Universal Print (UP) Printer Registration

1. Registration

1.1 Flow

Registration Flow

1.2 APIs

The following APIs are available with the Global UP Registration Service for registering printers. Global UP Registration Service Base URL: https://register.print.microsoft.com

The full URL will be the combination of the Global base URL and the endpoint(s) below.

1.2.1 /register

The /register endpoint is used to register a printer. There are 2 stages for registration.

  1. Initial registration call to register the printer

  2. Polling registration status for completion of the registration request

1.2.1.1 Initiating Registration

The first stage is to initiate a registration request with the global registration service. This is done by issuing a POST request to the /register endpoint with the registration payload in JSON format.

1.2.1.1.1 HTTP Request
POST /api/{version}/register

{version} is the version of the UP Registration API/protocol that the printer is using. Currently supported versions are:

  • v1.0
1.2.1.1.2 Request Headers

For v1.0:

Name Description
Authorization Bearer {token} Required. The printer must sign-in the admin to Azure AD, by follow the Device Code flow or another authorization flow.
1.2.1.1.3 Request Content-Type
  • application/json
1.2.1.1.4 Request Payload

The registration request payload will be in JSON format with the following values (case sensitive):

Value name Value type Description Required
name string The friendly name of the Printer. Yes
manufacturer string The manufacturer of the Printer. Yes
model string The model of the Printer. Yes
device_id string The physical device UUID of the Printer. Yes
device_type string The type of the device. Supported values (without quotes): "printer" Yes
certificate_request DeviceCertRequest object The X.509 Certificate Signing Request (CSR) for the certificate created and used by the printer to identify itself. Please refer to Appendix A.1 for a coding sample on how to create a CSR with BouncyCastle .NET library. Yes

The DeviceCertRequest object has the following values (case sensitive):

Value name Value type Description Required
type string A property that MUST contain "pkcs10". Yes
data string A property that contains a base64-encoded PKCS#10 certificate request RFC4211. The certificate request MUST use an RSA public key algorithm with a 2048-bit key, a SHA256WithRSAEncryption signature algorithm, and a SHA256 hash algorithm. Yes
transport_key string The base64-encoded public portion of an asymmetric key that is generated by the client. Yes
1.2.1.1.5 Successful Response

On success (202 Accepted), the registration response payload will be in JSON format with the following values (case sensitive):

Value name Value type Description Required
registration_id string The unique ID that represents this registration request. This will be used when polling for registration status. Yes
interval integer Polling interval time (in seconds) to check for completion of the registration request. Yes
1.2.1.1.6 Error Response

On error, the following HTTP status codes will be returned along with an error response payload. The error response payload will contain an error JSON object following the format in section 2.

HTTP Status Codes

HTTP Status Code Description
400 (Bad Request) The request is invalid or malformed. See error response payload for details. Fix and resend the request.
500 (Internal Server Error) An internal error has occurred in the service. See error response payload for details. Retry the request (if possible, retry_timeout will be set).

Error Codes

Error Codes Description HTTP Status Code
invalid_request The registration request payload was malformed/invalid. This usually occurs during development stages. See error_description for more details. 400
device_code_error The service could not generate a Device/User Code pair. 500
storage_error The service experienced an error with Back-end Storage. 500
service_error An error occurred in the service. See error_description for more details. 500
1.2.1.1.7 Examples
1.2.1.1.7.5 Request v1.0
POST https://register.print.microsoft.com/api/v1.0/register HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8
Accept-Encoding: gzip, deflate
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkZ6U3pHTVZ1a0U2Nm9EQnpwR0JUY2NBMlVRYyIsImtpZCI6IkZ6U3pHTVZ1a0U2Nm9EQnpwR0JUY2NBMlVRYyJ9.eyJhdWQiOiJodHRwczovL3ByaW50LnByaW50LXBwZS5taWNyb3NvZnQuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy1wcGUubmV0LzIwZGY5NTlmLWE0OTItNGU3NC05N2E3LTE0YWJiM2ZlZjFkYi8iLCJpYXQiOjE1NjE2NzUxNjYsIm5iZiI6MTU2MTY3NTE2NiwiZXhwIjoxNTYxNjc5MDY2LCJhY3IiOiIxIiwiYWlvIjoiNDJOZ1lOQXNYbUtTSHZSM3Jvcjd2RVdMMWtmc0NMUi93R085cjYzMGl2T1RLWlVoV1ZzQSIsImFtciI6WyJwd2QiXSwiYXBwaWQiOiI0MTdhZTZlYi1hYWM4LTQyYzgtOTAwYy0wZTUwZGViYmE2ODgiLCJhcHBpZGFjciI6IjAiLCJmYW1pbHlfbmFtZSI6IlN0YWdlciIsImdpdmVuX25hbWUiOiJNYWRlbGluZSIsImdyb3VwcyI6WyI1YjljNGVkMS0yMWUyLTRkNzktYjE0Zi1mMzYyMTI5ODcyYjIiXSwiaXBhZGRyIjoiMTMxLjEwNy4xNTkuMjAiLCJuYW1lIjoiTWFkZWxpbmUgU3RhZ2VyIiwib2lkIjoiYzJmMjg2NDctMWQ4ZS00YTdhLWIzZjctZjU4YmQ3ODYxODk4IiwicHVpZCI6IjEwMDM0MDAwMDA2OEJFQzgiLCJzY3AiOiJzYW1wbGVzLnJlYWQgc2FtcGxlcy53cml0ZSIsInN1YiI6IlR6b2hRcmNzTHNjNUNHR09hWndxa1ZiajhaSkh4MnB1dzdpcWhWVXFWRGsiLCJ0ZW5hbnRfY3RyeSI6IlVTIiwidGlkIjoiMjBkZjk1OWYtYTQ5Mi00ZTc0LTk3YTctMTRhYmIzZmVmMWRiIiwidW5pcXVlX25hbWUiOiJtYXN0YWdlckBjbG91ZHByaW50cHBlLmNjc2N0cC5uZXQiLCJ1cG4iOiJtYXN0YWdlckBjbG91ZHByaW50cHBlLmNjc2N0cC5uZXQiLCJ1dGkiOiJlal84QlAtLW1rZWNNWjdncFJNR0FBIiwidmVyIjoiMS4wIiwid2lkcyI6WyI2MmU5MDM5NC02OWY1LTQyMzctOTE5MC0wMTIxNzcxNDVlMTAiXX0.e1RpyZDQzqlV11uyRXWRmaqf6wk2mg763muoIiMG2Qq8DW221Rg91cLP5px6KSfhpd7nv-Ln_KUFsZ4IlJqfmsrfCL_vgKHjYQuRDv2BY8-vrIqUC_5XVA_sj2Ib7iT7SjDYyMv6QDZM2rf7kVggvRuaZihUxxGZWby84EXD8KKAYfAQGo3r6AceuSDJOvToMy-Kp-MEqRuzExZdq2p1_qRIBtHe8Its4xuR8ZHEVqWnY0Y_qeVA8uxl3mQxZSvH8BVYn4Bdy_VZcNtrNKt3YpHFzG4kgy5V6wGLecRI7IBzYd4uK_FwpaYXHpkrSbO0ATEX3tjrgPnHbicA053Ilw
Content-Length: 1600

