-
Notifications
You must be signed in to change notification settings - Fork 68
AAuth Server
Switch > Application Authentication
URL: https://aauth-lp1.ndas.srv.nintendo.net
The aauth server provides application tokens. These are required to access game-specific servers, such as NEX and NPLN. To obtain an application token, one must first obtain a device token.
Because the certificates are signed by Nintendo there is only one way to obtain a valid certificate: buy a game and dump it.
The aauth server takes form-encoded requests and responds with json-encoding. It uses base64url, and the client does not add any padding characters.
Up to 17.0.1:
Header | Description |
---|---|
Host | aauth-lp1.ndas.srv.nintendo.net |
User-Agent | User agent |
Accept | */* |
X-Nintendo-PowerState |
FA (fully awake) or HA (half awake). This header is only sent in the application token request. |
Content-Length | Content length |
Content-Type | application/x-www-form-urlencoded |
In 18.0.0 and later, the user agent is no longer present and the headers are reordered:
Header | Description |
---|---|
Host | aauth-lp1.ndas.srv.nintendo.net |
Accept | */* |
Content-Type | application/x-www-form-urlencoded |
X-Nintendo-PowerState |
FA (fully awake) or HA (half awake). This header is only sent in the application token request. |
Content-Length | Content length |
System Version | User agent |
---|---|
9.0.0 - 9.2.0 | libcurl (nnAccount; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 9.3.0.0; Add-on 9.3.0.0) |
10.0.0 - 10.2.0 | libcurl (nnAccount; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 10.4.0.0; Add-on 10.4.0.0) |
11.0.0 - 11.0.1 | libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 11.4.0.0; Add-on 11.4.0.0) |
12.0.0 - 12.1.0 | libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 12.3.0.0; Add-on 12.3.0.0) |
13.0.0 | libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0) |
13.1.0 - 13.2.1 | libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.4.0.0; Add-on 13.4.0.0) |
14.0.0 - 14.1.2 | libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 14.3.0.0; Add-on 14.3.0.0) |
15.0.0 - 15.0.1 | libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 15.3.0.0; Add-on 15.3.0.0) |
16.0.0 - 16.1.0 | libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 16.2.0.0; Add-on 16.2.0.0) |
17.0.0 - 17.0.1 | libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 17.5.0.0; Add-on 17.5.0.0) |
The following method returns a timestamp and your ip address:
Method | Path |
---|---|
GET | /v1/time |
In API version 3 and later, one must solve a cryptographic challenge to prove that the gamecard is inserted. This is not required for digital titles.
Method | Path |
---|---|
POST | /v3/challenge |
POST | /v4/challenge |
POST | /v5/challenge |
The following methods return an application token as JWT:
System | API |
---|---|
1.0.0 - 4.1.0 | v1 |
5.0.0 - 8.1.1 | v2 |
9.0.0 - 14.1.2 | v3 |
15.0.0 - 18.1.0 | v4 |
19.0.0 | v5 |
API | Changelog |
---|---|
v1 | Initial version. |
v2 | The API path is obfuscated with a random hex string. The environment parameter was removed. The online play policy was added. For digital titles, the certificate is encrypted with a random key. The NO_CERT media type was added. |
v3 | The API path is no longer obfuscated. The challenge was added for gamecards. |
v4 | The cert_key parameter was removed for digital titles. A token from dragons is now required. |
v5 | The media_type parameter was renamed to auth_type and the gamecard challenge was redesigned. |
This method is unrelated to aauth. It returns a text/plain
document that contains two lines:
- The current server time in milliseconds
- The external IP address of the client
It also returns this information in the X-NINTENDO-UNIXTIME
and X-NINTENDO-GLOBAL-IP
headers.
This method is no longer used since system version 18.0.0. It is replaced by a ctest server.
This request is only required if the media type is GAMECARD
.
Param | Description |
---|---|
device_auth_token | Device token from dauth server |
Note: up to system version 17.0.1, the device_auth_token was preceded by an ampersand, even though it is the first and only parameter in the request.
Response on success, up to version 4:
Field | Description |
---|---|
value | Base64-encoded (16 bytes) |
seed | Base64-encoded (15 bytes) |
Version 5:
Field | Description |
---|---|
challenge | Base64-encoded (32 bytes) |
challenge_src | Base64-encoded (9 bytes) |
seed | Base64-encoded (15 bytes) |
The seed value never changes. It is even consistent across environments.
