AAuth Server

Switch > Application Authentication

URL: https://aauth-lp1.ndas.srv.nintendo.net

The aauth server provides application tokens. These are required to access game-specific servers, such as NEX and NPLN. To obtain an application token, one must first obtain a device token.

Because the certificates are signed by Nintendo there is only one way to obtain a valid certificate: buy a game and dump it.

The aauth server takes form-encoded requests and responds with json-encoding. It uses base64url, and the client does not add any padding characters.

Headers
Methods
Errors
Examples

Headers

Header	Description
Host	`aauth-lp1.ndas.srv.nintendo.net`
User-Agent	User agent
Accept	`/`
X-Nintendo-PowerState	`FA` (fully awake) or `HA` (half awake). This header is only sent in the application token request.
Content-Length	Content length
Content-Type	`application/x-www-form-urlencoded`

User Agents

System Version	User agent
9.0.0 - 9.2.0	`libcurl (nnAccount; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 9.3.0.0; Add-on 9.3.0.0)`
10.0.0 - 10.2.0	`libcurl (nnAccount; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 10.4.0.0; Add-on 10.4.0.0)`
11.0.0 - 11.0.1	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 11.4.0.0; Add-on 11.4.0.0)`
12.0.0 - 12.1.0	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 12.3.0.0; Add-on 12.3.0.0)`
13.0.0	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)`
13.1.0 - 13.2.1	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.4.0.0; Add-on 13.4.0.0)`
14.0.0 - 14.1.2	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 14.3.0.0; Add-on 14.3.0.0)`
15.0.0 - 15.0.1	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 15.3.0.0; Add-on 15.3.0.0)`
16.0.0 - 16.1.0	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 16.2.0.0; Add-on 16.2.0.0)`
17.0.0 - 17.0.1	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 17.5.0.0; Add-on 17.5.0.0)`
18.0.0	`libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 18.3.0.0; Add-on 18.3.0.0)`

Methods

The following method returns a timestamp and your ip address:

Method	Path
GET	`/v1/time`

In API version 3 and later, one must solve a cryptographic challenge to prove that the gamecard is inserted. This is not required for digital titles.

Method	Path
POST	`/v3/challenge`
POST	`/v4/challenge`

The following methods return an application token as JWT:

Method	Path
POST	`/v1/application_auth_token`
POST	`/v2-44cd4221f90742b5f37a4948b37dacf024d0bb14dde86db0af20ec300a36a0fe/application_auth_token`
POST	`/v3/application_auth_token`
POST	`/v4/application_auth_token`

System Versions

System	API
1.0.0 - 4.1.0	v1
5.0.0 - 8.1.1	v2
9.0.0 - 14.1.2	v3
15.0.0 - 18.0.0	v4

API Changes

API	Changelog
v1	Initial version.
v2	The API path is obfuscated with a random hex string. The `environment` parameter was removed. The online play policy was added. For digital titles, the certificate is encrypted with a random key. The `NO_CERT` media type was added.
v3	The API path is no longer obfuscated. The challenge was added for gamecards.
v4	The `cert_key` parameter was removed for digital titles. A token from dragons is now required.

Time Request

This method is unrelated to aauth. It returns a text/plain document that contains two lines:

The current server time in milliseconds
The external IP address of the client

It also returns this information in the X-NINTENDO-UNIXTIME and X-NINTENDO-GLOBAL-IP headers.

Challenge Request

This request is only required if the media type is GAMECARD.

Param	Description
&device_auth_token	Device token from dauth server

Note that the device_auth_token parameter is preceded by an ampersand, even though it is the first and only parameter in the request.

Response on success:

Field	Description
value	Base64-encoded (16 bytes)
seed	Base64-encoded (15 bytes)

The seed value never changes. It is even consistent across environments.

Application Token Request

This method returns an application token as JWT. Certificates can be dumped with nxdumptool. For digital titles, always dump the base ticket and do not remove console specific data.

Version 1

Param	Description
application_id	Title id (`%016x`)
application_version	Title version (`%08x`)
environment	`lp1`
device_auth_token	Device token from dauth server
media_type	`GAMECARD`, `DIGITAL` or `SYSTEM`

If the media type is GAMECARD or DIGITAL:

Param	Description
cert	Base64-encoded application certificate

Response on success:

Field	Description
expires_in	Expiration in seconds (86400)
application_auth_token	Application token
settings	Settings (see below)

The settings field contains a list of objects with the following fields:

Field	Description
nas:client_id	16 hex digits
nas:redirect_uri	`nintendo://<title id>.app`

For most titles, the settings list is empty.