{
  "name": "Test Printer",
  "manufacturer": "Test Manufacturer",
  "model": "Test Model",
  "device_type": "printer",
  "device_id": "a188d9e8-8daa-44c9-862b-d6202bcf1b68",
  "certificate_request":
  {
    "type": "pkcs10",
    "data": "MIICpDCCAYwCAQAwYTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1JlZG1vbmQxFzAVBgNVBAoMDk1pY3Jvc29mdCBDb3JwMRIwEAYDVQQDDAlNaWNyb3NvZnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ1xUdFKBlFdS9dHqSrD7YS0ZJ6MgcYy5wI3P0wOWrDi28OCBLbt6HBg02KDh1MlmVrfIR2O6WWeJ59M63JuwEn2e2WoGnIb/M6NyANyBBmgZ3bjp39UJHbXtYYXm/VJrPcOLM09dST7KR1zAcD2J+rnK8ZVUtYuTl58D7R6zsrYshw5CwxfLYPXeXwiSoKhtEC8Xn1lz3mi5B2SdsFHdjaQb6E0tCG5zdrVzzhCEVPaoo4e9SCTB9jDNulTU1ZkHzGBk+UzlKv4APsclyGCTEgA01T6/ueBrVeKY9d4DYfz/pu4sm0Vf1E+2hggtwbBOP60sFtkfnKiwtVoDF1KC9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBACdggPBJ5MoJJ3QjVYDypuJGWDVWBT0G4pXNZHNz5Q4OVDze7aCw3Sl78Qdzy++XsrSXjtyZyEb+A5R36YKTpzRBCHSOWyZkZKpxj0Uo8/+RzjzJ1uvtwfhelfQ6EVktFsz6a2hixcaa47bN/bjj9stJbbRsxjJwR1K5YI/i+9DaUE7r7VDXiknQ7/ZyEYquAqY/O/LEnFOGhkSvkLlFPTbnJ7fzURyNnQhmp8p3DMj5dXYgKfWPxViqvJChx8pJf9zM4TjzaTZIj08tSOp2LtWGeMNkFgYJH4URe3t4OPx5crkKj8i5aIW1Ulb8ezJLW1IU7W8hF71ooZWFTOsAnjQ=",
    "transport_key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydcVHRSgZRXUvXR6kqw+2EtGSejIHGMucCNz9MDlqw4tvDggS27ehwYNNig4dTJZla3yEdjullniefTOtybsBJ9ntlqBpyG/zOjcgDcgQZoGd246d/VCR217WGF5v1Saz3DizNPXUk+ykdcwHA9ifq5yvGVVLWLk5efA+0es7K2LIcOQsMXy2D13l8IkqCobRAvF59Zc95ouQdknbBR3Y2kG+hNLQhuc3a1c84QhFT2qKOHvUgkwfYwzbpU1NWZB8xgZPlM5Sr+AD7HJchgkxIANNU+v7nga1XimPXeA2H8/6buLJtFX9RPtoYILcGwTj+tLBbZH5yosLVaAxdSgvQIDAQAB"
  }
}
1.2.1.1.7.6 Response v1.0
HTTP/1.1 202 Accepted
Date: Thu, 27 Jun 2019 22:47:34 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked

{
  "registration_id": "fbbd6371-7e88-4881-8818-8d2ea2e8fe88",
  "interval": 5
}
1.2.1.2 Getting Registration Status

After the registration request has been successfully accepted, the printer will poll the /register endpoint for the status of the registration request. The printer should poll based on the interval value received in the registration response and must provide the registration_id received.

1.2.1.2.1 HTTP Request
GET /api/{version}/register?{Query Parameters}

{version} is the version of the UP Registration API/protocol that the printer is using.
Currently supported versions are:

  • v1.0

{Query Parameters} are specified in the next section.

1.2.1.2.2 Request Headers

For v1.0:

Name Description
Authorization Bearer {token} Required. The printer must sign-in the admin to Azure AD, or follow the Device Code flow. Same token acquired for first register request can be used.
1.2.1.2.3 Request Query Parameters
Parameter name Description Required
registration_id The registration ID received from the response of the registration request. Yes
1.2.1.2.4 Successful Responses

The following HTTP status codes will be returned for the following "success" scenarios:

HTTP Status Code Registration Phase
200 (OK) Registration Complete
202 (Accepted) Registration In Progress - Please make another request after the interval time has passed

Response Payloads

Registration In Progress (202 Accepted):

The registration response payload will be in JSON format with the following values (case sensitive):

Value name Value type Description Required
interval integer Polling interval time (in seconds) to check for completion of the registration request. Note, the polling interval time will not necessary be the same each time. Yes

Registration Complete (200 OK):

The registration response payload will be in JSON format with the following values (case sensitive):

Value name Value type Description Required
cloud_device_id string The UUID of the printer in the Cloud that this printer represents. Yes
certificate string Base64-encoded Signed X.509 Certificate. Yes
print_svc_url string The URL to the Universal Print (UP) service that handles printer operations. Yes
notification_url string The URL that should be used by the printer to listen for notifications (new print job, cancel print job, etc...). Yes
mcp_svc_resource_id string The Resource ID of the UP service. Required when requesting OAuth token for communication with the UP and UP Notification Services. Yes
device_token_url string The URL of the Secure Token Authority (STA) that the printer should use to get tokens for the UP and UP Notification Services. Yes
1.2.1.2.5 Error Response

On error, the following HTTP status codes will be returned along with an error response payload. The error response payload will contain an error JSON object following the format in section 2.