This method returns an application token as JWT. Certificates can be dumped with nxdumptool. For digital titles, always dump the base ticket and do not remove console specific data.
Param | Description |
---|---|
application_id | Title id (%016x ) |
application_version | Title version (%08x ) |
environment | lp1 |
device_auth_token | Device token from dauth server |
media_type |
GAMECARD , DIGITAL or SYSTEM
|
If the media type is GAMECARD
or DIGITAL
:
Param | Description |
---|---|
cert | Base64-encoded application certificate |
Response on success:
Field | Description |
---|---|
expires_in | Expiration in seconds (86400) |
application_auth_token | Application token |
settings | Settings (see below) |
The settings field contains a list of objects with the following fields:
Field | Description |
---|---|
nas:client_id | 16 hex digits |
nas:redirect_uri | nintendo://<title id>.app |
For most titles, the settings list is empty.
The environment parameter was removed, the cert_key parameter was added, and the online play policy was added to the response.
The NO_CERT
media type is used if the Switch does not have a valid ticket for a digital title. On production systems, this can only happen if the title was installed through unofficial means, which is usually a piracy attempt. Using NO_CERT
will ban your device.
Param | Description |
---|---|
application_id | Title id (%016x ) |
application_version | Title version (%08x ) |
device_auth_token | Device token from dauth server |
media_type |
GAMECARD , DIGITAL , SYSTEM or NO_CERT
|
If the media type is GAMECARD
:
Param | Description |
---|---|
cert | Base64-encoded gamecard certificate (512 bytes) |
If the media type is DIGITAL
:
Param | Description |
---|---|
cert | Encrypted ticket (base64) |
cert_key | Encrypted key (base64) |
For digital titles, the ticket is no longer sent to the server in plain text. Instead, it is encrypted with AES-CBC with a random key (the IV is filled with zeroes). The key itself is then encrypted with RSA-OAEP with SHA256.
Public exponent: 65537
Modulus:
2903599220185509629948246004681271806662185201109683699434876284
9306378942456577312580648895443616535088601867223713942187399041
4854872772034425863387471719375473684104853507768450203982749294
8967945831738920699512732919046223059402955082098739033920491649
6879108565068863591362496844602988110766097564477545097467537357
3183749964356608012071405755940871989007021731074728723470759285
8155278592486462922448753256166071381157786436864032235809243318
2591089355065715995209202752330511548478896205428626608544326862
4782505679727111312756904637828438785474471375120478991907979820
98870089661523253199182993983393803812441
Response on success:
Field | Description |
---|---|
expires_in | Expiration in seconds (86400) |
application_auth_token | Application token |
settings | Settings |
online_play_policy |
MEMBERSHIP_REQUIRED or FREE
|
policy_handler |
SYSTEM or GAME_SERVER (only present if membership is required) |
A challenge is now required if the media type is GAMECARD
:
Param | Description |
---|---|
application_id | Title id (%016x ) |
application_version | Title version (%08x ) |
device_auth_token | Device token from dauth server |
media_type | GAMECARD |
gvt | Base64-encoded challenge reply, based on the seed and value from the challenge (88 bytes) |
cert | Base64-encoded gamecard certificate (512 bytes) |
The gvt
parameter is calculated with ChallengeCardExistence
. I have no idea how this works.
For digitial titles, the Switch no longer sends the application certificate to the server. Instead, it requests a contents authorization token from the dragons server.
Param | Description |
---|---|
application_id | Title id (%016x ) |
application_version | Title version (%08x ) |
device_auth_token | Device token from dauth server |
media_type | DIGITAL |
cert | Contents authorization token from dragons server |
The media_type parameter was renamed to auth_type. The challenge and challenge_src parameters were added for gamecard authentication.
