr>\n<tr>\n<td>-4022<\/td>\n<td>Invalid kid<\/td>\n<\/tr>\n<tr>\n<td>-4024<\/td>\n<td>Invalid encrypted key or kek<\/td>\n<\/tr>\n<tr>\n<td>-5001<\/td>\n<td>Invalid unknown output type error<\/td>\n<\/tr>\n<tr>\n<td>-5002<\/td>\n<td>PlayReady option is disabled for this service<\/td>\n<\/tr>\n<tr>\n<td>-5003<\/td>\n<td>Invalid general flags<\/td>\n<\/tr>\n<tr>\n<td>-5004<\/td>\n<td>Device Id must be 32 hexadecimal characters long<\/td>\n<\/tr>\n<tr>\n<td>-5005<\/td>\n<td>Invalid device id<\/td>\n<\/tr>\n<tr>\n<td>-5006<\/td>\n<td>Missing OPL value<\/td>\n<\/tr>\n<tr>\n<td>-5007<\/td>\n<td>Only one of kek or contentKey can be specified<\/td>\n<\/tr>\n<tr>\n<td>-5008<\/td>\n<td>Invalid cookie length<\/td>\n<\/tr>\n<tr>\n<td>-5021<\/td>\n<td>Invalid automatic gain control and color stripe specified<\/td>\n<\/tr>\n<tr>\n<td>-5022<\/td>\n<td>Invalid analog video output protection value specified<\/td>\n<\/tr>\n<tr>\n<td>-5023<\/td>\n<td>Invalid compressed digital audio output protection value specified<\/td>\n<\/tr>\n<tr>\n<td>-5024<\/td>\n<td>Invalid compressed digital video output protection value specified<\/td>\n<\/tr>\n<tr>\n<td>-5025<\/td>\n<td>nvalid uncompressed digital audio output protection value specified<\/td>\n<\/tr>\n<tr>\n<td>-5026<\/td>\n<td>Invalid uncompressed digital video output protection value specified<\/td>\n<\/tr>\n<tr>\n<td>-5028<\/td>\n<td>Invalid hdcp type restriction value specified<\/td>\n<\/tr>\n<tr>\n<td>-5030<\/td>\n<td>Maximum resolution decode value can only be between 0 and 4294967295<\/td>\n<\/tr>\n<tr>\n<td>-5031<\/td>\n<td>Invalid algorithm Id specified<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 10 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"fairplay-license-token-request\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>10\u00a0\u00a0\u00a0FairPlay License Token Request<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Requests a token that can be redeemed by customer for a FairPlay license.<\/dd>\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/fp-gen.{prod_domain}\/hms\/fp\/token<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/fp-gen.test.expressplay.com\/hms\/fp\/token<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET, POST (with www-url-encoded body containing parameters for both the methods)<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"id33\" class=\"section\">\n<h2>10.1\u00a0\u00a0\u00a0Token Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production and test customerAuthenticator can be found in the ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>errorFormat<\/td>\n<td>Either &#8220;html&#8221; or &#8220;json&#8221;. If &#8220;html&#8221; (the default) an HTML representation of any errors is provided in the entity body of the response. If &#8220;json&#8221; is specified, a structured response in json format is returned. See <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for details.<br \/>\n\tThe mime type of the response will be as either &#8220;text\/uri-list&#8221; on success, &#8220;text\/html&#8221; for &#8220;html&#8221; error format, or &#8220;application\/json&#8221; for &#8220;json&#8221; error format.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>playbackDuration<\/td>\n<td>Specifies the maximum time the license stays valid after playback has been started. Measured from the first playback start time<\/p>\n<ul style=\"margin-top: 10px;\">\n<li>Requires the use of a persistent license<\/li>\n<li>A value of 0 indicates unlimited validity.<\/li>\n<\/ul>\n<p style=\"margin-top: 10px;\">The playbackDuration parameter is used in conjunction with the storageDuration parameter to implement a dual expiry window for persistent licenses.<\/p>\n<p style=\"margin-top: 10px;\">Playback must start before the duration specified in storageDuration parameter and is then valid for the period specified in the playbackDuration parameter.<\/p>\n<p style=\"margin-top: 10px;\">See the documentation of storageDuration parameter for further details<\/p>\n<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>storageDuration<\/td>\n<td>Specifies the maximum time the license stays valid (in seconds) before playback is started (Measured from license acquisition time)<\/p>\n<ul style=\"margin-top: 10px;\">\n<li>Requires the use of a persistent license<\/li>\n<li>A value of 0 indicates unlimited validity.<\/li>\n<li>The storageDuration and playbackDuration parameters must both be specified and are mutually exclusive with the rentalDuration parameter.<\/li>\n<\/ul>\n<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>hdcpOutputControl<br \/>\n        hdcpOutputControl.N\n    <\/td>\n<td>0 = HDCP not required<br \/>\n\t1 = HDCP Type 0 enforced<br \/>\n\t2 = HDCP Type 1 enforced<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id34\" class=\"section\">\n<h2>10.2\u00a0\u00a0\u00a0License Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"28%\" \/>\n<col width=\"44%\" \/>\n<col width=\"28%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>generalFlags<\/td>\n<td>A 4 byte hexadecimal string representing the license flags.<br \/>\n\tAllowed values are as follows:<br \/>\n\t&#8216;00000000&#8217; &#8211; (default value) no persistence<br \/>\n\t&#8216;00000001&#8217; &#8211; persistent license<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>kek<\/td>\n<td>Key Encryption Key. Keys are stored encrypted with a KEK using a key wrapping algorithm (AES Key Wrap RFC3394). If kek is supplied, either one of kid or ek needs to be supplied and not both.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">kid<\/p>\n<p class=\"last\">kid.N<\/p>\n<\/td>\n<td>\n<p>A 16 byte hexadecimal string representation of the content encryption key id or a string ^somestring&#8217;. The length of the string followed by the &#8216;^&#8217; cannot be greater than 128 characters.<\/p>\n<p>Now fairplay supported with multikey, If multiple key ids are supplied, the parameters are to be named, kid.0, kid.1, etc. Note that the numbering is 0-based (the first key id should be kid.0). These have to match the number of content keys.<\/p>\n<\/td>\n<td>No<\/td>\n<\/tr>\n<p>\t<!-- \n\n<tr>\n\t\n\n<td>kid.N<\/td>\n\n\n\t\n\n<td>Now fairplay supported with multikey, If multiple key ids are supplied, the parameters are to be named, kid.0, kid.1, etc. Note that the numbering is 0-based (the first key id should be kid.0). These have to match the number of content keys.<\/td>\n\n\n\t\n\n<td>Yes<\/td>\n\n\n\t<\/tr>\n\n --><\/p>\n<tr>\n<td>ek<\/td>\n<td>A hex string representation of the encrypted content key.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>contentKey<\/td>\n<td>A 16 byte hexadecimal string representation of the content encryption key<\/td>\n<td>Yes, unless kek, ek and kid are provided<\/td>\n<\/tr>\n<tr>\n<td>iv<\/td>\n<td>A 16 byte hexadecimal string representation of the content encryption IV<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>rentalDuration<\/td>\n<td>Duration of the rental in seconds (default &#8211; 0, indicating infinite duration)<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>useHttps<\/td>\n<td>If a value of &#8220;true&#8221; is passed, license service url will contain https in the response.