HTTP Status Codes

HTTP Status Code Description
400 (Bad Request) The request is invalid or malformed. See error response payload for details. Registration should be re-started.
500 (Internal Server Error) An internal error has occurred in the service. See error response payload for details. Registration should be re-started.

Error Codes

Error Codes Description HTTP Status Code
invalid_registration_id The registration ID provided is invalid. This can occur if the registration ID was stored incorrectly or if the printer registration has not completed within the registration timeout. Registration should be re-started. 400
device_already_exists The device that is being registered is already registered. The Admin should check the UP portal to see if the device being registered is present. If it is, it could be a stale entry that the Admin forgot to delete/un-register. Registration should be re-started. 400
user_token_error The service failed to get the user token to perform registration. Registration should be re-started. 500
storage_error The service experienced an error with Back-end Storage. Registration should be re-started. 500
service_error An error occurred in the service. See error_description for more details. Registration should be re-started. 500
1.2.1.2.6 Examples
1.2.1.2.6.3 Request v1.0
GET https://register.print.microsoft.com/api/v1.0/register?registration_id=bb86db79-2918-
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkZ6U3pHTVZ1a0U2Nm9EQnpwR0JUY2NBMlVRYyIsImtpZCI6IkZ6U3pHTVZ1a0U2Nm9EQnpwR0JUY2NBMlVRYyJ9.eyJhdWQiOiJodHRwczovL3ByaW50LnByaW50LXBwZS5taWNyb3NvZnQuY29tIiwiaXNzIjoiaHR0cHM6Ly9zdHMud2luZG93cy1wcGUubmV0LzIwZGY5NTlmLWE0OTItNGU3NC05N2E3LTE0YWJiM2ZlZjFkYi8iLCJpYXQiOjE1NjE2NzUxNjYsIm5iZiI6MTU2MTY3NTE2NiwiZXhwIjoxNTYxNjc5MDY2LCJhY3IiOiIxIiwiYWlvIjoiNDJOZ1lOQXNYbUtTSHZSM3Jvcjd2RVdMMWtmc0NMUi93R085cjYzMGl2T1RLWlVoV1ZzQSIsImFtciI6WyJwd2QiXSwiYXBwaWQiOiI0MTdhZTZlYi1hYWM4LTQyYzgtOTAwYy0wZTUwZGViYmE2ODgiLCJhcHBpZGFjciI6IjAiLCJmYW1pbHlfbmFtZSI6IlN0YWdlciIsImdpdmVuX25hbWUiOiJNYWRlbGluZSIsImdyb3VwcyI6WyI1YjljNGVkMS0yMWUyLTRkNzktYjE0Zi1mMzYyMTI5ODcyYjIiXSwiaXBhZGRyIjoiMTMxLjEwNy4xNTkuMjAiLCJuYW1lIjoiTWFkZWxpbmUgU3RhZ2VyIiwib2lkIjoiYzJmMjg2NDctMWQ4ZS00YTdhLWIzZjctZjU4YmQ3ODYxODk4IiwicHVpZCI6IjEwMDM0MDAwMDA2OEJFQzgiLCJzY3AiOiJzYW1wbGVzLnJlYWQgc2FtcGxlcy53cml0ZSIsInN1YiI6IlR6b2hRcmNzTHNjNUNHR09hWndxa1ZiajhaSkh4MnB1dzdpcWhWVXFWRGsiLCJ0ZW5hbnRfY3RyeSI6IlVTIiwidGlkIjoiMjBkZjk1OWYtYTQ5Mi00ZTc0LTk3YTctMTRhYmIzZmVmMWRiIiwidW5pcXVlX25hbWUiOiJtYXN0YWdlckBjbG91ZHByaW50cHBlLmNjc2N0cC5uZXQiLCJ1cG4iOiJtYXN0YWdlckBjbG91ZHByaW50cHBlLmNjc2N0cC5uZXQiLCJ1dGkiOiJlal84QlAtLW1rZWNNWjdncFJNR0FBIiwidmVyIjoiMS4wIiwid2lkcyI6WyI2MmU5MDM5NC02OWY1LTQyMzctOTE5MC0wMTIxNzcxNDVlMTAiXX0.e1RpyZDQzqlV11uyRXWRmaqf6wk2mg763muoIiMG2Qq8DW221Rg91cLP5px6KSfhpd7nv-Ln_KUFsZ4IlJqfmsrfCL_vgKHjYQuRDv2BY8-vrIqUC_5XVA_sj2Ib7iT7SjDYyMv6QDZM2rf7kVggvRuaZihUxxGZWby84EXD8KKAYfAQGo3r6AceuSDJOvToMy-Kp-MEqRuzExZdq2p1_qRIBtHe8Its4xuR8ZHEVqWnY0Y_qeVA8uxl3mQxZSvH8BVYn4Bdy_VZcNtrNKt3YpHFzG4kgy5V6wGLecRI7IBzYd4uK_FwpaYXHpkrSbO0ATEX3tjrgPnHbicA053Ilw
Host: register.print.microsoft.com
1.2.1.2.6.4 In Progress Response v1.0
HTTP/1.1 202 Accepted
Cache-Control: no-cache
Pragma: no-cache

{
  "interval": 15
}
1.2.1.2.6.7 Completed Response v1.0
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 267
Content-Type: application/json; charset=utf-8