Param | Description |
---|---|
application_id | Title id (%016x ) |
application_version | Title version (%08x ) |
device_auth_token | Device token from dauth server |
media_type | GAMECARD |
gvt | Base64-encoded challenge reply, based on the seed and value from the challenge (88 bytes) |
cert | Base64-encoded gamecard certificate (512 bytes) |
challenge | Challenge |
challenge_src | Challenge src |
On error, the server sends the following response:
Field | Description |
---|---|
errors | List of errors |
Every error is encoded like this:
Field | Description |
---|---|
code | Error code (string with 4 digits) |
message | Error message |
Code | Message |
---|---|
0103 | Device token expired. |
0105 | ROM ID has been banned. |
0106 | Unauthorized application. |
0107 | ? |
0108 | ? |
0109 | Service closed. |
0110 | ? |
0111 | Application update is required. |
0112 | Internal Server Error. |
0113 | ? |
0118 | Invalid parameter in request. |
0120 | ? |
0121 | Region mismatch. |
The /v1/time
request is very simple:
GET /v1/time HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
Accept: */*
Example of /v1/time
response:
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 30 Sep 2021 14:02:21 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
X-NINTENDO-UNIXTIME: 1633003341066
X-NINTENDO-GLOBAL-IP: 93.184.216.34
Vary: Accept
ETag: W/"7c7283f8b06feb54a9d29b679a4ca0af"
Cache-Control: max-age=0, private, must-revalidate
X-RequestId: 297b792a-f6f2-456b-a3ca-66c6e73620b7
X-Runtime: 0.000683
X-Nintendo-Used-Directive: global auth
X-Nintendo-Request-Host-Header: aauth-lp1.ndas.srv.nintendo.net
X-Nintendo-Request-SNI: aauth-lp1.ndas.srv.nintendo.net
1633003341066
93.184.216.34
To authenticate gamecards one must first obtain a challenge:
POST /v3/challenge HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
User-Agent: libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)
Accept: */*
Content-Length: 857
Content-Type: application/x-www-form-urlencoded
&device_auth_token=eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjM2NzllMTg4LTI5ZWUtNDE4Zi04ZDkwLWI3MjRjYzg1MzQ0MSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2ODMzN2FjYTI4ODE1Y2JiIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6IjhmODQ5YjVkMzQ3NzhkOGUiLCJleHAiOjE2MzI3NjMzMDEsImlhdCI6MTYzMjY3NjkwMSwianRpIjoiZTU5YTBiMGUtOTRlMS00NGFhLWI1ZGItMGZjMGNmNTAyYWRhIiwibmludGVuZG8iOnsic24iOiJYQVcxMDAxMjM0NTY3OCIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.Mdl42B_tWnQQZkpp0qkvEwpkAFGos1YQ8OBKDr_rJCQlNVZLrP6_sd53U8kvwI6TWbnuxFtNxcVJh21kbbY23WsjwQN9Ph2pbjEmneov5b5SfAjWSvfEqt_ViKFQVLv_MZZXQpBYZSQmJ3sA-BbOjeEO6JI5XI3_KR0uj9IxSH_LNSiEwMMNLkP0PcC3gO5cSKcmnb1NPW2BMMdlKOSIbxDSWE4sEuYt2Pl_u2F6hVMVeoC-4z43lIv2tv7aF9Pwv-D7MR-mOxQaxYVHw2Ux4FL0zPZOJMU6qPgfzACeItd6H_A4OBMKSQwBl4DEbSwdle5tph-ur01K91FhXhI6BA
