The Widevine license token interface provides production and test services.
This HTTP request returns a token that can be redeemed for a Widevine license.
Method: GET, POST (with a www-url-encoded body that contains parameters for both methods)
URLs:
Production: https://wv-gen.{prod_domain}/hms/wv/token
Test: [https://wv-gen.test.expressplay.com/hms/wv/token](https://wv-gen.test.expressplay.com/hms/wv/token)
Sample request:
https://wv-gen.service.expressplay.com/hms/wv/token?customerAuthenticator=
<ExpressPlay customer authenticator identifier>
Sample Response:
https://wv.service.expressplay.com/hms/wv/rights/?ExpressPlayToken=<base64-encoded ExpressPlay token>
Table 13: Token Query Parameters
Query Parameter | Description | Required? |
---|---|---|
customerAuthenticator | This is your customer API key, one each for your production and test environments. You can find this on the ExpressPlay Admin Dashboard tab. |
Yes |
errorFormat | Either html or json . If html (the default) an HTML representation of any errors is provided in the entity body of the response. If json is specified, a structured response in JSON format is returned. See JSON Errors for details. The mime type of the response is either text/uri-list on success, text/html for html error format, or application/json for json error format. |
No |
Table 14: License Query Parameters
Query Parameter | Description | Required? |
---|---|---|
generalFlags |
A 4 byte hexadecimal string representing the license flags. ‘0000’ is the only allowed value | No |
kek |
Key Encryption Key (KEK). Keys are stored encrypted with a KEK using a key wrapping algorithm (AES Key Wrap, RFC3394). | No |
kid |
A 16 byte hexadecimal string representation of the content encryption key or a string ^somestring' . The length of the string followed by the ^ cannot be greater than 64 characters. Check note below for an example. |
Yes |
ek |
A hex string representation of the encrypted content key. | No |
contentKey |
A 16 byte hexadecimal string representation of the content encryption key | Yes, unless kek and ek or kid are provided |
contentId |
Content Id | No |
securityLevel |
Allowed values are 1-5.
|
Yes |
hdcpOutputControl |
Allowed values are 0, 1, 2.
|
Yes |
licenseDuration * |
Duration of the license in seconds. If not provided, it indicates that there is no limit to the duration. Please check the note below for detailed information. | No |
wvExtension |
A short form wrapping extensionType and extensionPayload, as a comma separated string. See format below. Example: …&wvExtension=wudo,AAAAAA==&… |
No, any number can be used |
About licenseDuration
:
licenseDuration
seconds after beginning of playback. licenseDuration
(it will default to infinite). Otherwise specify the amount of time during which end-users should be able to enjoy the stream. Table 15: Token Restriction Query Parameters
Query Parameter | Description | Required? |
---|---|---|
expirationTime |
Expiration time of this token. This value MUST a string in RFC 3339 date/time format in the ‘Z’ zone designator (“Zulu time”), or an integer preceded by a + sign. An example of an RFC 3339 date/time is 2006-04-14T12:01:10Z. If the value is a string in RFC 3339 date/time format, then it represents an absolute expiration date/time for the token. If the value is an integer preceded by a + sign, then it is interpreted as a relative number of seconds, from issuance, that the token is valid. For example, +60 specifies one minute. The maximum and default (if not specified) token lifetime is 30 days. |
No |
Table 16: Correlation Query Parameters
Query Parameter | Description | Required? |
---|---|---|
cookie |
Arbitrary string up to 32 characters long carried in the token and logged by the token redemption server. Can be used to correlate log entries at the redemption server and those at the service provider’s servers. | No |
Table 17: HTTP Response
HTTP Status Code | Description | Content-Type | Entity Body Contains |
---|---|---|---|
200 OK |
No error. | text/uri-list |
License acquisition URL + token |
400 Bad Request |
Invalid args | text/html or application/json |
Error description |
401 Unauthorized |
Auth failed | text/html or application/json |
Error description |
404 Not found |
Bad URL | text/html or application/json |
Error description |
50x Server Error |
Server error | text/html or application/json |
Error description |
Table 18: Event Error Codes
Code | Description |
---|---|
-2002 | Invalid token expiration time: <details> |
-2003 | Invalid IP address |
-2005 | Invalid content encryption key: <details> |
-2008 | Invalid output control flags specified: <details> |
-2017 | Authentication token must be supplied |
-2018 | Authentication token invalid: <details> Note: This can happen if the authenticator is wrong or when accessing the test API at *.test.expressplay.com using the production authenticator and vice versa. Note: The Test SDK and Advanced Test Tool (ATT) only work with *.test.expressplay.com , whereas production devices must use *.service.expressplay.com . |
-2019 | Insufficient tokens available |
-2022 | Missing rental period end time |
-2023 | Missing rental play duration |
-2025 | Invalid rental play duration |
-2027 | Content encryption key must be 32-hexadecimal digits long |
-2030 | ExpressPlay Admin error: <details> |
-2031 | Service Account Disabled |
-2033 | Invalid cookie |
-2034 | Invalid Output Control, values out of specified range |
-2035 | No corresponding value specified |
-2036 | Extension type should be 4 characters |
-2037 | Extension payload should be Base64 encoded |
-2040 | OutputControlFlag must be encode 4 bytes |
-3004 | Invalid error format specified: <format> |
-4001 | Device could not be authenticated |
-4010 | Invalid token |
-4018 | Missing kid |
-4019 | Failed to get content key from key storage service |
-4020 | kid must be 32 hexadecimal characters long |
-4021 | kid must be 64 characters long after the '^' |
-4022 | Invalid kid |
-4024 | Invalid encrypted key or kek |
-5003 | Invalid general flags |
-6005 | Invalid key data specified |
-6007 | Invalid rental duration specified |
-7002 | Device ID binding is not supported for Widevine |
-7003 | Missing security level value |
-7004 | Invalid security level value |
-7006 | Missing HDCP output control value |
-7007 | Invalid license duration specified |
-7008 | Failed to generate Widevine license |
-7009 | Invalid WVExtension parameters specified |
-7011 | Widevine option disabled |