{
  "cloud_device_id": "7c907b43-d8f0-4e42-a279-1e37eb4fd2bf",
  "certificate": "MIID8jCCAtqgAwIBAgIQR2Y15zkurJhCGxcaQ0d7tjANBgkqhkiG9w0BAQsFADB4MXYwEQYKCZImiZPyLGQBGRYDbmV0MBUGCgmSJomT8ixkARkWB3dpbmRvd3MwHQYDVQQDExZNUy1Pcmdhbml6YXRpb24tQWNjZXNzMCsGA1UECxMkODJkYmFjYTQtM2U4MS00NmNhLTljNzMtMDk1MGMxZWFjYTk3MB4XDTE4MDExOTAwNTIxM1oXDTI4MDExOTAxMjIxM1owLzEtMCsGA1UEAxMkZjVlYjVmNWUtMDYyNC00YTNiLThmZjItNjQ5ZTAyM2ZiNzJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQc0Twp+vlT5Vc74zLoXbrufcIKnoW980OWFKHf7lRlRqjj9MWpea99j+3K8JQSoifXJvS5QzyjXrH9phsrfX84I258y6dM/aUadLYYKjO38wx9c1vQppZi1P3LcDaJiXPgNQ8omWCtDNoVwQlTUmB9Pq6h+V6S4P59Mq9cem6yEE7pu4DLqLSB68jexvLQnuGDfn6PsVUC3ML21zDmAr3QDikiZDe9Iy03IRrXvl6obj5QZtkGFbK9ueArFcWpymsEK
  FfVhrKL7ca/rAEFHsHacJYHkJNMw3Qzs0yMYZRsH/fS+eBebvQWUEujQ+BX8xZQX48ukwtC8R37RsqrLjwIDAQABo4HAMIG9MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwIgYLKoZIhvcUAQWCHAIEEwSBEF5f6/UkBjtKj/JkngI/ty0wIgYLKoZIhvcUAQWCHAMEEwSBEHXH6W+38IhBoi1uqlWcNhUwIgYLKoZIhvcUAQWCHAUEEwSBEAWT1qlxl5pLvXhzFTIfL2swFAYLKoZIhvcUAQWCHAgEBQSBAk5BMBMGCyqGSIb3FAEFghwHBAQEgQEwMA0GCSqGSIb3DQEBCwUAA4IBAQCXpFMa9DCgIIJTD3RlEyPN8WB/HgMkhLBqwtZugkmIn8D80ckuhrfa2jJfWkNxEfFXanjq9B4tAvkNt7vBXiYw+PKj8+CE5FgfUTNtIw3Q/06tnJBj20mz28ZNbdRUgXzxXiY7oZss54dbHH+7TFO9k9Pm1CuUOzLFX4LeC48wo/S6uN7JDeID6pQjcR00eYJ+gcD800AXBYXrqSreYhdtl1swcD71qgshELAo2qXu0kzuKj05GIB5SXFOoU+KhuB0LMuEZF5rsQPN4KcasGaAb/8MIORAxkYStNLQZQLYbDve/dUownbfruW/o3tnjJP0GA0gY/Ohv5ssgrCFsiBq",
  "print_svc_url": "https://print.print.microsoft.com/",
  "notification_url": "https://notification.print.microsoft.com/",
  "mcp_svc_resource_id":"https://print.print.microsoft.com",
  "device_token_url": "https://login.microsoftonline.com/common/oauth2/token"
}

1.2.1.3 Authentication

Before registering the printer must authenticate the admin to Azure AD, by follow the Device Code flow or another authorization flow. The printer admin access token obtained must be sent in the authorization header of the request to register a printer. Documentation of device code and other authentication flows supported by Azure AD can be found at Supported authentication flows.

1.2.1.3.1 Device Code Flow Parameters

Documentation of Azure AD support of the device code flow can be found at OAuth 2.0 device code flow. The client_id listed below is temporary. We will provide additional information in the near future.

Parameter Name Description Required
tenant Use "Organizations" for the tenant parameter. Yes
client_id Use registered client ID for the client_id. Additional information at Registering OEM Client. Yes
scope Use https://print.print.microsoft.com/.default for the scope Yes
1.2.1.3.2 Example Device Code Flow Requests
1.2.1.3.2.1 Initiate the device code flow

Request:

POST https://login.microsoftonline.com/organizations/oauth2/v2.0/devicecode HTTP/1.1
Accept-Charset: utf-8
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: login.microsoftonline.com
Content-Length: 103
Expect: 100-continue
Connection: Keep-Alive

client_id=<registered_client_id>&scope=https%3A%2F%2Fprint.print.microsoft.com%2F.default

Response:

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 473

{
  "user_code": "FMTB7B3WR",
  "device_code": "FAQABAAEAAAAP0wLlqdLVToOpA4kwzSnx3SB1wjNptiBt5jFM8ePgJKGOjX-WOEksHYT3zgqz9VVg4MqY8J6Tej_rpniyj4WjOsVe-RCJuGexX-IwPKDK-df38P0zpLv5ktxSCflT_F-8Cbef6BRDpk0Qm-lPOhC4bcbtdIaM8yqf-cS962rGC9VdVNFVFStePppCDRcumjAgAA",
  "verification_uri": "https://microsoft.com/devicelogin",
  "expires_in": 900,
  "interval": 5,
  "message": "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code FMTB7B3WR to authenticate."
}
1.2.1.3.2.2 Retrieving the user token

Request:

POST https://login.microsoftonline.com/tenant/oauth2/v2.0/token HTTP/1.1
Accept-Charset: utf-8
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Host: login.microsoftonline.com
Content-Length: 289
Expect: 100-continue

grant_type=device_code&client_id=<registered_client_id>&device_code=FAQABAAEAAAAP0wLlqdLVToOpA4kwzSnx3SB1wjNptiBt5jFM8ePgJKGOjX-WOEksHYT3zgqz9VVg4MqY8J6Tej_rpniyj4WjOsVe-RCJuGexX-IwPKDK-df38P0zpLv5ktxSCflT_F-8Cbef6BRDpk0Qm-lPOhC4bcbtdIaM8yqf-cS962rGC9VdVNFVFStePppCDRcumjAgAA

Response: authorization_pending, user has not logged in yet.

HTTP/1.1 400 Bad Request
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 469

{
  "error": "authorization_pending",
  "error_description": "AADSTS70016: Pending end-user authorization.\r\nTrace ID: 60997c8b-15ed-4d12-99b6-6da879fd1400\r\nCorrelation ID: 7300aba9-1698-4a4e-b6dd-66459a828108\r\nTimestamp: 2019-09-26 23:13:43Z",
  "error_codes": [70016],
  "timestamp": "2019-09-26 23:13:43Z",
  "trace_id": "60997c8b-15ed-4d12-99b6-6da879fd1400",
  "correlation_id": "7300aba9-1698-4a4e-b6dd-66459a828108",
  "error_uri": https://login.microsoftonline.com/error?code=70016
}

Response: success, user has logged in, token is returned. This token can be used in the required authorization header (described in section 1.2.1.1.2) when sending a request to register a printer with Universal Print.