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Sep 2021 19:21:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Vary: Accept
ETag: W/"eff6fe99a35dd733bdb7e43956f9db16"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: b782a5a4-739a-47d6-b061-aa2cbfa4bea2
X-Runtime: 0.005265
X-Nintendo-Used-Directive: global auth
X-Nintendo-Request-Host-Header: aauth-lp1.ndas.srv.nintendo.net
X-Nintendo-Request-SNI: aauth-lp1.ndas.srv.nintendo.net
Connection: keep-alive
{"value":"XLYSEWCMMwSUlU4wJC3VBA==","seed":"wLJ0JZCC3cu5KSU8bLbe"}
Then one can obtain an application token for a gamecard:
POST /v3/application_auth_token HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
User-Agent: libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)
Accept: */*
X-Nintendo-PowerState: FA
Content-Length: 1749
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
application_id=0100abf008968000&application_version=00070000&device_auth_token=eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjM2NzllMTg4LTI5ZWUtNDE4Zi04ZDkwLWI3MjRjYzg1MzQ0MSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2ODMzN2FjYTI4ODE1Y2JiIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6IjhmODQ5YjVkMzQ3NzhkOGUiLCJleHAiOjE2MzI3NjMzMDEsImlhdCI6MTYzMjY3NjkwMSwianRpIjoiZTU5YTBiMGUtOTRlMS00NGFhLWI1ZGItMGZjMGNmNTAyYWRhIiwibmludGVuZG8iOnsic24iOiJYQVcxMDAxMjM0NTY3OCIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.Mdl42B_tWnQQZkpp0qkvEwpkAFGos1YQ8OBKDr_rJCQlNVZLrP6_sd53U8kvwI6TWbnuxFtNxcVJh21kbbY23WsjwQN9Ph2pbjEmneov5b5SfAjWSvfEqt_ViKFQVLv_MZZXQpBYZSQmJ3sA-BbOjeEO6JI5XI3_KR0uj9IxSH_LNSiEwMMNLkP0PcC3gO5cSKcmnb1NPW2BMMdlKOSIbxDSWE4sEuYt2Pl_u2F6hVMVeoC-4z43lIv2tv7aF9Pwv-D7MR-mOxQaxYVHw2Ux4FL0zPZOJMU6qPgfzACeItd6H_A4OBMKSQwBl4DEbSwdle5tph-ur01K91FhXhI6BA&media_type=GAMECARD&gvt=xvzGsqK2NF5qWDKzGb71HYGqqIMVe4B78jBDy8zRXg9X3eMNDhtBHS6QVn_07O2eAdaCAKDgrd2CJ6vOgkfisWG4MIGViKO98YiaTEu6xT9SkmKDOTgJog&cert=_W2lx8BZrU3zHi3eeV6VBzEpxWYeyzAdy_Q49_Sq7u7my6ZY_QxzTggxvMIfhkFGiLPhEmtH5McHbAA3Ecb5wnr7Q0C2UD8Kijkt7QgwBGe6gY__nyhe34o-8Y-PFPzaos5b9UmWTAPPHMhIav1Br7XuK0wHKbdYToc_UZ45YFVUWcKWZbSkPRI4zVP_hKNtWvFMmzhRGIEvcA3tA1ormTWDUSSBaxasgo3FSEKQHJaJpq-K3XwWRX4h8DRXierAYwpLCPRpI92C8QJjWhwumAVDa4Dlc1YtE08iEjQ0ZuFAGV2UPXoz57OznzeqP077uodFnKZmMv07576XEbobyENFUlQAAAAAAAAAAAAAAABy4lviwORBYWj1Lz_TAxxdABAAAAAAAAAAAAlTU7O6Za21K9jZis87UO27ERAIoxTcyvpqMWZb7_qhzPystmkcIvWH0ENCfilg6fb2d5m5nY-RQhToEMU2qa_GCZrsPFUENAaN4jVfjYWk5GXX4tk3e-XJTcfyv2Q0oysuwqFGuyww_Ok7XjyTmvVu_7KhPM8oP4ixzoNTHe1cxAmsGi7qATnUN9ke5dIzlhqd7RNqIxz2kibJXV8iKX_BXvRgeepYfVQoIpVxQNFyitqOKy_RZ6LDvA82-C5E1d6hMTj6YQ0oxBhMTRg9N0tNwoQJQ4Y
For a digital title:
POST /v3/application_auth_token HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