Version 2

The environment parameter was removed, the cert_key parameter was added, and the online play policy was added to the response.

The NO_CERT media type is used if the Switch does not have a valid ticket for a digital title. On production systems, this can only happen if the title was installed through unofficial means, which is usually a piracy attempt. Using NO_CERT will ban your device.

Param	Description
application_id	Title id (`%016x`)
application_version	Title version (`%08x`)
device_auth_token	Device token from dauth server
media_type	`GAMECARD`, `DIGITAL`, `SYSTEM` or `NO_CERT`

If the media type is GAMECARD:

Param	Description
cert	Base64-encoded gamecard certificate (512 bytes)

If the media type is DIGITAL:

Param	Description
cert	Encrypted ticket (base64)
cert_key	Encrypted key (base64)

For digital titles, the ticket is no longer sent to the server in plain text. Instead, it is encrypted with AES-CBC with a random key (the IV is filled with zeroes). The key itself is then encrypted with RSA-OAEP with SHA256.

Public exponent: 65537

Modulus:

2903599220185509629948246004681271806662185201109683699434876284
9306378942456577312580648895443616535088601867223713942187399041
4854872772034425863387471719375473684104853507768450203982749294
8967945831738920699512732919046223059402955082098739033920491649
6879108565068863591362496844602988110766097564477545097467537357
3183749964356608012071405755940871989007021731074728723470759285
8155278592486462922448753256166071381157786436864032235809243318
2591089355065715995209202752330511548478896205428626608544326862
4782505679727111312756904637828438785474471375120478991907979820
98870089661523253199182993983393803812441

Response on success:

Field	Description
expires_in	Expiration in seconds (86400)
application_auth_token	Application token
settings	Settings
online_play_policy	`MEMBERSHIP_REQUIRED` or `FREE`
policy_handler	`SYSTEM` or `GAME_SERVER` (only present if membership is required)

Version 3

A challenge is now required if the media type is GAMECARD:

Param	Description
application_id	Title id (`%016x`)
application_version	Title version (`%08x`)
device_auth_token	Device token from dauth server
media_type	`GAMECARD`
gvt	Base64-encoded challenge reply, based on the seed and value from the challenge (88 bytes)
cert	Base64-encoded gamecard certificate (512 bytes)

The gvt parameter is calculated with ChallengeCardExistence. I have no idea how this works.

Version 4

For digitial titles, the Switch no longer sends the application certificate to the server. Instead, it requests a contents authorization token from the dragons server.

Param	Description
application_id	Title id (`%016x`)
application_version	Title version (`%08x`)
device_auth_token	Device token from dauth server
media_type	`DIGITAL`
cert	Contents authorization token from dragons server

Errors

On error, the server sends the following response:

Field	Description
errors	List of errors

Every error is encoded like this:

Field	Description
code	Error code (string with 4 digits)
message	Error message

Known Errors

Code	Message
0103	Device token expired.
0105	ROM ID has been banned.
0106	Unauthorized application.
0107	?
0108	?
0109	Service closed.
0110	?
0111	Application update is required.
0112	Internal Server Error.
0113	?
0118	Invalid parameter in request.
0120	?
0121	Region mismatch.

Examples

The /v1/time request is very simple:

GET /v1/time HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
Accept: */*

Example of /v1/time response:

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 30 Sep 2021 14:02:21 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
X-NINTENDO-UNIXTIME: 1633003341066
X-NINTENDO-GLOBAL-IP: 93.184.216.34
Vary: Accept
ETag: W/"7c7283f8b06feb54a9d29b679a4ca0af"
Cache-Control: max-age=0, private, must-revalidate
X-RequestId: 297b792a-f6f2-456b-a3ca-66c6e73620b7
X-Runtime: 0.000683
X-Nintendo-Used-Directive: global auth
X-Nintendo-Request-Host-Header: aauth-lp1.ndas.srv.nintendo.net
X-Nintendo-Request-SNI: aauth-lp1.ndas.srv.nintendo.net