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>geoBlockEnabled<\/td>\n<td>This parameter requires an SDK. When enabled (true), the license call will validate geoblocking details\u2014such as KID, country, and state\u2014based on the location URL and IP before generating the license. These details must be provided using geoblocking APIs.<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>allowRootedDevice<\/td>\n<td>This parameter requires an SDK. If allowRootedDevice is set to true, the license service response will include the header &#8216;X-Exp-Policy: {allow_root: true\/false}&#8217;.<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id35\" class=\"section\">\n<h2>10.3\u00a0\u00a0\u00a0Token Restriction Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"25%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>expirationTime<\/td>\n<td>Expiration time of this token. This value MUST<br \/>\n\ta string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time format in<br \/>\n\tthe &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;) or an<br \/>\n\tinteger preceded by a + sign.<br \/>\n\tAn example of an RFC 3339 date\/time is<br \/>\n\t2006-04-14T12:01:10Z.<br \/>\n\tIf the value is a string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a><br \/>\n\tdate\/time format, then it represents an absolute<br \/>\n\texpiration date\/time for the token.<br \/>\n\tIf the value is an integer preceded by a<br \/>\n\t+ sign, then it is interpreted as a relative<br \/>\n\tnumber of seconds, from issuance, that<br \/>\n\tthe token is valid. For example, +60 specifies<br \/>\n\tone minute. The maximum and default (if not<br \/>\n\tspecified) token lifetime is 30 days.<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>deviceId<\/td>\n<td>A 16 byte hexadecimal string to represent the<br \/>\n\tDevice id to which to bind token.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id36\" class=\"section\">\n<h2>10.4\u00a0\u00a0\u00a0Correlation Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>cookie<\/td>\n<td>Arbitrary string up to 32 characters long<br \/>\n\tcarried in the token and logged<br \/>\n\tby the token redemption server. Can be used to<br \/>\n\tcorrelate log entries at the redemption server<br \/>\n\tand those at the service provider&#8217;s servers.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id37\" class=\"section\">\n<h2>10.5\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No error.<\/td>\n<td>text\/uri-list<\/td>\n<td>License acquisition<br \/>\n\turl + token<\/td>\n<\/tr>\n<tr>\n<td>400 Bad Request<\/td>\n<td>Invalid args<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>401 Unauthorized<\/td>\n<td>Auth failed<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tThe response of the ExpressPlay REST API for FairPlay License Token Request is of type text\/uri-list containing the<br \/>\n\tlicense acquisition url + license token as a ExpressPlayToken query parameter.<\/p>\n<p>\tFor example:<\/p>\n<p>\thttps:\/\/fp-gen.{prod_domain}\/hms\/fp\/rights\/?ExpressPlayToken=AQAAAJJ2Y0MAAABQbyvnJ6KgEg_w-2yZmU-MsjTEZ3f7UkhUcFhDFAvdonzBkRGQU-xe1G-DMbel5-BVH_PozovdWhKZx0_SXRokfh9-FERmBl6OEfGfPqMI1eO1PqRkx59Q2q1s2cFNrqfml8Y3RQ<\/p>\n<p>\tNote: Depending on the value of the errorFormat parameter, the response will either be of<br \/>\n\tContent-Type text\/html or application\/json. In the case of text\/html, the message, formatted<br \/>\n\tas HTML will provide an error code and error message in human-readable format. Error codes will be negative integer values.<\/p>\n<p>\tNote about FairPlay license redemption: When redeeming the FairPlay license using the generated token, it\u2019s mandatory to specify &#8216;content-type: application\/octet-stream&#8217; or &#8216;content-type: application\/x-www-form-urlencoded&#8217; HTTP header.<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id38\" class=\"section\">\n<h2>10.6\u00a0\u00a0\u00a0Event Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2002<\/td>\n<td>Invalid token expiration time: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2003<\/td>\n<td>Invalid IP address<\/td>\n<\/tr>\n<tr>\n<td>-2005<\/td>\n<td>Invalid content encryption key: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2008<\/td>\n<td>Invalid output control flags specified: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2017<\/td>\n<td>Authentication token must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-2018<\/td>\n<td>Authentication token invalid: &lt;details&gt; Note: This can happen<br \/>\n\tif the authenticator is wrong or when accessing the test API<br \/>\n\tat *.test.expressplay.com using the production authenticator<br \/>\n\tand vice versa. IMPORTANT: The Test SDK and Advanced Test<br \/>\n\tTool (ATT) only work with *.test.expressplay.com, whereas<br \/>\n\tproduction devices must use *.service.expressplay.com.<\/td>\n<\/tr>\n<tr>\n<td>-2019<\/td>\n<td>Insufficient tokens available<\/td>\n<\/tr>\n<tr>\n<td>-2020<\/td>\n<td>Missing rights type<\/td>\n<\/tr>\n<tr>\n<td>-2021<\/td>\n<td>Invalid rights type<\/td>\n<\/tr>\n<tr>\n<td>-2022<\/td>\n<td>Missing rental period end time<\/td>\n<\/tr>\n<tr>\n<td>-2023<\/td>\n<td>Missing rental play duration<\/td>\n<\/tr>\n<tr>\n<td>-2025<\/td>\n<td>Invalid rental play duration<\/td>\n<\/tr>\n<tr>\n<td>-2027<\/td>\n<td>Content encryption key must be 32-hexadecimal digits long<\/td>\n<\/tr>\n<tr>\n<td>-2030<\/td>\n<td>ExpressPlay Admin error: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2031<\/td>\n<td>Service Account Disabled<\/td>\n<\/tr>\n<tr>\n<td>-2033<\/td>\n<td>Invalid cookie<\/td>\n<\/tr>\n<tr>\n<td>-2034<\/td>\n<td>Invalid Output Control, values out of specified range<\/td>\n<\/tr>\n<tr>\n<td>-2035<\/td>\n<td>No corresponding value specified<\/td>\n<\/tr>\n<tr>\n<td>-2036<\/td>\n<td>Extension type should be 4 characters<\/td>\n<\/tr>\n<tr>\n<td>-2037<\/td>\n<td>Extension payload should be Base64 encoded<\/td>\n<\/tr>\n<tr>\n<td>-2040<\/td>\n<td>OutputControlFlag must be encode 4 bytes<\/td>\n<\/tr>\n<tr>\n<td>-2053<\/td>\n<td>Invalid content type specified<\/td>\n<\/tr>\n<tr>\n<td>-3004<\/td>\n<td>Invalid error format specified: &lt;format&gt;<\/td>\n<\/tr>\n<tr>\n<td>-4001<\/td>\n<td>Device could not be authenticated<\/td>\n<\/tr>\n<tr>\n<td>-4010<\/td>\n<td>Invalid token<\/td>\n<\/tr>\n<tr>\n<td>-4018<\/td>\n<td>Missing Kid<\/td>\n<\/tr>\n<tr>\n<td>-4019<\/td>\n<td>Failed to get content key from key storage service<\/td>\n<\/tr>\n<tr>\n<td>-4020<\/td>\n<td>Kid must be 32 hexadecimal characters long<\/td>\n<\/tr>\n<tr>\n<td>-4021<\/td>\n<td>Kid must be 64 characters long after the ^<\/td>\n<\/tr>\n<tr>\n<td>-4022<\/td>\n<td>Invalid kid<\/td>\n<\/tr>\n<tr>\n<td>-4024<\/td>\n<td>Invalid encrypted key or kek<\/td>\n<\/tr>\n<tr>\n<td>-5003<\/td>\n<td>Invalid general flags<\/td>\n<\/tr>\n<p>\t<!