User-Agent: libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)
Accept: */*
X-Nintendo-PowerState: FA
Content-Length: 2254
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue
application_id=0100abf008968000&application_version=00070000&device_auth_token=eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjM2NzllMTg4LTI5ZWUtNDE4Zi04ZDkwLWI3MjRjYzg1MzQ0MSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2ODMzN2FjYTI4ODE1Y2JiIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6IjhmODQ5YjVkMzQ3NzhkOGUiLCJleHAiOjE2MzI3NjMzMDEsImlhdCI6MTYzMjY3NjkwMSwianRpIjoiZTU5YTBiMGUtOTRlMS00NGFhLWI1ZGItMGZjMGNmNTAyYWRhIiwibmludGVuZG8iOnsic24iOiJYQVcxMDAxMjM0NTY3OCIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.Mdl42B_tWnQQZkpp0qkvEwpkAFGos1YQ8OBKDr_rJCQlNVZLrP6_sd53U8kvwI6TWbnuxFtNxcVJh21kbbY23WsjwQN9Ph2pbjEmneov5b5SfAjWSvfEqt_ViKFQVLv_MZZXQpBYZSQmJ3sA-BbOjeEO6JI5XI3_KR0uj9IxSH_LNSiEwMMNLkP0PcC3gO5cSKcmnb1NPW2BMMdlKOSIbxDSWE4sEuYt2Pl_u2F6hVMVeoC-4z43lIv2tv7aF9Pwv-D7MR-mOxQaxYVHw2Ux4FL0zPZOJMU6qPgfzACeItd6H_A4OBMKSQwBl4DEbSwdle5tph-ur01K91FhXhI6BA&media_type=DIGITAL&cert=Ea_BETtJ5tBzI730PfZO2md_qU705gnovFqRjsgw4NbPqQDw_b8H_ecpqm2NbBYs4i3ls95PjSUNHAcV5Yqv36v_wO2eSKyz09YCMo5-eN5DYmyjXaSgy8Fb-Qu0H0VGciRIrx5PNpUJIs7JqV6faPacffFoL4Ac74x6oLtWlRGdgTW7J-cq5ij0O3YNAX_3PoucRi0-xapIVHwRiFUzsj8KM3ug4QttmqVMPW8OAFUWFkGqmsyW_riWRsfDu0srLna4UEc9RxQMbecR-Qw3wyMl5JjCkfA05QLo0MECrhiQE10-yfmlu-ti1pg3wu9y_yiWEJdvgN58H4vlW_n4KL-xDFIdlkQsc4pd3RuL8NwxTSKP_Z2HTyDULs_XpbBejThr59xMGMUdrLOGnxwKiCsjM6SS0P6EpSQSjn4ASns6S1ImTbIvgj8LH4M8wck51XxjOBUz3T_03JQIn9PxObe_OOVfCobKeQXCtKjrvIq40AXg2v2ljj_K7vu8ZmtLMpliexg3dHhr6RgP1TA_tWDLaG_osxnk3XnPDz9FYLLhfugWL2ujsaoNezBOZuKw4CXQ5-IRFk0tWj9lIQvXs8_UFkJXSLIvsS_rs5X3ZaZ0Oc1F8Crt-0Iqgo6g3l259EtwMy6o89yWvU7hSMJ2DfiCEf298eVPMYs95SiTb3bW-wZYfGxVaMJ1XErqlojCi_rSmn9UlHCLgV9PEBK2iF-uAPt1CVxIaejB_7XHtg0bLdMq2OkiyAKHmEFHNPfOvKeJSNh5VQVp18EWbXrio2BXdn0-2UygI8AiTuqq3ummNd6yrNOfU-NNrt5Hccaa6QxsDXCeUlRDmds-lJJJAARL04_E4nZZTnxQE5_sImSkFLBQv8UMjTt0QIFBL_TeR3BkeAi7PSa1YQ0c0_2Bmix7OUuCO1G2mCBGkePVedGPEenm6A9iFNJkyiAhtKBc&cert_key=Tkyp0lOXSP-SEDZ5ShslGnoM1JweZj5kavHTdTnzZaAazXZdTkhaosxZYv2YVL1oqOD7Vmf4orO0Ns85HFGJ8s7cd6dQzvrpyu1uaN4Wum_w5OCf5ld_ga4M8F9TTEUYlAQz0Ft3f9zED0IWOGXqMU0t536XejUQxIUZlNWKBsWT_PZn1nOEcNSeTVHJ5He7QBF6Om99JUvl_qy3v_OppBsBoLdZf_F2miwjCFs0AO7wyf_boK7uU4v-6MtGA8fyyJQgXlAn8SAQTEL3lYVFJyED-Xkel99V8W_3egdnIMvvbJLSRIpLdqjfHqlK32KAcRpzT8J6koc3BkvBhYzNEQ
Or for a system title:
POST /v3/application_auth_token HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
User-Agent: libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)
Accept: */*
X-Nintendo-PowerState: FA
Content-Length: 935
Content-Type: application/x-www-form-urlencoded
