L3S DRM Developer Guide
Error Codes Reference
This page documents all error codes returned by the L3DRM authentication system. These codes appear in session logs and help diagnose authentication issues.
Error Code Categories
| Prefix | Category | HTTP Status | Description |
|---|---|---|---|
AUTH_ | Authentication | 401 | Request authentication failures (credentials, API key, payload) |
AUTHZ_ | Authorization | 403 | Access control failures (key status, user blocked, permissions) |
RATE_ | Rate Limiting | 429 | Too many failed authentication attempts |
PRE_ | Pre-Check | 403 | Pre-validation failures before full authentication (API key revoked, user blocked) |
SRV_ | Server | 5xx | Server-side errors (internal errors, database issues) |
TMPR_ | Client-Side | N/A | Local tamper detection and integrity errors raised by the WASM module |
Authentication Errors (HTTP 401)
These errors occur when the request cannot be authenticated.
| Code | Description | Trigger Condition | Message |
|---|---|---|---|
AUTH_001 | Invalid user agent | The DRM library is not properly integrated - User-Agent must start with "KittyHawk" | Authentication failed |
AUTH_002 | Missing credentials | The DRM request is missing required encrypted payload fields | Authentication failed |
AUTH_003 | Invalid Client API key | The Client API key in the WASM build is invalid or not configured in the dashboard | Invalid or incorrect key |
AUTH_004 | Inactive Client API key | The Client API key has been deactivated - the product needs to be updated | Please update this product |
AUTH_005 | Malformed payload | Payload decryption failed - possible tampering or corrupted DRM library | Authentication failed |
Authorization Errors (HTTP 403)
These errors occur when the request is authenticated but access is denied.
| Code | Description | Trigger Condition | Message |
|---|---|---|---|
AUTHZ_001 | Activation key not found | The activation key doesn't exist for this project | Invalid or incorrect key |
AUTHZ_002 | Activation key disabled | The activation key has been disabled in the dashboard | Key is inactive |
AUTHZ_003 | Activation key expired | The activation key's expiry date has passed | Key has expired |
AUTHZ_004 | User blocked | This Xbox/MSFS username has been blocked by the project owner | Access denied |
AUTHZ_005 | Invalid WASM hash | The WASM binary hash doesn't match an approved version - possible tampering or outdated build | Access denied |
AUTHZ_006 | Missing WASM hash | Hash verification is required but the client didn't provide a file hash | Access denied |
AUTHZ_007 | User switch cooldown | User changed too recently - the cooldown period (configured per project) has not elapsed | Access denied |
AUTHZ_009 | User switch disabled | This project does not allow username changes on activation keys | Access denied |
AUTHZ_008 | Activation key required | This project requires an activation key - store/keyless authentication is disabled | Access denied |
Pre-Check Errors (HTTP 403)
These errors occur during the pre-validation step, before the full authentication flow runs.
| Code | Description | Trigger Condition | Message |
|---|---|---|---|
PRE_001 | API key revoked | The Client API key has been revoked or is inactive - checked during the pre-validation step | Access denied |
PRE_002 | User blocked (pre-check) | This Xbox/MSFS username has been blocked - checked during the pre-validation step | Access denied |
Rate Limiting Errors (HTTP 429)
These errors protect against brute force and credential stuffing attacks.
| Code | Description | Trigger Condition | Message |
|---|---|---|---|
RATE_001 | Activation key rate limited | Too many failed attempts with this key (10+ failures in 10 minutes) | Too many requests |
RATE_002 | User rate limited | Too many failed attempts for this user (5+ failures in 10 minutes) | Too many requests |
Rate Limiting Details:
- RATE_001 (Per-Key): 10 failed attempts within 10 minutes
- RATE_002 (Per-User): 5 failed attempts within 10 minutes
Failed attempts are counted from the sessions table where
auth_response != '200'.