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Content-Length: 1763

{
  "token_type": "Bearer",
  "scope": "https://print.print.microsoft.com/Print.Device https://print.print.microsoft.com/.default",
  "expires_in": 3599,
  "ext_expires_in": 3599,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImFQY3R3X29kdlJPb0VOZzNWb09sSWgydGlFcyIsImtpZCI6ImFQY3R3X29kdlJPb0VOZzNWb09sSWgydGlFcyJ9.eyJhdWQiOiJodHRwczovL3ByaW50LnByaW50Lm1pY3Jvc29mdC5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9mMGQ4ODMyMy04OGY2LTQ4MTMtOGI0ZC05NGVjNjdlNjA3YmQvIiwiaWF0IjoxNTY5NTM5Mzc3LCJuYmYiOjE1Njk1MzkzNzcsImV4cCI6MTU2OTU0MzI3NywiYWNyIjoiMSIsImFpbyI6IkFTUUEyLzhNQUFBQVA1U1NzTklCYXRVQ2UxSGZXaEdvNHhqbUM4b2RCckNpeDNaN0dyZWJUMEE9IiwiYW1yIjpbInB3ZCJdLCJhcHBpZCI6IjQxN2FlNmViLWFhYzgtNDJjOC05MDBjLTBlNTBkZWJiYTY4OCIsImFwcGlkYWNyIjoiMCIsImdyb3VwcyI6WyIzMjVhNDljOS1mNjQ0LTQxNjEtODdmZS1kZTQ5ZGEyNDhjZTkiXSwiaXBhZGRyIjoiMTY3LjIyMC4yLjE4IiwibmFtZSI6Ik1hZGVsaW5lIFN0YWdlciIsIm9pZCI6ImIzZTE1ODM0LTAxZmUtNDIwNi05MjkwLTk5OTNiMzM1MWM2MSIsInB1aWQiOiIxMDAzN0ZGRUFDRjVBNUE1Iiwic2NwIjoiUHJpbnQuRGV2aWNlIiwic3ViIjoiN2hhQzVjdEZlYjZPVHBsMHROUDJmRDJVY3pWTFRjbTZlNkQ1eEZkOEpvYyIsInRlbmFudF9jdHJ5IjoiVVMiLCJ0aWQiOiJmMGQ4ODMyMy04OGY2LTQ4MTMtOGI0ZC05NGVjNjdlNjA3YmQiLCJ1bmlxdWVfbmFtZSI6Im1hc3RhZ2VyQGNsb3VkcHJpbnRwcm9kdWN0aW9uLm9ubWljcm9zb2Z0LmNvbSIsInVwbiI6Im1hc3RhZ2VyQGNsb3VkcHJpbnRwcm9kdWN0aW9uLm9ubWljcm9zb2Z0LmNvbSIsInV0aSI6Inp2N2EtdGRrR0VHQkFSMl9zWU1UQUEiLCJ2ZXIiOiIxLjAiLCJ3aWRzIjpbIjYyZTkwMzk0LTY5ZjUtNDIzNy05MTkwLTAxMjE3NzE0NWUxMCJdfQ.Nfz82GPdQUx6py2xwhVhI4hvpbLTdaaDSVFnGx4Eb3CeJHcQvCmmKoB9Lze7YITcEcLdxUkGEQGEXSh6M3yDrNP_hsoIROdWhe6RDjbYVPmJUL319lL4eNtQTJq8bKcJVbeM5SamlY1mBIhxH_sjL4TX0NN2RnDIuF_L1NSRW0IaHoZxzf257y0n7BqPROl3VpQ97wA8P-hhVBbfwwB9i-sLbsoCVszuE9JnHpgJPm6h9FDL9Px57ddTMZDvJchxOL5gUTA76gdRqUUzLROCMlz0R7vTJotl2RQnrzZBoNNoM9iJHL2KqQKuuezHEro1453lSRASiBkZHHEOFglzSg"
}

2. Error Response Structure

For the above APIs, on error, the following error structure will be returned in the payload in JSON format with the following values (case sensitive). These error responses are mainly for development purposes and it is up to the developer what to show to the user, if anything.

Value name Value type Description Required
error string An error code string that is used to classify the type of error that occurred. Yes
error_description string A specific error message that can help identity the root cause of the error. No
error_code integer Additional error code that can help diagnose the issue. No
http_status_code integer The HTTP status code that was returned with this error response. No
retry_timeout integer The number of seconds that the printer should wait before retrying the request. No

Each API above will list out its possible error code string(s).

2.1 Example Response

{
  "error": "invalid_request",
  "error_description": "Missing required field device_type"
}

3. Getting Printer Token

To get an access token that represents the printer, the printer will have to generate a JSON Web Token (JWT) and sign it with its certificate private key.
The procedure is as follows:

  1. Request a Nonce from the device token endpoint.
  2. Generate a device JWT with the proper information and sign it with the private key.
  3. Send a request to the device token endpoint with the JWT in the body.

3.1 Requesting a Nonce

To request a nonce, send a POST request to the device token endpoint with the body containing a server challenge.

3.1.1 HTTP Request

POST {device_token_url}

{device_token_url} is the URL received from the successful registration response (section 1.2.1.2.3).

3.1.2 Request Content-Type

  • application/x-www-form-urlencoded

3.1.3 Request Payload

  • grant_type=srv_challenge&windows_api_version=2.0

3.1.4 Successful Response

Returns 200 OK and the Nonce in the response payload in JSON format with the following values (case sensitive):

Value name Value type Description Required
Nonce string The nonce string to be used with the token request. Yes

3.1.5 Examples

3.1.5.1 Request
POST https://login.microsoftonline.com/425a8e89-feb9-40d2-9fe5-07fb45419e4b/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Length: 48

grant_type=srv_challenge&windows_api_version=2.0

#### Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 132
{
  "Nonce": "AQABAAAAAADX8GCi6Js6SK82TsD2Pb7rO4c24C6C31bER-HgavkQr-xx11qx0DFkaB6rfm-ikMj\_eUCSQ12bS4Id06ae1CUQjd8jN7xc4uGK-PA6Bj83HyAA"
}

3.2 Generating the device JWT

The generated device JWT will contain the information needed for the token provider to issue a device access token to the printer. The next sections will detail the information needed in the JWT header, body and signature.