--\n\t\n\n<tr>\n\t\n\n<td>-6001<\/td>\n\n\n\t\n\n<td>Invalid FPExtension parameters specified<\/td>\n\n\n\t<\/tr>\n\n\n\t--><\/p>\n<tr>\n<td>-6002<\/td>\n<td>Invalid FP Token Type<\/td>\n<\/tr>\n<tr>\n<td>-6003<\/td>\n<td>Invalid IV parameter specified<\/td>\n<\/tr>\n<tr>\n<td>-6004<\/td>\n<td>Failed to generate CKC for FP<\/td>\n<\/tr>\n<tr>\n<td>-6005<\/td>\n<td>Invalid key data specified<\/td>\n<\/tr>\n<tr>\n<td>-6006<\/td>\n<td>Service not authorized for FairPlay support<\/td>\n<\/tr>\n<tr>\n<td>-6007<\/td>\n<td>Invalid rental duration specified<\/td>\n<\/tr>\n<tr>\n<td>-6009<\/td>\n<td>FairPlay option disabled<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id38\" class=\"section\">\n<h2>10.7\u00a0\u00a0\u00a0License Acquisition Parameter<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col wwidth=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>getDeviceId<\/td>\n<td>To retrieve the device id of the Client which is requesting for license. Default value is false. Device id will be returned in license response header<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 11 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"widevine-license-token-request\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>11\u00a0\u00a0\u00a0Widevine License Token Request<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Requests a token that can be redeemed by customer for a Widevine license.<\/dd>\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>Production:<\/dt>\n<dd>https:\/\/wv-gen.{prod_domain}\/hms\/wv\/token<\/dd>\n<dt>Test:<\/dt>\n<dd>https:\/\/wv-gen.test.expressplay.com\/hms\/wv\/token<\/dd>\n<\/dl>\n<\/dd>\n<dt>Method<\/dt>\n<dd>GET, POST (with www-url-encoded body containing parameters for both the methods)<\/dd>\n<\/dl>\n<p>\t&nbsp;<\/p>\n<div id=\"id39\" class=\"section\">\n<h2>11.1\u00a0\u00a0\u00a0Token Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for each customer. Both the production<br \/>\n\tand test customerAuthenticator can be found in<br \/>\n\tthe ExpressPlay Admin dashboard.<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>errorFormat<\/td>\n<td>Either &#8220;html&#8221; or &#8220;json&#8221;. If &#8220;html&#8221; (the default)<br \/>\n\tan HTML representation of any errors is provided<br \/>\n\tin the entity body of the response. If &#8220;json&#8221; is<br \/>\n\tspecified, a structured response in json format<br \/>\n\tis returned. See <a class=\"reference internal\" href=\"#json-errors\">JSON Errors<\/a> for details.<br \/>\n\tThe mime type of the response will be as either<br \/>\n\t&#8220;text\/uri-list&#8221; on success, &#8220;text\/html&#8221; for<br \/>\n\t&#8220;html&#8221; error format, or &#8220;application\/json&#8221; for<br \/>\n\t&#8220;json&#8221; error format.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id40\" class=\"section\">\n<h2>11.2\u00a0\u00a0\u00a0License Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"28%\" \/>\n<col width=\"44%\" \/>\n<col width=\"28%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>generalFlags<\/td>\n<td>A 4 byte hexadecimal string representing the license flags.<br \/>\n\tAllowed values are as follows:<br \/>\n\t&#8216;00000000&#8217; &#8211; (default value) no persistence<br \/>\n\t&#8216;00000001&#8217; &#8211; persistent license<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>kek<\/td>\n<td>Key Encryption Key. Keys are stored encrypted with a KEK using a key wrapping algorithm (AES Key Wrap, RFC3394).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">kid<\/p>\n<p class=\"last\">kid.N<\/p>\n<\/td>\n<td>A 16 byte hexadecimal string representation of the content encryption key id or a string &#8216;^somestring&#8217;. The length of the string followed by the &#8216;^&#8217; cannot be greater than 128 characters. Any number of these can be provided. If a single kid is supplied, the parameter kid can be used. If multiple key ids are supplied, the parameters are to be named, kid.0, kid.1, etc. Note that the numbering is 0-based (the first key id should be kid.0).<br \/>\n\tThese have to match the number of content keys<br \/>\n\tIf kid is passed as a &#8216;^somestring&#8217;, kid is simply computed as the truncated SHA1 hash of the string.<\/td>\n<td>\n<p>Yes<\/p>\n<p>Note: Non-mandatory for LICENSE PROXY<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">ek<\/p>\n<p class=\"last\">ek.N<\/p>\n<\/td>\n<td>A hex string representation of the encrypted<br \/>\n\tcontent key associated with the corresponding<br \/>\n\tkey id. Any number of these can be<br \/>\n\tbut a matching number of kid parameters<br \/>\n\tmust be provided. If a single encrypted<br \/>\n\tcontent key is supplied, the parameter ek can<br \/>\n\tbe used. If multiple keys are supplied, the<br \/>\n\tparameters should be named ek.0,<br \/>\n\tek.1, etc. to match the corresponding<br \/>\n\tkid.N parameters. Note that numbering is<br \/>\n\t0-based (the first encrypted content key<br \/>\n\tshould be ek.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">contentKey<\/p>\n<p class=\"last\">contentKey.N<\/p>\n<\/td>\n<td>A 16 byte hexadecimal string representation of<br \/>\n\tthe content encryption key. Any number<br \/>\n\tof these can be provided, but a<br \/>\n\tmatching number of kid parameters<br \/>\n\tmust be provided. If a single contentKey<br \/>\n\tis supplied, the parameter contentKey can be<br \/>\n\tused. If multiple keys are supplied, the<br \/>\n\tparameters should be named contentKey.0,<br \/>\n\tcontentKey.1, etc. to match the corresponding<br \/>\n\tkid.N parameters. Note that numbering is<br \/>\n\t0-based (the first content key<br \/>\n\tshould be contentKey.0).<\/td>\n<td>Yes, unless kek, ek and kid are<br \/>\n\tprovided.<\/td>\n<\/tr>\n<tr>\n<td>contentId<\/td>\n<td>Content Id. Max length is 36 characters.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">trackType<\/p>\n<p class=\"last\">trackType.N<\/p>\n<\/td>\n<td>Allowed values are 0-4. (Default = 1)<br \/>\n\t0 = SD, 1 = HD, 2 = AUDIO, 3 = UHD1, 4 = UHD2<br \/>\n\tAny number of these can be<br \/>\n\tprovided, but a matching number of kid parameters<br \/>\n\tmust be provided. If a single trackType<br \/>\n\tis supplied, the parameter trackType can be<br \/>\n\tused. If multiple keys are supplied, the<br \/>\n\tparameters should be named trackType.0,<br \/>\n\ttrackType.1, etc. to match the corresponding<br \/>\n\tkid.N parameters. Note that numbering is<br \/>\n\t0-based (the first track type<br \/>\n\tshould be trackType.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">securityLevel<\/p>\n<p class=\"last\">securityLevel.N<\/p>\n<\/td>\n<td>Allowed values are 1-5. (Default = 1)<br \/>\n\t1 = SW_SECURE_CRYPTO, 2 = SW_SECURE_DECODE<br \/>\n\t3 = HW_SECURE_CRYPTO, 4 = HW_SECURE_DECODE<br \/>\n\t5 = HW_SECURE_ALL<br \/>\n\tAny number of these can be<br \/>\n\tprovided, but a matching number of kid parameters<br \/>\n\tmust be provided. If a single securityLevel<br \/>\n\tis supplied, the parameter securityLevel can be<br \/>\n\tused. If multiple keys are supplied, the<br \/>\n\tparameters should be named securityLevel.0,<br \/>\n\tsecurityLevel.1, etc. to match the corresponding<br \/>\n\tkid.N parameters. Note that numbering is<br \/>\n\t0-based (the first security level<br \/>\n\tshould be securityLevel.