Server Errors (HTTP 5xx)
These errors indicate server-side issues.
| Code | HTTP Status | Description | Trigger Condition |
|---|---|---|---|
SRV_001 | 500 | Internal server error | Unexpected server error - please try again or contact support |
SRV_002 | 503 | Database unavailable | Database is temporarily unavailable - please try again in a few moments |
Client-Side Errors (Tamper Detection)
These errors are raised locally by the WASM module. They do not involve a server request. If autoAbort is enabled, the module will crash; otherwise, the onTamper callback is called.
Tip: Enable
.debug(true)in your builder (in a debug build only) to see additional details about tamper events in the MSFS console.
WASM Signature Verification
These errors indicate the WASM binary's embedded signature is missing or invalid. Run WasmSigner.exe on the final .wasm file before distribution.
| Code | Description | Trigger Condition |
|---|---|---|
TMPR_001 | WASM signature verification failed (startup) | Raised during Builder::build(). The WASM binary's embedded signature is invalid — make sure WasmSigner.exe has been used on the final .wasm file before distribution |
TMPR_002 | WASM signature verification failed | Raised by VerifySignature(). The WASM binary's signature check failed — make sure WasmSigner.exe has been used on the final .wasm file and that the file was not modified afterwards |
TMPR_005 | WASM signature not verified | Raised by AssureAuthenticated1-5() or Integrity1-5(). The WASM signature verification flag was not set — ensure WasmSigner.exe has been used and the .wasmPath() builder option points to the correct signed file |
Authentication State
These errors indicate a problem with the authentication state — either authentication hasn't completed, or a local pre-check determined the license is invalid.
| Code | Description | Trigger Condition |
|---|---|---|
TMPR_003 | Not authenticated | Raised by AssureAuthenticated1-5(). A protected function was called before authentication completed — ensure the onSuccess callback has fired before calling AssureAuthenticated or Integrity functions |
TMPR_004 | Authentication state integrity check failed | Raised by AssureAuthenticated1(). The authentication state failed an internal consistency check — this may indicate the authentication result was externally modified |
TMPR_018 | Pre-check: license blocked or revoked | Raised by AssureAuthenticated1-5() or Integrity1-5(). The DRM module determined during a local pre-check that the user account or API key has been blocked or revoked — check the dashboard for the user's status |
Runtime Integrity Monitoring
These errors are raised by the runtime integrity system which continuously validates internal DRM state. Under normal operation these should never occur — they indicate that DRM memory was externally modified.
| Code | Description | Trigger Condition |
|---|---|---|
TMPR_006 | Internal state validation failed | Raised by AssureAuthenticated1-5() or Integrity1-5(). A cross-validation of internal DRM state detected an inconsistency — this may indicate memory was externally modified |
TMPR_007 | Internal counter out of bounds | Raised by AssureAuthenticated1-5() or Integrity1-5(). An internal counter exceeded its expected range — this may indicate the DRM state was externally modified |
TMPR_008 | Periodic event stale | Raised by AssureAuthenticated1-5() or Integrity1-5(). A required periodic SimConnect event has not been received within the expected time window — ensure IntervalUpdate() is being called regularly (at least once per second) |
TMPR_009 | Authentication checksum invalid | Raised by AssureAuthenticated1-5() or Integrity1-5(). The authentication state checksum does not match the expected value — this may indicate the authentication result was externally modified |
TMPR_010 | Authentication mirror value invalid | Raised by AssureAuthenticated1-5() or Integrity1-5(). The authentication state mirror value does not match the expected value — this may indicate the authentication result was externally modified |
TMPR_011 | Authentication cross-validation failed | Raised by AssureAuthenticated1-5() or Integrity1-5(). A cross-validation between authentication state values detected a mismatch — this may indicate selective memory modification |
TMPR_022 | Internal state validation failed (periodic) | Raised by IntervalUpdate(). A periodic integrity check detected an inconsistency in internal DRM state — this may indicate memory was externally modified between checks |