3.2.1 The JWT Header

The following JWT header parameters are needed:

Value name Value type Description Required
alg string The public key algorithm used to generate the public key. Must match the registration request information which should be "RS256". Yes
typ string The type header parameter. Should be "JWT". Yes
x5c string The full body of the device certificate (contains public key only). This is the certificate returned by the successful registration response. Yes

3.2.2 The JWT Body

The following JWT body parameters are needed:

Value name Value type Description Required
request_nonce string The nonce value obtained in section 3.1. Yes
grant_type string The fixed literal string "device_token" that indicates to the server a device only token is needed. Yes
resource string The target audience of the access token. This is the 'mcp_svc_resource_id' value returned by the successful Completed registration response. For example, https://print.print.microsoft.com Yes
client_id string The Application (Client) ID of a registered Azure Application with API permissions to Universal Print. To create an Azure Application with the proper API permissions please refer to OEM client ID registration. Yes
redirect_uri string A configured Redirect URI for the registered Azure Application used for 'client_id' in this section. To configure a Redirect URI for a registered Azure Application please follow OEM client ID registration. Yes
iss string The Cloud Device ID the printer received from the successful registration response. Yes

3.2.3 The JWT Signature

The JWT signed by the device private key, which is used to prove that request was issued from device, and not replayed from a different one.

3.2.4 Example Generated JWT

{
  "alg": "RS256",
  "typ": "JWT",
  "x5c": "MIID8jCCAtqgAwIBAgIQtJE/zIv3C5JOPoIeezhfLzANBgkqhkiG9w0BAQsFADB4MXYwEQYKCZImiZPyLGQBGRYDbmV0MBUGCgmSJomT8ixkARkWB3dpbmRvd3MwHQYDVQQDExZNUy1Pcmdhbml6YXRpb24tQWNjZXNzMCsGA1UECxMkODJkYmFjYTQtM2U4MS00NmNhLTljNzMtMDk1MGMxZWFjYTk3MB4XDTE4MDUxMDAzMjUzMVoXDTI4MDUxMDAzNTUzMVowLzEtMCsGA1UEAxMkZTlhNjc1YTItYTdjNS00ZmU3LThlODMtZmUxZWZhZjgyZWM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGw0ePNEZTNgDbTMMb+m8feCQY70yotozZnMFh5HehO2AvlaR1mZnAI+7rWd5pUdmPo83wGSchqj4cOsOQF699UEmZllDDpCMd9e/kkyFFQYVFBjLV67jUNyM5yDwCqSsNyTImuBQjpgOCoYt7nrsJ5nlaEiWB7HNMbPEJI8Szp9eMci/5j5ktRqU9SeWBUF7SIruaFKt5i7phTwx9ELJo554/yaQtJx5gZs1hpO/z9iLORu+13cj5aruvNZFnlyNyD7LNZ43J5biIIuqbFaUhCLBX70vuE/yhxkKjvyZwovP1PP5Bqc7ZLD6vIdh80bgJLd+xFKbL4OcD2DgxWI4QIDAQABo4HAMIG9MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwIgYLKoZIhvcUAQWCHAIEEwSBEKJ1punFp+dPjoP+Hvr4LsYwIgYLKoZIhvcUAQWCHAMEEwSBEHlLkyG0XmRHoNfDVt0FSVQwIgYLKoZIhvcUAQWCHAUEEwSBEImOWkK5/tJAn+UH+0VBnkswFAYLKoZIhvcUAQWCHAgEBQSBAk5BMBMGCyqGSIb3FAEFghwHBAQEgQEwMA0GCSqGSIb3DQEBCwUAA4IBAQB3q4Ey9AijQmHy0S3+fy1PV7pXq6aMhAgF7HvzmEwdmnjSCfvUd+fPkZA3tGQ6gkGlJ3mI4wq0xBZfk6YEQLLSuvukCphzZitz2NnpeCYMYpT2L7G1+EsIMu5+Wz84S4IO57IMBSLMDmsLLP2bHq+w1VOYgS9cO7Vha/nR3Z542LnaRKINUpFedHAtffv2tOQLRCPWk20KP5LEpKuEcM/r5EHFH6beKFuYePpJ7/dhKH69cZFWRtqgaV7BHxeDVr/n3kyHbDv1rwTXIYHaM3qEXDcSmyqEZqu0WEoz0FpVYt2pRw9pSb29+Y6n4vWTyWxVI8zMqDieYmaw7uXctqrr"
}.
{
  "request_nonce": "AQABAAAAAADX8GCi6Js6SK82TsD2Pb7rO4c24C6C31bER-HgavkQr-xx11qx0DFkaB6rfm-ikMj\_eUCSQ12bS4Id06ae1CUQjd8jN7xc4uGK-PA6Bj83HyAA",
  "grant_type": "device_token",
  "resource": "https://microsoft.com/mcp",
  "client_id": "1ef464e5-0b61-4c6f-b822-5dc015b9463e",
  "redirect_uri": "https://print.print.microsoft.com/",
  "iss": "e9a675a2-a7c5-4fe7-8e83-fe1efaf82ec6"
}.
[Signature]

3.3 Requesting a Device Access Token

To request a device token, send a POST request to the device token endpoint with the body containing the JWT generated in section 3.2.

3.3.1 HTTP Request

POST {device_token_url}

{device_token_url} is the URL received from the successful registration response (section 1.2.1.2.3).

3.3.2 Request Content-Type

  • application/x-www-form-urlencoded

3.3.3 Request Payload

Form URL encoded format with the following name/value pairs:

Value name Description/Value Required
grant_type Should be set to urn:ietf:params:oauth:grant-type:jwt-bearer. This indicates that the token request is described in a JWT. Yes
request The Base-64 encoded JWT that was generated in section 3.2. Yes

Important

Make sure that 'cookies' are not included when sending the device token request. Sending cookies could result in unexpected behavior.