1633003341066
93.184.216.34

To authenticate gamecards one must first obtain a challenge:

POST /v3/challenge HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
User-Agent: libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)
Accept: */*
Content-Length: 857
Content-Type: application/x-www-form-urlencoded

&device_auth_token=eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjM2NzllMTg4LTI5ZWUtNDE4Zi04ZDkwLWI3MjRjYzg1MzQ0MSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2ODMzN2FjYTI4ODE1Y2JiIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6IjhmODQ5YjVkMzQ3NzhkOGUiLCJleHAiOjE2MzI3NjMzMDEsImlhdCI6MTYzMjY3NjkwMSwianRpIjoiZTU5YTBiMGUtOTRlMS00NGFhLWI1ZGItMGZjMGNmNTAyYWRhIiwibmludGVuZG8iOnsic24iOiJYQVcxMDAxMjM0NTY3OCIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.Mdl42B_tWnQQZkpp0qkvEwpkAFGos1YQ8OBKDr_rJCQlNVZLrP6_sd53U8kvwI6TWbnuxFtNxcVJh21kbbY23WsjwQN9Ph2pbjEmneov5b5SfAjWSvfEqt_ViKFQVLv_MZZXQpBYZSQmJ3sA-BbOjeEO6JI5XI3_KR0uj9IxSH_LNSiEwMMNLkP0PcC3gO5cSKcmnb1NPW2BMMdlKOSIbxDSWE4sEuYt2Pl_u2F6hVMVeoC-4z43lIv2tv7aF9Pwv-D7MR-mOxQaxYVHw2Ux4FL0zPZOJMU6qPgfzACeItd6H_A4OBMKSQwBl4DEbSwdle5tph-ur01K91FhXhI6BA

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Sep 2021 19:21:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Vary: Accept
ETag: W/"eff6fe99a35dd733bdb7e43956f9db16"
Cache-Control: max-age=0, private, must-revalidate
X-Request-Id: b782a5a4-739a-47d6-b061-aa2cbfa4bea2
X-Runtime: 0.005265
X-Nintendo-Used-Directive: global auth
X-Nintendo-Request-Host-Header: aauth-lp1.ndas.srv.nintendo.net
X-Nintendo-Request-SNI: aauth-lp1.ndas.srv.nintendo.net
Connection: keep-alive

{"value":"XLYSEWCMMwSUlU4wJC3VBA==","seed":"wLJ0JZCC3cu5KSU8bLbe"}

Then one can obtain an application token for a gamecard:

POST /v3/application_auth_token HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
User-Agent: libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)
Accept: */*
X-Nintendo-PowerState: FA
Content-Length: 1749
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue