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">hdcpOutputControl<\/p>\n<p class=\"last\">hdcpOutputControl.N<\/p>\n<\/td>\n<td>Allowed values are 0-5. (Default = 0)<br \/>\n\t0 = HDCP_NONE, 1 = HDCP_V1, 2 = HDCP_V2<br \/>\n\t3 = HDCP_V2_1, 4 = HDCP_V2_2<br \/>\n\t5 = HDCP_NO_DIGITAL_OUTPUT<br \/>\n\tAny number of these can be<br \/>\n\tprovided, but a matching number of kid parameters<br \/>\n\tmust be provided. If a single hdcpOutputControl<br \/>\n\tis supplied, the parameter hdcpOutputControl can<br \/>\n\tbe used. If multiple keys are supplied, the<br \/>\n\tparameters should be named hdcpOutputControl.0,<br \/>\n\thdcpOutputControl.1, etc. to match the<br \/>\n\tcorresponding kid.N parameters. Note that<br \/>\n\tnumbering 0-based (the first hdcpOutputControl<br \/>\n\tshould be hdcpOutputControl.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">cgmsFlagsOutputControl<\/p>\n<p class=\"last\">cgmsFlagsOutputControl.N<\/p>\n<\/td>\n<td>Allowed values are 0, 1, 2, 3. (Default = 0)<br \/>\n\t0 = CGMS_NONE, 1 = CGMS_FREE, 2 = CGMS_ONCE,<br \/>\n\t3 = CGMS_NEVER<br \/>\n\tAny number of these can be<br \/>\n\tprovided, but a matching number of kid parameters<br \/>\n\tmust be provided. If a single<br \/>\n\tcgmsFlagsOutputControl is supplied,<br \/>\n\tthe parameter cgmsFlagsOutputControl can<br \/>\n\tbe used. If multiple keys are supplied, the<br \/>\n\tparameters should be named<br \/>\n\tcgmsFlagsOutputControl.0,<br \/>\n\tcgmsFlagsOutputControl.1, etc. to match the<br \/>\n\tcorresponding kid.N parameters. Note that<br \/>\n\tnumbering 0-based (the first<br \/>\n\tcgmsFlagsOutputControl should be<br \/>\n\tcgmsFlagsOutputControl.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">disableAnalogOutput<\/p>\n<p class=\"last\">disableAnalogOutput.N<\/p>\n<\/td>\n<td>Allowed values are 0, 1. (Default = 0)<br \/>\n\tIndicates whether analog output is allowed.<br \/>\n\t0 = DISABLE_ANALOG_OUTPUT_FALSE,<br \/>\n\t1 = DISABLE_ANALOG_OUTPUT_TRUE<br \/>\n\tAny number of these can be<br \/>\n\tprovided, but a matching number of kid parameters<br \/>\n\tmust be provided. If a single<br \/>\n\tdisableAnalogOutput is supplied,<br \/>\n\tthe parameter disableAnalogOutput can<br \/>\n\tbe used. If multiple keys are supplied, the<br \/>\n\tparameters should be named<br \/>\n\tdisableAnalogOutput.0,<br \/>\n\tdisableAnalogOutput.1, etc. to match the<br \/>\n\tcorresponding kid.N parameters. Note that<br \/>\n\tnumbering 0-based (the first<br \/>\n\tdisableAnalogOutput should be<br \/>\n\tdisableAnalogOutput.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>\n<p class=\"first\">hdcpSrmRule<\/p>\n<p class=\"last\">hdcpSrmRule.N<\/p>\n<\/td>\n<td>Allowed values are 0, 1. (Default = 0)<br \/>\n\tUse CURRENT_SRM to not allow this key if the<br \/>\n\tdevice has an older SRM and cannot support<br \/>\n\tSRM updates.<br \/>\n\t0 = HDCP_SRM_RULE_NONE,<br \/>\n\t1 = CURRENT_SRM<br \/>\n\tAny number of these can be<br \/>\n\tprovided, but a matching number of kid parameters<br \/>\n\tmust be provided. If a single<br \/>\n\thdcpSrmRule is supplied,<br \/>\n\tthe parameter hdcpSrmRule can<br \/>\n\tbe used. If multiple keys are supplied, the<br \/>\n\tparameters should be named<br \/>\n\thdcpSrmRule.0,<br \/>\n\thdcpSrmRule.1, etc. to match the<br \/>\n\tcorresponding kid.N parameters. Note that<br \/>\n\tnumbering 0-based (the first<br \/>\n\thdcpSrmRule should be<br \/>\n\thdcpSrmRule.0).<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>licenseDuration<\/td>\n<td>Duration of the license in seconds.<br \/>\n\tIf not provided, it indicates that there is no<br \/>\n\tlimit to the duration. Please check note below<br \/>\n\tfor detailed information.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>playbackDuration<\/td>\n<td>The viewing window of time once playback<br \/>\n\tstarts within the license duration.<br \/>\n\tIf not provided, it indicates that there is no<br \/>\n\tlimit to the duration.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>allowUnverifiedPlatform<\/td>\n<td>A license request will fail if the browser does not have a verified Video Media Path (VMP); specific platforms such as Linux Desktop do not have a verified VMP. Set this field to &#8216;true&#8217; to allow a license request to succeed when VMP status is unverified. The default value is currently True; however, this may change in the future (Please see note below)<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>securityLevelCheck<\/td>\n<td>Enable this param to restrict the license redemption if the security level of the device doesn\u2019t match for the provided kid<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>securityLevel.N<\/td>\n<td>securityLevel associated with corresponding contentID\/KID i.e 1,2,3,4,5. It will compare device security level with request security level<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>sessionManagementEnabled<\/td>\n<td>This parameter allows tying Widevine&#8217;s canRenew feature to an active session. If this parameter is true and the user wants to renew the session, the TTL value is retrieved from the database using userId and sessionId from the request header. If the TTL value is 0, the license cannot be renewed<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>canRenew<\/td>\n<td>This parameter Indicates that renewal of this license is allowed. If true, the duration of the license can be extended<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>wvServiceUrl<\/td>\n<td>This field is only used if canRenew is true and url is LA url.<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>renewalDelaySeconds<\/td>\n<td>This field is only used if canRenew is true. How many seconds after license_start_time, before renewal is first attempted.<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>renewalRetryIntervalSeconds<\/td>\n<td>This field is only used if canRenew is true.Specifies the delay in seconds between subsequent license renewal requests, in case of failure<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>renewalRecoveryDurationSeconds<\/td>\n<td>This field is only used if canRenew is true.The window of time, in which playback is allowed to continue while renewal is attempted, yet unsuccessful due to backend problems with the license server. A value of 0 indicates unlimited<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>geoBlockEnabled<\/td>\n<td>This parameter requires an SDK. When enabled (true), the license call will validate geoblocking details\u2014such as KID, country, and state\u2014based on the location URL and IP before generating the license. These details must be provided using geoblocking APIs.<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>allowRootedDevice<\/td>\n<td>This parameter requires an SDK. If allowRootedDevice is set to true, the license service response will include the header &#8216;X-Exp-Policy: {allow_root: true\/false}&#8217;.<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tNote about licenseDuration:<\/p>\n<ol class=\"mb-2\">\n<li>Playback will stop licenseDuration seconds after beginning of playback.