3.3.4 Successful Response

Returns 200 OK and the Access Token in the response payload in JSON format with the following main values (case sensitive):

Value name Value type Description Required
access_token string The requested access token as a signed JSON Web Token (JWT). The printer can use this token to authenticate to the secured resource, such as a web API. Yes
token_type string Indicates the token type value. The only type that should be returned is currently Bearer. Yes
device_info string A JWT representing the device. Yes
expires_in string How long the access token is valid (in seconds). Yes
expires_on string The time when the access token expires. The date is represented as the number of seconds from 1970-01-01T0:0:0Z UTC until the expiration time. This value is used to determine the lifetime of cached tokens. Yes
not_before string The time before which the JWT MUST NOT be accepted for processing. Yes
resource string The App ID URI of the web API (secured resource). Yes

3.3.5 Error Response

The detailed error responses are described here: Use the authorization code to request an access token

The response payload is in JSON format with the following main values (case sensitive):

Value name Value type Description Required
error string An error code string that can be used to classify types of errors that occur, and can be used to react to errors. Yes
error_description string A specific error message that can help a developer identify the root cause of an authentication error. No
error_codes Array of integers A list of STS-specific error codes that can help in diagnostics. No
timestamp string The time at which the error occurred. No
trace_id string A unique identifier for the request that can help in diagnostics. No
correlation_id string A unique identifier for the request that can help in diagnostics across components. No
3.3.5.1 Critical Error

If the printer has been de-registered from the UP portal or the certificate expires, then the printer will fail to get a device access token. In this case, the device token endpoint will return "error": "invalid_grant" and "suberror": "device_authentication_failed". At this point, the printer should reset its state to be Unregistered as the device will need to be re-registered.
For example:

{
  "error": "invalid_grant",
  "error_description": "AADSTS70002: Error validating credentials. AADSTS50155: Device is not authenticated.\\r\\nTrace ID: b099e7ad-ccf8-4eb7-b105-cced2f724d00\\r\\nCorrelation ID: 0d72010c-5a1f-4c19-99a7-48df28c5db66\\r\\nTimestamp: 2018-05-14 01:06:51Z",
  "error_codes": [70002, 50155],
  "trace_id": "b099e7ad-ccf8-4eb7-b105-cced2f724d00",
  "correlation_id": "0d72010c-5a1f-4c19-99a7-48df28c5db66",
  "suberror": "device_authentication_failed"
}

3.3.6 Examples

3.3.6.1 Request
POST https://login.microsoftonline.com/425a8e89-feb9-40d2-9fe5-07fb45419e4b/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Charset: utf-8
Host: login.microsoftonline.com
Content-Length: 2737
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&request=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6Ik1JSUQ4akNDQXRxZ0F3SUJBZ0lRdEpFL3pJdjNDNUpPUG9JZWV6aGZMekFOQmdrcWhraUc5dzBCQVFzRkFEQjRNWFl3RVFZS0NaSW1pWlB5TEdRQkdSWURibVYwTUJVR0NnbVNKb21UOGl4a0FSa1dCM2RwYm1SdmQzTXdIUVlEVlFRREV4Wk5VeTFQY21kaGJtbDZZWFJwYjI0dFFXTmpaWE56TUNzR0ExVUVDeE1rT0RKa1ltRmpZVFF0TTJVNE1TMDBObU5oTFRsak56TXRNRGsxTUdNeFpXRmpZVGszTUI0WERURTRNRFV4TURBek1qVXpNVm9YRFRJNE1EVXhNREF6TlRVek1Wb3dMekV0TUNzR0ExVUVBeE1rWlRsaE5qYzFZVEl0WVRkak5TMDBabVUzTFRobE9ETXRabVV4WldaaFpqZ3laV00yTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFqR3cwZVBORVpUTmdEYlRNTWIrbThmZUNRWTcweW90b3pabk1GaDVIZWhPMkF2bGFSMW1abkFJKzdyV2Q1cFVkbVBvODN3R1NjaHFqNGNPc09RRjY5OVVFbVpsbEREcENNZDllL2treUZGUVlWRkJqTFY2N2pVTnlNNXlEd0NxU3NOeVRJbXVCUWpwZ09Db1l0N25yc0o1bmxhRWlXQjdITk1iUEVKSThTenA5ZU1jaS81ajVrdFJxVTlTZVdCVUY3U0lydWFGS3Q1aTdwaFR3eDlFTEpvNTU0L3lhUXRKeDVnWnMxaHBPL3o5aUxPUnUrMTNjajVhcnV2TlpGbmx5TnlEN0xOWjQzSjViaUlJdXFiRmFVaENMQlg3MHZ1RS95aHhrS2p2eVp3b3ZQMVBQNUJxYzdaTEQ2dklkaDgwYmdKTGQreEZLYkw0T2NEMkRneFdJNFFJREFRQUJvNEhBTUlHOU1Bd0dBMVVkRXdFQi93UUNNQUF3RmdZRFZSMGxBUUgvQkF3d0NnWUlLd1lCQlFVSEF3SXdJZ1lMS29aSWh2Y1VBUVdDSEFJRUV3U0JFS0oxcHVuRnArZFBqb1ArSHZyNExzWXdJZ1lMS29aSWh2Y1VBUVdDSEFNRUV3U0JFSGxMa3lHMFhtUkhvTmZEVnQwRlNWUXdJZ1lMS29aSWh2Y1VBUVdDSEFVRUV3U0JFSW1PV2tLNS90SkFuK1VIKzBWQm5rc3dGQVlMS29aSWh2Y1VBUVdDSEFnRUJRU0JBazVCTUJNR0N5cUdTSWIzRkFFRmdod0hCQVFFZ1FFd01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjNxNEV5OUFpalFtSHkwUzMrZnkxUFY3cFhxNmFNaEFnRjdIdnptRXdkbW5qU0NmdlVkK2ZQa1pBM3RHUTZna0dsSjNtSTR3cTB4QlpmazZZRVFMTFN1dnVrQ3BoelppdHoyTm5wZUNZTVlwVDJMN0cxK0VzSU11NStXejg0UzRJTzU3SU1CU0xNRG1zTExQMmJIcSt3MVZPWWdTOWNPN1ZoYS9uUjNaNTQyTG5hUktJTlVwRmVkSEF0ZmZ2MnRPUUxSQ1BXazIwS1A1TEVwS3VFY00vcjVFSEZINmJlS0Z1WWVQcEo3L2RoS0g2OWNaRldSdHFnYVY3Qkh4ZURWci9uM2t5SGJEdjFyd1RYSVlIYU0zcUVYRGNTbXlxRVpxdTBXRW96MEZwVll0MnBSdzlwU2IyOStZNm40dldUeVd4Vkk4ek1xRGllWW1hdzd1WGN0cXJyIn0.eyJyZXF1ZXN0X25vbmNlIjoiQVFBQkFBQUFBQURYOEdDaTZKczZTSzgyVHNEMlBiN3JPNGMyNEM2QzMxYkVSLUhnYXZrUXIteHgxMXF4MERGa2FCNnJmbS1pa01qX2VVQ1NRMTJiUzRJZDA2YWUxQ1VRamQ4ak43eGM0dUdLLVBBNkJqODNIeUFBIiwiZ3JhbnRfdHlwZSI6ImRldmljZV90b2tlbiIsInJlc291cmNlIjoiaHR0cHM6Ly9taWNyb3NvZnQuY29tL21jcC1wcGUiLCJjbGllbnRfaWQiOiIxZWY0NjRlNS0wYjYxLTRjNmYtYjgyMi01ZGMwMTViOTQ2M2UiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL21jcC1wcGUuYXp1cmV3ZWJzaXRlcy5uZXQvIiwiaXNzIjoiZTlhNjc1YTItYTdjNS00ZmU3LThlODMtZmUxZWZhZjgyZWM2In0.bmvBY7cdD\_dGtbB9dXbjbj5qc5k9ssqOMe1KQnnUnChLz1nkgBMLU\_jBMwsAoHCvI\_udQAdDgyNmWFcnWxTY0sLARZ6FQmjbGclqrqhj\_kkJXdkNBdGcwIXafjQiFkpDlpTMbVjBWoQq49aW-e\_OcmfsVIg8DCdS-s87x0fJ3fuHzZJzVGEHC4D-43EPxWTXfVbsvOV7RNK15lq5GXm10W4DkRngK6EpMq69g75KCUqT\_MEEh5dGezl5Kic8RLZQ72n5aEpc5Y6XK85b1TdOtBnxogVjJFSsxpz1sOIpODszVu9CSUg4CHEjadpKQ9DiYCg6zB9D5fYbMf3NrGWC9Q