application_id=010000000000003e&application_version=00000000&device_auth_token=eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjM2NzllMTg4LTI5ZWUtNDE4Zi04ZDkwLWI3MjRjYzg1MzQ0MSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2ODMzN2FjYTI4ODE1Y2JiIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6IjhmODQ5YjVkMzQ3NzhkOGUiLCJleHAiOjE2MzI3NjMzMDEsImlhdCI6MTYzMjY3NjkwMSwianRpIjoiZTU5YTBiMGUtOTRlMS00NGFhLWI1ZGItMGZjMGNmNTAyYWRhIiwibmludGVuZG8iOnsic24iOiJYQVcxMDAxMjM0NTY3OCIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.Mdl42B_tWnQQZkpp0qkvEwpkAFGos1YQ8OBKDr_rJCQlNVZLrP6_sd53U8kvwI6TWbnuxFtNxcVJh21kbbY23WsjwQN9Ph2pbjEmneov5b5SfAjWSvfEqt_ViKFQVLv_MZZXQpBYZSQmJ3sA-BbOjeEO6JI5XI3_KR0uj9IxSH_LNSiEwMMNLkP0PcC3gO5cSKcmnb1NPW2BMMdlKOSIbxDSWE4sEuYt2Pl_u2F6hVMVeoC-4z43lIv2tv7aF9Pwv-D7MR-mOxQaxYVHw2Ux4FL0zPZOJMU6qPgfzACeItd6H_A4OBMKSQwBl4DEbSwdle5tph-ur01K91FhXhI6BA&media_type=SYSTEM
Response example:
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Sep 2021 19:21:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
...
X-Nintendo-Used-Directive: global auth
X-Nintendo-Request-Host-Header: aauth-lp1.ndas.srv.nintendo.net
X-Nintendo-Request-SNI: aauth-lp1.ndas.srv.nintendo.net
{"expires_in":86400,"application_auth_token":"eyJqa3UiOiJodHRwczovL2FjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjZiMjVhNGU4LTRiOWItNDJhMy1hZDJiLWVhYzRiZGJjOWQ0NiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIwMTAwYWJmMDA4OTY4MDAwIiwiZXhwIjoxNjMyNzYzMzAxLCJpYXQiOjE2MzI2NzY5MDEsImlzcyI6ImFhdXRoLWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQiLCJqdGkiOiI4MmRmNjY3Yi0wZGExLTQzODEtODdlNC0xYWU0MDNjOGI1NjgiLCJuaW50ZW5kbyI6eyJhaSI6IjAxMDBhYmYwMDg5NjgwMDAiLCJhdiI6IjAwMDciLCJhdCI6MTYzMjY3NjkwMSwiZWRpIjoiYjQ2YmRhNGUxZGQ1ZTdjZTAwMjQzMGE2OGIyYzZkNGUiLCJvcHAiOiJNRU1CRVJTSElQX1JFUVVJUkVEIiwicGgiOiJHQU1FX1NFUlZFUiJ9fQ.bVRnffmMbfN3Q-XAEHAt8qa-QPQf-jOBQMwhhMu0hWOUK3UGviDiG4fti_ws6-0vaYxsAisiong051wUhDi0MyzN9BSsJ1nTA0mB6rRfCeqdsdbgRz6hWP4lRgeuzeyVSX6NTIQvdIJTYsqd800i1tkpR2ynTBVwUHwcle9vqNWuIkzZgl-osk439AP70vV2okLSFoSP49EGH6UW7ocgstto9xwy39DiY93y8Di0uX-GvYQK_inAxaIgMUCLBcKJzZ8iwUKV8E1MeD-yWNWGJ9nW9F5kPa6mvDFBOdzcvIYYTjnKh2JSJLS2-nlNyTZoN8t3OfTVLwd3KlDj0HhzZA","settings":[],"online_play_policy":"MEMBERSHIP_REQUIRED","policy_handler":"GAME_SERVER"}
Or if an error has occurred:
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sun, 26 Sep 2021 19:21:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Vary: Accept
Cache-Control: no-cache
X-Request-Id: ae8b948d-a0ca-4073-a41a-2393a69f12c6
X-Runtime: 0.006897
{"errors": [{"code": "0118", "message": "Invalid parameter in request."}]}
- Home
-
NEX
- PRUDP Protocol
- RMC Protocol
-
NEX Services
- Common
- Nintendo
- Kerberos Authentication
- Hpp Server
- NPLN
- Pia
- Switch Servers
- Other Pages