<\/li>\n<li>To allow playback to be stopped\/resumed for an unlimited amount of time, omit licenseDuration (it will default to infinite). Otherwise specify the amount of time during which end-users should be able to enjoy the stream<\/li>\n<\/ol>\n<div class=\"mb-2\"><strong>Note about VMP<\/strong>: Verified Media Path (VMP) &#8211; The Verified Media Path (VMP) feature is implemented for desktop browser platforms. It<br \/>\n\tdescribes Widevine&#8217;s method to authenticate the browser software stack that is interfacing with the Widevine CDM.<\/div>\n<div>Google is currently allowing systems with an unverified Video Media Path (VMP) to play content but has stated this will not be the case in the future and the allowUnverifiedPlatform will default to False. Note that specific platforms such as Linux Desktop do not have a VMP and will not play back content in the future.<\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id41\" class=\"section\">\n<h2>11.3\u00a0\u00a0\u00a0Token Restriction Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"25%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>expirationTime<\/td>\n<td>Expiration time of this token. This value MUST<br \/>\n\ta string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a> date\/time format in<br \/>\n\tthe &#8216;Z&#8217; zone designator (&#8220;Zulu time&#8221;) or an<br \/>\n\tinteger preceded by a + sign.<br \/>\n\tAn example of an RFC 3339 date\/time is<br \/>\n\t2006-04-14T12:01:10Z.<br \/>\n\tIf the value is a string in <a class=\"reference external\" href=\"http:\/\/www.ietf.org\/rfc\/rfc3339.txt\" rel=\"nofollow noopener\" target=\"_blank\">RFC 3339<\/a><br \/>\n\tdate\/time format, then it represents an absolute<br \/>\n\texpiration date\/time for the token.<br \/>\n\tIf the value is an integer preceded by a<br \/>\n\t+ sign, then it is interpreted as a relative<br \/>\n\tnumber of seconds, from issuance, that<br \/>\n\tthe token is valid. For example, +60 specifies<br \/>\n\tone minute. The maximum and default (if not<br \/>\n\tspecified) token lifetime is 30 days.<br \/>\n\tUse the encoded form &#8220;%2B&#8221; when specifying<br \/>\n\tthe + sign.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>deviceId<\/td>\n<td>A 16 byte hexadecimal string to represent the<br \/>\n\tDevice id to which to bind token.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id42\" class=\"section\">\n<h2>11.4\u00a0\u00a0\u00a0Correlation Parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>cookie<\/td>\n<td>Arbitrary string up to 32 characters long<br \/>\n\tcarried in the token and logged<br \/>\n\tby the token redemption server. Can be used to<br \/>\n\tcorrelate log entries at the redemption server<br \/>\n\tand those at the service provider&#8217;s servers.<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id43\" class=\"section\">\n<h2>11.5\u00a0\u00a0\u00a0HTTP Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>No error.<\/td>\n<td>text\/uri-list<\/td>\n<td>License acquisition<br \/>\n\turl + token<\/td>\n<\/tr>\n<tr>\n<td>400 Bad Request<\/td>\n<td>Invalid args<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>401 Unauthorized<\/td>\n<td>Auth failed<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>404 Not found<\/td>\n<td>Bad URL<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<tr>\n<td>50x Server Error<\/td>\n<td>Server error<\/td>\n<td>text\/html or application\/json<\/td>\n<td>Error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\tThe response of the ExpressPlay REST API for Widevine License Token Request is of type text\/uri-list containing the<br \/>\n\tlicense acquisition url + license token as a ExpressPlayToken query parameter.<\/p>\n<p>\tFor example:<\/p>\n<p>\thttps:\/\/wv-gen.{prod_domain}\/hms\/wv\/rights\/?ExpressPlayToken=AQAAAJJ2Y0MAAABQbyvnJ6KgEg_w-2yZmU-MsjTEZ3f7UkhUcFhDFAvdonzBkRGQU-xe1G-DMbel5-BVH_PozovdWhKZx0_SXRokfh9-FERmBl6OEfGfPqMI1eO1PqRkx59Q2q1s2cFNrqfml8Y3RQ<\/p>\n<p>\tNote: Depending on the value of the errorFormat parameter, the response will either be of<br \/>\n\tContent-Type text\/html or application\/json. In the case of text\/html, the message, formatted<br \/>\n\tas HTML will provide an error code and error message in human-readable format. Error codes will be negative integer values.<\/p>\n<p>\tNote about Widevine license redemption: When redeeming the Widevine license using the generated token, it\u2019s mandatory to specify &#8216;content-type: application\/octet-stream&#8217; or &#8216;content-type: application\/x-www-form-urlencoded&#8217; HTTP header<\/p><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id44\" class=\"section\">\n<h2>11.6\u00a0\u00a0\u00a0Event Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2002<\/td>\n<td>Invalid token expiration time: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2003<\/td>\n<td>Invalid IP address<\/td>\n<\/tr>\n<tr>\n<td>-2005<\/td>\n<td>Invalid content encryption key: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2008<\/td>\n<td>Invalid output control flags specified: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2017<\/td>\n<td>Authentication token must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-2018<\/td>\n<td>Authentication token invalid: &lt;details&gt; Note: This can happen<br \/>\n\tif the authenticator is wrong or when accessing the test API<br \/>\n\tat *.test.expressplay.com using the production authenticator<br \/>\n\tand vice versa. IMPORTANT: The Test SDK and Advanced Test<br \/>\n\tTool (ATT) only work with *.test.expressplay.com, whereas<br \/>\n\tproduction devices must use *.service.expressplay.com.<\/td>\n<\/tr>\n<tr>\n<td>-2019<\/td>\n<td>Insufficient tokens available<\/td>\n<\/tr>\n<tr>\n<td>-2022<\/td>\n<td>Missing rental period end time<\/td>\n<\/tr>\n<tr>\n<td>-2023<\/td>\n<td>Missing rental play duration<\/td>\n<\/tr>\n<tr>\n<td>-2025<\/td>\n<td>Invalid rental play duration<\/td>\n<\/tr>\n<tr>\n<td>-2027<\/td>\n<td>Content encryption key must be 32-hexadecimal digits long<\/td>\n<\/tr>\n<tr>\n<td>-2030<\/td>\n<td>ExpressPlay Admin error: &lt;details&gt;<\/td>\n<\/tr>\n<tr>\n<td>-2031<\/td>\n<td>Service Account Disabled<\/td>\n<\/tr>\n<tr>\n<td>-2033<\/td>\n<td>Invalid cookie<\/td>\n<\/tr>\n<tr>\n<td>-2034<\/td>\n<td>Invalid Output Control, values out of specified range<\/td>\n<\/tr>\n<tr>\n<td>-2035<\/td>\n<td>No corresponding value specified<\/td>\n<\/tr>\n<tr>\n<td>-2036<\/td>\n<td>Extension type should be 4 characters<\/td>\n<\/tr>\n<tr>\n<td>-2037<\/td>\n<td>Extension payload should be Base64 encoded<\/td>\n<\/tr>\n<tr>\n<td>-2040<\/td>\n<td>OutputControlFlag must be encode 4 bytes<\/td>\n<\/tr>\n<tr>\n<td>-3004<\/td>\n<td>Invalid error format specified: &lt;format&gt;<\/td>\n<\/tr>\n<tr>\n<td>-4001<\/td>\n<td>Device could not be authenticated<\/td>\n<\/tr>\n<tr>\n<td>-4010<\/td>\n<td>Invalid token<\/td>\n<\/tr>\n<tr>\n<td>-4018<\/td>\n<td>Missing Kid<\/td>\n<\/tr>\n<tr>\n<td>-4019<\/td>\n<td>Failed to get content key from key storage service<\/td>\n<\/tr>\n<tr>\n<td>-4020<\/td>\n<td>Kid must be 32 hexadecimal characters long<\/td>\n<\/tr>\n<tr>\n<td>-4021<\/td>\n<td>Kid must be 64 characters long after the ^<\/td>\n<\/tr>\n<tr>\n<td>-4022<\/td>\n<td>Invalid kid<\/td>\n<\/tr>\n<tr>\n<td>-4024<\/td>\n<td>Invalid encrypted key or kek<\/td>\n<\/tr>\n<tr>\n<td>-5003<\/td>\n<td>Invalid general flags<\/td>\n<\/tr>\n<tr>\n<td>-6005<\/td>\n<td>Invalid key data specified<\/td>\n<\/tr>\n<tr>\n<td>-6007<\/td>\n<td>Invalid rental duration specified<\/td>\n<\/tr>\n<tr>\n<td>-7003<\/td>\n<td>Missing security level value<\/td>\n<\/tr>\n<tr>\n<td>-7004<\/td>\n<td>Invalid security level value<\/td>\n<\/tr>\n<tr>\n<td>-7006<\/td>\n<td>Missing HDCP output control value<\/td>\n<\/tr>\n<tr>\n<td>-7007<\/td>\n<td>Invalid license duration specified<\/td>\n<\/tr>\n<tr>\n<td>-7008xxx<\/td>\n<td>Failed to generate Widevine license. xxx is the Widevine error code if available.