3.3.6.2 Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Content-Length: 2473
{
  "token_type":"Bearer",
  "expires_in":"3599",
  "ext_expires_in":"0",
  "expires_on":"1525928144","not_before":"1525924244","resource":"<https://microsoft.com/mcp>",
  "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayIsImtpZCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayJ9.eyJhdWQiOiJodHRwczovL21pY3Jvc29mdC5jb20vbWNwLXBwZSIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzQyNWE4ZTg5LWZlYjktNDBkMi05ZmU1LTA3ZmI0NTQxOWU0Yi8iLCJpYXQiOjE1MjU5MjQyNDQsIm5iZiI6MTUyNTkyNDI0NCwiZXhwIjoxNTI1OTI4MTQ0LCJhbXIiOlsicnNhIl0sImRldmljZWlkIjoiZTlhNjc1YTItYTdjNS00ZmU3LThlODMtZmUxZWZhZjgyZWM2IiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvNDI1YThlODktZmViOS00MGQyLTlmZTUtMDdmYjQ1NDE5ZTRiLyIsImlkdHlwIjoiZGV2aWNlIiwiaXBhZGRyIjoiMTY3LjIyMC4wLjc0Iiwib2lkIjoiZjM5NjNiMDItY2NjNS00NTg5LTkwYjQtMDJkNTA0OWE5ZGY3Iiwic3ViIjoiZTlhNjc1YTItYTdjNS00ZmU3LThlODMtZmUxZWZhZjgyZWM2IiwidGlkIjoiNDI1YThlODktZmViOS00MGQyLTlmZTUtMDdmYjQ1NDE5ZTRiIiwidXRpIjoiV005dVBHbXltRWV3RmdpMl9PcEdBQSIsInZlciI6IjEuMCJ9.gjCICKD2NT69bro4wK8r6SJhP6CBflnBqmlpF3pITl\_1Klv1DNYTue7a-Tup0vkFu0inN8njTG7rxlK\_j4m2mn1iUuh6CO-o98hN6VzjrarvZceBzGtsiOU2jtdacWP4JmePtTaXRmGDlK-PbTLy\_v4VmbL\_cQN2RIEiwf81suwnBacko0xbQhO3cPmGwKZcB5kFV4tnHp0uBnxyfcpRfV-ZR9Age41LWDW1ulOsTVuv1Q4XmmOmStkh2-TH1jOq1did6jyK1LKncdsSvEhKeo49-yBNshGntPs24qWL2WShz5cMQ3w5OBbAUOwl1DL-\_NtcUjCwbaLRwS6Dyliejw\",\"device\_info\":\"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayIsImtpZCI6ImlCakwxUmNxemhpeTRmcHhJeGRacW9oTTJZayJ9.eyJhdWQiOiJiYWZjYjg2Zi1kYWFhLTQxYjEtYjQ5NC04NjA0MzZhNGMzMGQiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80MjVhOGU4OS1mZWI5LTQwZDItOWZlNS0wN2ZiNDU0MTllNGIvIiwiaWF0IjoxNTI1OTI0MjQ0LCJuYmYiOjE1MjU5MjQyNDQsImV4cCI6MTUyNTkyODE0NCwiZGV2aWNlaWQiOiJlOWE2NzVhMi1hN2M1LTRmZTctOGU4My1mZTFlZmFmODJlYzYiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC80MjVhOGU4OS1mZWI5LTQwZDItOWZlNS0wN2ZiNDU0MTllNGIvIiwiaWR0eXAiOiJkZXZpY2UiLCJvaWQiOiJmMzk2M2IwMi1jY2M1LTQ1ODktOTBiNC0wMmQ1MDQ5YTlkZjciLCJzdWIiOiJlOWE2NzVhMi1hN2M1LTRmZTctOGU4My1mZTFlZmFmODJlYzYiLCJ0aWQiOiI0MjVhOGU4OS1mZWI5LTQwZDItOWZlNS0wN2ZiNDU0MTllNGIiLCJ1dGkiOiJXTTl1UEdteW1FZXdGZ2kyX09wR0FBIiwidmVyIjoiMS4wIn0.CPNbz9Cr20Ig\_i7Fc8GUx1NVpGXqQs9HsNH3F-QxUeJsep7m1rwiTE8WXsfXxiNGco0j1HFykiHdAsE\_-ymeVXaUtA5InC3uEeiHuIihQGbo9GC5gibzjsS\_psfqE74v\_9o7WuJTjFhpGdl1h57sOX49la312uR\_Khr6I6tIGiFon-gn4rGq5U0O4NV\_5LeitiHUXxuVxD2O9J5vERpwmnQ0UtyxX9skyFGEtcEruNch6noy\_5710xbcYv-8uO4VM8tM6CoqigWg\_7o18OciJ0VRBmsFLZtJUOxVSlPKeFneFDyKujpttbMIP-0-FdS75qckkqGYzoVbSuzsIcJa5g"
}