application_id=0100abf008968000&application_version=00070000&device_auth_token=eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjM2NzllMTg4LTI5ZWUtNDE4Zi04ZDkwLWI3MjRjYzg1MzQ0MSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2ODMzN2FjYTI4ODE1Y2JiIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6IjhmODQ5YjVkMzQ3NzhkOGUiLCJleHAiOjE2MzI3NjMzMDEsImlhdCI6MTYzMjY3NjkwMSwianRpIjoiZTU5YTBiMGUtOTRlMS00NGFhLWI1ZGItMGZjMGNmNTAyYWRhIiwibmludGVuZG8iOnsic24iOiJYQVcxMDAxMjM0NTY3OCIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.Mdl42B_tWnQQZkpp0qkvEwpkAFGos1YQ8OBKDr_rJCQlNVZLrP6_sd53U8kvwI6TWbnuxFtNxcVJh21kbbY23WsjwQN9Ph2pbjEmneov5b5SfAjWSvfEqt_ViKFQVLv_MZZXQpBYZSQmJ3sA-BbOjeEO6JI5XI3_KR0uj9IxSH_LNSiEwMMNLkP0PcC3gO5cSKcmnb1NPW2BMMdlKOSIbxDSWE4sEuYt2Pl_u2F6hVMVeoC-4z43lIv2tv7aF9Pwv-D7MR-mOxQaxYVHw2Ux4FL0zPZOJMU6qPgfzACeItd6H_A4OBMKSQwBl4DEbSwdle5tph-ur01K91FhXhI6BA&media_type=GAMECARD&gvt=xvzGsqK2NF5qWDKzGb71HYGqqIMVe4B78jBDy8zRXg9X3eMNDhtBHS6QVn_07O2eAdaCAKDgrd2CJ6vOgkfisWG4MIGViKO98YiaTEu6xT9SkmKDOTgJog&cert=_W2lx8BZrU3zHi3eeV6VBzEpxWYeyzAdy_Q49_Sq7u7my6ZY_QxzTggxvMIfhkFGiLPhEmtH5McHbAA3Ecb5wnr7Q0C2UD8Kijkt7QgwBGe6gY__nyhe34o-8Y-PFPzaos5b9UmWTAPPHMhIav1Br7XuK0wHKbdYToc_UZ45YFVUWcKWZbSkPRI4zVP_hKNtWvFMmzhRGIEvcA3tA1ormTWDUSSBaxasgo3FSEKQHJaJpq-K3XwWRX4h8DRXierAYwpLCPRpI92C8QJjWhwumAVDa4Dlc1YtE08iEjQ0ZuFAGV2UPXoz57OznzeqP077uodFnKZmMv07576XEbobyENFUlQAAAAAAAAAAAAAAABy4lviwORBYWj1Lz_TAxxdABAAAAAAAAAAAAlTU7O6Za21K9jZis87UO27ERAIoxTcyvpqMWZb7_qhzPystmkcIvWH0ENCfilg6fb2d5m5nY-RQhToEMU2qa_GCZrsPFUENAaN4jVfjYWk5GXX4tk3e-XJTcfyv2Q0oysuwqFGuyww_Ok7XjyTmvVu_7KhPM8oP4ixzoNTHe1cxAmsGi7qATnUN9ke5dIzlhqd7RNqIxz2kibJXV8iKX_BXvRgeepYfVQoIpVxQNFyitqOKy_RZ6LDvA82-C5E1d6hMTj6YQ0oxBhMTRg9N0tNwoQJQ4Y

For a digital title:

POST /v3/application_auth_token HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
User-Agent: libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)
Accept: */*
X-Nintendo-PowerState: FA
Content-Length: 2254
Content-Type: application/x-www-form-urlencoded
Expect: 100-continue