TMPR_023 | Authentication value mismatch (periodic) | Raised by IntervalUpdate(). A periodic integrity check found that authentication state values do not agree — this may indicate selective memory modification between checks |
TMPR_025 | Checkpoint sequence stale | Raised by IntervalUpdate(). The internal checkpoint sequence has not advanced as expected — ensure IntervalUpdate() is being called regularly (at least once per second) |
TMPR_026 | Authentication cross-validation failed (periodic) | Raised by IntervalUpdate(). A periodic cross-validation between authentication state values detected a mismatch — this may indicate selective memory modification |
TMPR_027 | Periodic event never received | Raised by IntervalUpdate() after ~120 seconds. A required periodic SimConnect event has never been received since authentication — ensure IntervalUpdate() is being called regularly (at least once per second) |
TMPR_028 | Signature proof mismatch | Raised by IntervalUpdate() or during authentication. The DRM module's internal signature proof does not match the expected value — this may indicate the authentication verification was bypassed |
Note: Runtime integrity codes (TMPR_006–011, TMPR_022–028) are expected only when memory is externally modified. If you see these during normal development, check that no other module is writing to the DRM module's memory space.
SimConnect Communication
These errors relate to the DRM module's SimConnect connection and event handling.
| Code | Description | Trigger Condition |
|---|---|---|
TMPR_012 | SimConnect data write failed | Raised internally during SimConnect event handling. The DRM module could not write throttle control data via SimConnect — check that your aircraft's SimConnect configuration is correct and not conflicting with the DRM module |
TMPR_013 | SimConnect connection failed | Raised during Builder::build(). The DRM module could not open a SimConnect connection — check that the simulator is running and that the SimConnect connection limit has not been reached |
TMPR_014 | SimConnect event subscription failed | Raised internally during SimConnect event handling. The DRM module could not subscribe to a required periodic event — check for conflicting event subscriptions in your gauge code |
TMPR_015 | SimConnect dispatch failed | Raised during Builder::build() or during SimConnect event handling. The DRM module's SimConnect dispatch call failed — SimConnect may have been disconnected or the dispatch loop was interrupted |
TMPR_016 | External tamper event received | Raised by the CommBus receiver. The DRM module received a tamper notification from another component in the aircraft package via the CommBus system |
TMPR_017 | Periodic event stale (deprecated) | Deprecated — this code is equivalent to TMPR_008. It may appear in older session logs but is no longer emitted by current library versions |
File Hash Verification
These errors are raised when file integrity verification (via Builder::addFileHash()) detects a mismatch or configuration issue.
| Code | Description | Trigger Condition |
|---|---|---|
TMPR_019 | File hash mismatch | Raised during authentication. A registered file's hash does not match the expected value — the file may have been modified after release. Update the hash via Builder::addFileHash() if the file was intentionally changed |
TMPR_020 | WASM path empty | Raised during authentication. The .wasmPath() builder option is empty or was not set — this is required when using addFileHash() for file integrity verification |
TMPR_021 | File hash computation failed | Raised during authentication. The DRM module could not read or compute the hash of a registered file — check that the file path passed to addFileHash() is correct and the file exists in the package |
Authentication Flow
The auth4 endpoint validates requests in this order:
- User-Agent validation →
AUTH_001 - Required fields check →
AUTH_002 - API key lookup →
AUTH_003/AUTH_004 - Payload decryption →
AUTH_005 - Activation key lookup →
AUTHZ_001 - Rate limiting →
RATE_001/RATE_002 - Key status check →
AUTHZ_002/AUTHZ_003 - User block check →
AUTHZ_004 - File hash validation →
AUTHZ_005/AUTHZ_006 - User switch check →
AUTHZ_007/AUTHZ_009 - Success → HTTP 200
Tip: When troubleshooting authentication issues, check the error code in the session history to identify exactly where the authentication failed.