<\/td>\n<\/tr>\n<p>\t<!--\n\t\n\n<tr>\n\t\n\n<td>-7009<\/td>\n\n\n\t\n\n<td>Invalid WVExtension parameters specified<\/td>\n\n\n\t<\/tr>\n\n\n\t--><\/p>\n<tr>\n<td>-7011<\/td>\n<td>Widevine option disabled<\/td>\n<\/tr>\n<tr>\n<td>-7012<\/td>\n<td>Widevine device id mismatch<\/td>\n<\/tr>\n<tr>\n<td>-7013<\/td>\n<td>Invalid playback duration specified<\/td>\n<\/tr>\n<tr>\n<td>-7014<\/td>\n<td>Invalid CGMS flags output control specified<\/td>\n<\/tr>\n<tr>\n<td>-7015<\/td>\n<td>Mismatch in number of kids and content keys specified<\/td>\n<\/tr>\n<tr>\n<td>-7018<\/td>\n<td>Mismatch in number of track types specified<\/td>\n<\/tr>\n<tr>\n<td>-7019<\/td>\n<td>Invalid track type specified<\/td>\n<\/tr>\n<tr>\n<td>-7020<\/td>\n<td>Mismatch in number of security levels specified<\/td>\n<\/tr>\n<tr>\n<td>-7021<\/td>\n<td>Invalid track type specified<\/td>\n<\/tr>\n<tr>\n<td>-7022<\/td>\n<td>Mismatch in number of cgms flags output control specified<\/td>\n<\/tr>\n<tr>\n<td>-7023<\/td>\n<td>Invalid content id length specified<\/td>\n<\/tr>\n<tr>\n<td>-7024<\/td>\n<td>Mismatch in number of content key specified<\/td>\n<\/tr>\n<tr>\n<td>-7025<\/td>\n<td>Invalid disable analog output specified<\/td>\n<\/tr>\n<tr>\n<td>-7026<\/td>\n<td>Invalid hdcp srm rule specified<\/td>\n<\/tr>\n<tr>\n<td>-7027<\/td>\n<td>Mismatch in number of disable analog outputs specified<\/td>\n<\/tr>\n<tr>\n<td>-7028<\/td>\n<td>Mismatch in number of hdcp srm rules specified<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t&nbsp;<\/p>\n<div id=\"id44\" class=\"section\">\n<h2>11.7\u00a0\u00a0\u00a0License Acquisition Parameter<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameter<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>getDeviceId<\/td>\n<td>To retrieve the device id of the Client which is requesting for license. Default value is false. Device id will be returned in license response header<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<p>\t<!-- SECTION 12 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"license-proxy\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>12\u00a0\u00a0\u00a0LICENSE PROXY<\/h2>\n<div style=\"margin-bottom: 10px;\">License proxy model is used instead of the legacy token model which avoid the phase of generating the token in prior and then passing it to player where it requests for license fetch. This model also avoid the issue of using the expired tokens.<\/div>\n<div style=\"margin-bottom: 10px;\">As described above, there will be no need to generate the token prior, instead param &#8216;generateLicense=true&#8217; should be used in token request param with the license proxy end point, which can directly used for license fetch from the player.<\/div>\n<div>Below is sample request url for license proxy model<\/div>\n<p>\t<a class=\"anchor-offset\" name=\"13.1\"><\/a><\/p>\n<div id=\"12.1\" class=\"section\">\n<h2>12.1\u00a0\u00a0\u00a0Widevine Proxy<\/h2>\n<dl class=\"docutils\">\n<dt>URLs Production<\/dt>\n<dd><a href=\"https:\/\/wv-gen-license.service.expressplay.com\/hms\/wv\/token\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/wv-gen-license.service.expressplay.com\/hms\/wv\/token<\/a><\/dd>\n<\/dl>\n<dl class=\"docutils\">\n<dt>Method<\/dt>\n<dd>POST<\/dd>\n<\/dl>\n<h2>License parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameters<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Type<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>generateLicense<\/td>\n<td>\n\t\tAlong with all other token request parameters, add generateLicense=true for the license proxy.<\/p>\n<p>\t\tThis to be used for license proxy model.<\/td>\n<td>Boolean<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>disableKidCheck<\/td>\n<td>Required to be set when the KID in the Widevine PSSH data doesn\u2019t need to be compared against kid in the license request payload.<\/td>\n<td>Boolean<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>getDeviceId<\/td>\n<td>To retrieve the device id of the Client which is requesting for license. Default value is false. Device id will be returned in license response header<\/td>\n<td>Boolean<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>mediaTrackType.N<\/td>\n<td>We can use this parameter to apply security rules. Only KEK and mediaTrackType.N \/mediaTrackType combination will work.Instead of KID we can use this parameter<br \/>\n\t\tPlease refer more details for this doc <a class=\"link-to-page\" href=\"\/developer\/dynamic-license-constraints-for-cpix-based-workflows\/\">Dynamic License constraints for CPIX-Based Workflows<\/a><\/td>\n<td>String<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#12.1 --><\/p>\n<p>\t<a class=\"anchor-offset\" name=\"13.2\"><\/a><\/p>\n<div id=\"12.2\" class=\"section\">\n<h2>12.2\u00a0\u00a0\u00a0Fairplay Proxy<\/h2>\n<dl class=\"docutils\">\n<dt>URLs Production<\/dt>\n<dd><a href=\"https:\/\/fp-gen-license.service.expressplay.com\/hms\/fp\/token\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/fp-gen-license.service.expressplay.com\/hms\/fp\/token<\/a><\/dd>\n<\/dl>\n<dl class=\"docutils\">\n<dt>Method<\/dt>\n<dd>POST<\/dd>\n<\/dl>\n<h2>License parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameters<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Type<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>generateLicense<\/td>\n<td>Along with all other token request parameters, add generateLicense=true for the license proxy.<br \/>\n\t\tThis to be used for license proxy model.<\/td>\n<td>Boolean<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>getDeviceId<\/td>\n<td>To retrieve the device id of the Client which is requesting for license. Default value is false. Device id will be returned in license response header.<\/td>\n<td>Boolean<\/td>\n<td>Optional<\/td>\n<\/tr>\n<tr>\n<td>mediaTrackType.N<\/td>\n<td>We can use this parameter to apply security rules. Only KEK and mediaTrackType.N \/mediaTrackType combination will work.Instead of KID we can use this parameter<br \/>\n        Please refer more details for this doc <a class=\"link-to-page\" href=\"\/developer\/dynamic-license-constraints-for-cpix-based-workflows\/\">Dynamic License constraints for CPIX-Based Workflows<\/a> <\/td>\n<td>String<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#12.2 --><\/p>\n<p>\t<a class=\"anchor-offset\" name=\"13.3\"><\/a><\/p>\n<div id=\"12.3\" class=\"section\">\n<h2>12.3\u00a0\u00a0\u00a0PlayReady Proxy<\/h2>\n<dl class=\"docutils\">\n<dt>URLs Production<\/dt>\n<dd><a href=\"https:\/\/pr-gen-license.service.expressplay.com\/hms\/pr\/token\" rel=\"nofollow noopener\" target=\"_blank\">https:\/\/pr-gen-license.service.expressplay.com\/hms\/pr\/token<\/a><\/dd>\n<\/dl>\n<dl class=\"docutils\">\n<dt>Method<\/dt>\n<dd>POST<\/dd>\n<\/dl>\n<h2>License parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Query Parameters<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Type<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>generateLicense<\/td>\n<td>Along with all other token request parameters, add generateLicense=true for the license proxy.