application_id=0100abf008968000&application_version=00070000&device_auth_token=eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjM2NzllMTg4LTI5ZWUtNDE4Zi04ZDkwLWI3MjRjYzg1MzQ0MSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2ODMzN2FjYTI4ODE1Y2JiIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6IjhmODQ5YjVkMzQ3NzhkOGUiLCJleHAiOjE2MzI3NjMzMDEsImlhdCI6MTYzMjY3NjkwMSwianRpIjoiZTU5YTBiMGUtOTRlMS00NGFhLWI1ZGItMGZjMGNmNTAyYWRhIiwibmludGVuZG8iOnsic24iOiJYQVcxMDAxMjM0NTY3OCIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.Mdl42B_tWnQQZkpp0qkvEwpkAFGos1YQ8OBKDr_rJCQlNVZLrP6_sd53U8kvwI6TWbnuxFtNxcVJh21kbbY23WsjwQN9Ph2pbjEmneov5b5SfAjWSvfEqt_ViKFQVLv_MZZXQpBYZSQmJ3sA-BbOjeEO6JI5XI3_KR0uj9IxSH_LNSiEwMMNLkP0PcC3gO5cSKcmnb1NPW2BMMdlKOSIbxDSWE4sEuYt2Pl_u2F6hVMVeoC-4z43lIv2tv7aF9Pwv-D7MR-mOxQaxYVHw2Ux4FL0zPZOJMU6qPgfzACeItd6H_A4OBMKSQwBl4DEbSwdle5tph-ur01K91FhXhI6BA&media_type=DIGITAL&cert=Ea_BETtJ5tBzI730PfZO2md_qU705gnovFqRjsgw4NbPqQDw_b8H_ecpqm2NbBYs4i3ls95PjSUNHAcV5Yqv36v_wO2eSKyz09YCMo5-eN5DYmyjXaSgy8Fb-Qu0H0VGciRIrx5PNpUJIs7JqV6faPacffFoL4Ac74x6oLtWlRGdgTW7J-cq5ij0O3YNAX_3PoucRi0-xapIVHwRiFUzsj8KM3ug4QttmqVMPW8OAFUWFkGqmsyW_riWRsfDu0srLna4UEc9RxQMbecR-Qw3wyMl5JjCkfA05QLo0MECrhiQE10-yfmlu-ti1pg3wu9y_yiWEJdvgN58H4vlW_n4KL-xDFIdlkQsc4pd3RuL8NwxTSKP_Z2HTyDULs_XpbBejThr59xMGMUdrLOGnxwKiCsjM6SS0P6EpSQSjn4ASns6S1ImTbIvgj8LH4M8wck51XxjOBUz3T_03JQIn9PxObe_OOVfCobKeQXCtKjrvIq40AXg2v2ljj_K7vu8ZmtLMpliexg3dHhr6RgP1TA_tWDLaG_osxnk3XnPDz9FYLLhfugWL2ujsaoNezBOZuKw4CXQ5-IRFk0tWj9lIQvXs8_UFkJXSLIvsS_rs5X3ZaZ0Oc1F8Crt-0Iqgo6g3l259EtwMy6o89yWvU7hSMJ2DfiCEf298eVPMYs95SiTb3bW-wZYfGxVaMJ1XErqlojCi_rSmn9UlHCLgV9PEBK2iF-uAPt1CVxIaejB_7XHtg0bLdMq2OkiyAKHmEFHNPfOvKeJSNh5VQVp18EWbXrio2BXdn0-2UygI8AiTuqq3ummNd6yrNOfU-NNrt5Hccaa6QxsDXCeUlRDmds-lJJJAARL04_E4nZZTnxQE5_sImSkFLBQv8UMjTt0QIFBL_TeR3BkeAi7PSa1YQ0c0_2Bmix7OUuCO1G2mCBGkePVedGPEenm6A9iFNJkyiAhtKBc&cert_key=Tkyp0lOXSP-SEDZ5ShslGnoM1JweZj5kavHTdTnzZaAazXZdTkhaosxZYv2YVL1oqOD7Vmf4orO0Ns85HFGJ8s7cd6dQzvrpyu1uaN4Wum_w5OCf5ld_ga4M8F9TTEUYlAQz0Ft3f9zED0IWOGXqMU0t536XejUQxIUZlNWKBsWT_PZn1nOEcNSeTVHJ5He7QBF6Om99JUvl_qy3v_OppBsBoLdZf_F2miwjCFs0AO7wyf_boK7uU4v-6MtGA8fyyJQgXlAn8SAQTEL3lYVFJyED-Xkel99V8W_3egdnIMvvbJLSRIpLdqjfHqlK32KAcRpzT8J6koc3BkvBhYzNEQ

Or for a system title:

POST /v3/application_auth_token HTTP/1.1
Host: aauth-lp1.ndas.srv.nintendo.net
User-Agent: libcurl (nnHttp; 789f928b-138e-4b2f-afeb-1acae821d897; SDK 13.3.0.0; Add-on 13.3.0.0)
Accept: */*
X-Nintendo-PowerState: FA
Content-Length: 935
Content-Type: application/x-www-form-urlencoded

application_id=010000000000003e&application_version=00000000&device_auth_token=eyJqa3UiOiJodHRwczovL2RjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjM2NzllMTg4LTI5ZWUtNDE4Zi04ZDkwLWI3MjRjYzg1MzQ0MSIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI2ODMzN2FjYTI4ODE1Y2JiIiwiaXNzIjoiZGF1dGgtbHAxLm5kYXMuc3J2Lm5pbnRlbmRvLm5ldCIsImF1ZCI6IjhmODQ5YjVkMzQ3NzhkOGUiLCJleHAiOjE2MzI3NjMzMDEsImlhdCI6MTYzMjY3NjkwMSwianRpIjoiZTU5YTBiMGUtOTRlMS00NGFhLWI1ZGItMGZjMGNmNTAyYWRhIiwibmludGVuZG8iOnsic24iOiJYQVcxMDAxMjM0NTY3OCIsInBjIjoiSEFDIiwiZHQiOiJOWCBQcm9kIDEiLCJpc3QiOmZhbHNlfX0.Mdl42B_tWnQQZkpp0qkvEwpkAFGos1YQ8OBKDr_rJCQlNVZLrP6_sd53U8kvwI6TWbnuxFtNxcVJh21kbbY23WsjwQN9Ph2pbjEmneov5b5SfAjWSvfEqt_ViKFQVLv_MZZXQpBYZSQmJ3sA-BbOjeEO6JI5XI3_KR0uj9IxSH_LNSiEwMMNLkP0PcC3gO5cSKcmnb1NPW2BMMdlKOSIbxDSWE4sEuYt2Pl_u2F6hVMVeoC-4z43lIv2tv7aF9Pwv-D7MR-mOxQaxYVHw2Ux4FL0zPZOJMU6qPgfzACeItd6H_A4OBMKSQwBl4DEbSwdle5tph-ur01K91FhXhI6BA&media_type=SYSTEM