<br \/>\n\t\tThis to be used for license proxy model.<\/td>\n<td>Boolean<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>mediaTrackType.N<\/td>\n<td>We can use this parameter to apply security rules. Only KEK and mediaTrackType.N \/mediaTrackType combination will work.Instead of KID we can use this parameter<br \/>\n        Please refer more details for this doc <a class=\"link-to-page\" href=\"\/developer\/dynamic-license-constraints-for-cpix-based-workflows\/\">Dynamic License constraints for CPIX-Based Workflows<\/a> <\/td>\n<td>String<\/td>\n<td>Optional<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#12.3 --><\/p><\/div>\n<p>\t<!-- \/#license-proxy --><\/p>\n<p>\t<!-- ----------- --><\/p>\n<p>\t<!-- SECTION 13 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"manifest-generation\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>13\u00a0\u00a0\u00a0A\/B Manifest Generation<\/h2>\n<dl class=\"docutils\">\n<dt>Purpose<\/dt>\n<dd>Generate a content manifest with a watermark derived from manifests of A\/B rendering of the content (See <a href=\"\/developer\/watermarking\/\">ExpressPlay watermarking SDK<\/a> for details)<\/dd>\n<\/dl>\n<dl class=\"docutils\">\n<dt>URLs<\/dt>\n<dd>\n<dl class=\"first last docutils\">\n<dt>HLS<\/dt>\n<dd>https:\/\/wm.service.expressplay.com\/wm\/manifest\/hlsca<\/dd>\n<dt>DASH<\/dt>\n<dd>https:\/\/wm.service.expressplay.com\/wm\/manifest\/dashca<\/dd>\n<\/dl>\n<\/dd>\n<\/dl>\n<dl class=\"docutils\">\n<dt>Method<\/dt>\n<dd>POST<\/dd>\n<\/dl>\n<p>\t<a class=\"anchor-offset\" name=\"13.1\"><\/a><\/p>\n<div id=\"13.1\" class=\"section\">\n<h2>13.1\u00a0\u00a0\u00a0Query parameters<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Property<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>customerAuthenticator<\/td>\n<td>API key for production environment<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>pacePayloadSize<\/td>\n<td>Has to match the payload size specified during pace file generation. Value has to equal 8, 16, 24, or 32<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>tryCache<\/td>\n<td>Value can be either true or false, if not specified assumed to be false.<\/p>\n<p>\tIf value is true then the MD5 hash values will be used to retrieve the A &amp; B manifest from the ExpressPlay service cache.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>forceCache<\/td>\n<td>Value can be either true or false, if not specified assumed to be false.<\/p>\n<p>\tIf value is true then the A &amp; B manifests will be cached by the ExpressPlay service cache and can be referenced by their MD5 hash values in subsequent calls.<\/td>\n<td>No<\/td>\n<\/tr>\n<tr>\n<td>decisionList<\/td>\n<td>Value can be either true or false, if not specified assumed to be false.<\/p>\n<p>\tIf value is true then an array containing a sequence of 0 an 1 item is returned.:<\/p>\n<ul>\n<li><!-- - -->A value of 0 indicates a segment from manifest A is selected<\/li>\n<li><!-- - -->A value of 1 indicates a segment from manifest B is selected<\/li>\n<\/ul>\n<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#13.1 --><\/p>\n<p>\t<a class=\"anchor-offset\" name=\"13.2\"><\/a><\/p>\n<div id=\"13.2\" class=\"section\">\n<h2>13.2\u00a0\u00a0\u00a0Request body<\/h2>\n<p>\tJSON encoded object with the following properties:<\/p>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"61%\" \/>\n<col width=\"13%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Property<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Required?<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>manifests<\/td>\n<td>Array of JSON objects with the following properties:<\/p>\n<p>\tmanifestA: Base64 encoding of HLS manifest A [required]<\/p>\n<p>\tmanifestB: Base64 encoding of HLS manifest B [required]<\/p>\n<p>\tmanifestA_hash: MD5 hash of the UTF-8 manifest A<br \/>\n\t[required]<\/p>\n<p>\tmanifestB_hash: MD5 hash of the UTF-8 manifest B<br \/>\n\t[required]<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>pace<\/td>\n<td>Pace file generated by the ExpressPlay watermarking tools, encoded in base64<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>pace_hash<\/td>\n<td>MD5 hash of the UTF-8 pace file<\/td>\n<td>Yes<\/td>\n<\/tr>\n<tr>\n<td>hash_prefix<\/td>\n<td>Custom prefix to append to MD5 hash of manifest (used to<br \/>\n\tuniquely identify manifest in cache)<\/td>\n<td>No<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#13.2 --><\/p>\n<p>\t<a class=\"anchor-offset\" name=\"13.3\"><\/a><\/p>\n<div id=\"13.3\" class=\"section\">\n<h2>13.3\u00a0\u00a0\u00a0Response<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"23%\" \/>\n<col width=\"19%\" \/>\n<col width=\"34%\" \/>\n<col width=\"24%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">HTTP Status Code<\/th>\n<th class=\"head\">Description<\/th>\n<th class=\"head\">Content-Type<\/th>\n<th class=\"head\">Entity Body Contains<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>200 OK<\/td>\n<td>Request succeeded<\/td>\n<td>application\/json<\/td>\n<td>JSON response<\/td>\n<\/tr>\n<tr>\n<td>400 Bad Request<\/td>\n<td>Request contained invalid values\/parameters<\/td>\n<td>application\/json<\/td>\n<td>JSON with error description<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#13.3 --><\/p>\n<p>\t<a class=\"anchor-offset\" name=\"13.3.1\"><\/a><\/p>\n<div id=\"13.3.1\" class=\"section\">\n<h2>13.3.1\u00a0\u00a0\u00a0Successful Response Body<\/h2>\n<p>\tJSON encoded object with the following properties:<\/p>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Property<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>wm_token<\/td>\n<td>manifest ID token to be used in license request (format is<br \/>\n\t\u2018wmid\u2019 + manifest_id)<\/td>\n<\/tr>\n<tr>\n<td>manifest_id<\/td>\n<td>unique watermark ID for response manifest, integer value<br \/>\n\tbetween 1-8388607 (1-0x7fffff)<\/td>\n<\/tr>\n<tr>\n<td>decisionList<\/td>\n<td>watermark decision list, array of 1\/0 sequence (included<br \/>\n\tonly if decisionList parameter is true)<\/td>\n<\/tr>\n<tr>\n<td>manifests:<\/td>\n<td>Array of objects with the following properties (included<br \/>\n\tonly if decisionList parameter is false)- manifest: Base64 encoding of interleaved HLS manifest- manifest_hash: MD5 hash of the UTF-8 interleaved HLS manifest- manifestA_hash: MD5 hash of the request UTF-8 manifest A- manifestB_hash: MD5 hash of the request UTF-8 manifest B<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#13.3.1 --><\/p>\n<p>\t<a class=\"anchor-offset\" name=\"13.3.2\"><\/a><\/p>\n<div id=\"13.3.2\" class=\"section\">\n<h2>13.3.2\u00a0\u00a0\u00a0Failed Response<\/h2>\n<p>\tJSON encoded object with the following properties:<\/p>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Property<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>error<\/td>\n<td>Error code matching one of the entries below<\/td>\n<\/tr>\n<tr>\n<td>message<\/td>\n<td>Explanation of error cause<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#13.3.2 --><\/p>\n<p>\t<a class=\"anchor-offset\" name=\"13.3.3\"><\/a><\/p>\n<div id=\"13.3.3\" class=\"section\">\n<h2>13.3.3\u00a0\u00a0\u00a0Error Codes<\/h2>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-2017<\/td>\n<td>Customer authenticator must be supplied<\/td>\n<\/tr>\n<tr>\n<td>-2018<\/td>\n<td>Customer authenticator invalid<\/td>\n<\/tr>\n<tr>\n<td>-3200<\/td>\n<td>Invalid HTTP method<\/td>\n<\/tr>\n<tr>\n<td>-3201<\/td>\n<td>Watermark service not enabled for customer authenticator specified<\/td>\n<\/tr>\n<tr>\n<td>-3210<\/td>\n<td>Malformed request body or invalid JSON<\/td>\n<\/tr>\n<tr>\n<td>-3211<\/td>\n<td>Manifests array not specified<\/td>\n<\/tr>\n<tr>\n<td>-3212<\/td>\n<td>Manifest pairs not specified or invalid set of manifests<\/td>\n<\/tr>\n<tr>\n<td>-3213<\/td>\n<td>Invalid manifest<\/td>\n<\/tr>\n<tr>\n<td>-3214<\/td>\n<td>Manifest hash not specified<\/td>\n<\/tr>\n<tr>\n<td>-3215<\/td>\n<td>Manifest hash does not match<\/td>\n<\/tr>\n<tr>\n<td>-3216<\/td>\n<td>Manifest content IDs do not match<\/td>\n<\/tr>\n<tr>\n<td>-3217<\/td>\n<td>Multiple manifests supplied for DASH<\/td>\n<\/tr>\n<tr>\n<td>-3218<\/td>\n<td>Missing or invalid content ID<\/td>\n<\/tr>\n<tr>\n<td>-3219<\/td>\n<td>Manifest cache miss<\/td>\n<\/tr>\n<tr>\n<td>-3220<\/td>\n<td>Missing or invalid Pace file specified<\/td>\n<\/tr>\n<tr>\n<td>-3221<\/td>\n<td>Pace file hash not specified<\/td>\n<\/tr>\n<tr>\n<td>-3222<\/td>\n<td>Pace file hash does not match<\/td>\n<\/tr>\n<tr>\n<td>-3223<\/td>\n<td>Invalid Payload provided<\/td>\n<\/tr>\n<tr>\n<td>-3224<\/td>\n<td>Payload value is not divisible by 8 or exceeds 32<\/td>\n<\/tr>\n<tr>\n<td>-3225<\/td>\n<td>Pace file generated with a payload which exceeds the supplied pacePayloadSize param<\/td>\n<\/tr>\n<tr>\n<td>-3226<\/td>\n<td>Provided Pace file does not match the number of segments in the provided manifest<\/td>\n<\/tr>\n<tr>\n<td>-3300<\/td>\n<td>Unknown API<\/td>\n<\/tr>\n<tr>\n<td>-3400<\/td>\n<td>Unknown error<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<p>\t<!-- \/#13.3.3 --><\/p><\/div>\n<p>\t<!-- \/#manifest-generation --><\/p>\n<p>\t<!-- ------------ --><\/p>\n<p>\t<!-- SECTION 14 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"json-errors\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>14\u00a0\u00a0\u00a0JSON Errors<\/h2>\n<p>\tAPI responses have the following structure for error data. Error codes will be negative integer values.<\/p>\n<pre class=\"bg-grey-100 p-8 mb-12 mt-12\">{\r\n\t  \"valid\": false,\r\n\t   \"events\": [],\r\n\t   \"error\": {\r\n\t\t \"message\": &lt;error_message&gt;,\r\n\t\t \"code\": &lt;error_code&gt;\r\n\t   }\r\n\t }\r\n\t<\/pre>\n<\/p><\/div>\n<p>\t<!-- SECTION 15 \/\/ --><br \/>\n\t<a class=\"anchor-offset\" name=\"general-error-codes\"><\/a><\/p>\n<div id=\"\" class=\"section\">\n<h2>15\u00a0\u00a0\u00a0General Error Codes<\/h2>\n<p>\tThe following error codes may appear across the service API.<\/p>\n<table class=\"docutils\" border=\"1\">\n<colgroup>\n<col width=\"26%\" \/>\n<col width=\"74%\" \/> <\/colgroup>\n<thead valign=\"bottom\">\n<tr>\n<th class=\"head\">Code<\/th>\n<th class=\"head\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody valign=\"top\">\n<tr>\n<td>-9000<\/td>\n<td>Missing customer authenticator<\/td>\n<\/tr>\n<tr>\n<td>-9001<\/td>\n<td>Corrupted customer authenticator<\/td>\n<\/tr>\n<tr>\n<td>-9002<\/td>\n<td>No such service\/invalid customer authenticator<\/td>\n<\/tr>\n<tr>\n<td>-9003<\/td>\n<td>Invalid customer authenticator<\/td>\n<\/tr>\n<tr>\n<td>-9004<\/td>\n<td>No lookup method (currently unused)<\/td>\n<\/tr>\n<tr>\n<td>-9005<\/td>\n<td>Invalid version specified<\/td>\n<\/tr>\n<tr>\n<td>-9006<\/td>\n<td>Invalid type specified. This occurs when the &#8220;type&#8221; parameter<br \/>\n\tis specified in the \/cmiapi\/getrecord API and the value is not<br \/>\n\teither &#8220;ms3&#8221; or &#8220;bb&#8221;.<\/td>\n<\/tr>\n<tr>\n<td>-9009<\/td>\n<td>Invalid value for start parameter. This value must be a<br \/>\n\tpositive integer. If a value less than 1 is supplied, this<br \/>\n\tparameter will be assumed to be 1.<\/td>\n<\/tr>\n<tr>\n<td>-9010<\/td>\n<td>Invalid value for length parameter. This value must be a<br \/>\n\tpositive integer less or equal to 200. If a value greater<br \/>\n\tthan 200 is supplied, this parameter will be assumed to be<br \/>\n\t200.<\/td>\n<\/tr>\n<tr>\n<td>-9011<\/td>\n<td>Invalid value for id parameter. This value must be a<br \/>\n\tpositive integer. If a value less than 1 is supplied, this<br \/>\n\tparameter will be assumed to be 1.<\/td>\n<\/tr>\n<tr>\n<td>-9012<\/td>\n<td>Failed to get data<\/td>\n<\/tr>\n<tr>\n<td>-9013<\/td>\n<td>Missing startTime parameter<\/td>\n<\/tr>\n<tr>\n<td>-9014<\/td>\n<td>Invalid startTime parameter<\/td>\n<\/tr>\n<tr>\n<td>-9015<\/td>\n<td>Missing endTime parameter<\/td>\n<\/tr>\n<tr>\n<td>-9016<\/td>\n<td>Invalid endTime parameter<\/td>\n<\/tr>\n<tr>\n<td>-9017<\/td>\n<td>Invalid page parameter<\/td>\n<\/tr>\n<tr>\n<td>-9018<\/td>\n<td>Invalid size parameter<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>REST API Documentation Service Region Hosts Record Retrieval Record Retrieval by Time Archived Record Retrieval MS3 Token Request Marlin BB Registration Token Request Marlin BB License Token Request Marlin BB Deregistration Token Request PlayReady LicenseToken Request FairPlay License Token Request Widevine License Token Request LICENSE PROXY A\/B Manifest Generation JSON Errors General Error Codes 1\u00a0\u00a0\u00a0Service [&hellip;]<\/p>\n","protected":false},"author":124,"featured_media":0,"parent":10924,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-expressplay-developer.php","meta":{"_acf_changed":false,"footnotes":""},"tax_page_type":[512],"coauthors":[621],"class_list":["post-11050","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/pages\/11050","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/users\/124"}],"replies":[{"embeddable":true,"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/comments?post=11050"}],"version-history":[{"count":0,"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/pages\/11050\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/pages\/10924"}],"wp:attachment":[{"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/media?parent=11050"}],"wp:term":[{"taxonomy":"tax_page_type","embeddable":true,"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/tax_page_type?post=11050"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.expressplay.com\/ko\/wp-json\/wp\/v2\/coauthors?post=11050"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}