Response example:

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 26 Sep 2021 19:21:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
...
X-Nintendo-Used-Directive: global auth
X-Nintendo-Request-Host-Header: aauth-lp1.ndas.srv.nintendo.net
X-Nintendo-Request-SNI: aauth-lp1.ndas.srv.nintendo.net

{"expires_in":86400,"application_auth_token":"eyJqa3UiOiJodHRwczovL2FjZXJ0LWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQva2V5cyIsImtpZCI6IjZiMjVhNGU4LTRiOWItNDJhMy1hZDJiLWVhYzRiZGJjOWQ0NiIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiIwMTAwYWJmMDA4OTY4MDAwIiwiZXhwIjoxNjMyNzYzMzAxLCJpYXQiOjE2MzI2NzY5MDEsImlzcyI6ImFhdXRoLWxwMS5uZGFzLnNydi5uaW50ZW5kby5uZXQiLCJqdGkiOiI4MmRmNjY3Yi0wZGExLTQzODEtODdlNC0xYWU0MDNjOGI1NjgiLCJuaW50ZW5kbyI6eyJhaSI6IjAxMDBhYmYwMDg5NjgwMDAiLCJhdiI6IjAwMDciLCJhdCI6MTYzMjY3NjkwMSwiZWRpIjoiYjQ2YmRhNGUxZGQ1ZTdjZTAwMjQzMGE2OGIyYzZkNGUiLCJvcHAiOiJNRU1CRVJTSElQX1JFUVVJUkVEIiwicGgiOiJHQU1FX1NFUlZFUiJ9fQ.bVRnffmMbfN3Q-XAEHAt8qa-QPQf-jOBQMwhhMu0hWOUK3UGviDiG4fti_ws6-0vaYxsAisiong051wUhDi0MyzN9BSsJ1nTA0mB6rRfCeqdsdbgRz6hWP4lRgeuzeyVSX6NTIQvdIJTYsqd800i1tkpR2ynTBVwUHwcle9vqNWuIkzZgl-osk439AP70vV2okLSFoSP49EGH6UW7ocgstto9xwy39DiY93y8Di0uX-GvYQK_inAxaIgMUCLBcKJzZ8iwUKV8E1MeD-yWNWGJ9nW9F5kPa6mvDFBOdzcvIYYTjnKh2JSJLS2-nlNyTZoN8t3OfTVLwd3KlDj0HhzZA","settings":[],"online_play_policy":"MEMBERSHIP_REQUIRED","policy_handler":"GAME_SERVER"}

Or if an error has occurred:

HTTP/1.1 400 Bad Request
Server: nginx
Date: Sun, 26 Sep 2021 19:21:43 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Vary: Accept
Cache-Control: no-cache
X-Request-Id: ae8b948d-a0ca-4073-a41a-2393a69f12c6
X-Runtime: 0.006897

{"errors": [{"code": "0118", "message": "Invalid parameter in request."}]}

Home
NEX
- PRUDP Protocol
- RMC Protocol
- NEX Services
  - Common
  - Nintendo
- Kerberos Authentication
- Hpp Server
NPLN
- Auth
Pia
- Pia Protocol
- Pia Services
  - Mesh
  - Monitoring Data
  - NAT Traversal
  - Reliable
  - RTT
  - Station
  - Unreliable
- LAN Protocol
- LDN Protocol
Switch Servers
Other Pages

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AAuth Server

Switch > Application Authentication

Headers

User Agents

Methods

System Versions

API Changes

Time Request

Challenge Request

Application Token Request

Version 1

Version 2

Version 3

Version 4

Errors

Known Errors

Examples

Clone this wiki locally