I use PHP language to obtain our App customer reviews and generate token code as follows:
$privateKeyResource = PRIVATE_KEY;
$keyId = KEY_ID;
$alg = 'ES256';
$token = JWT::encode([
'iss' => '29960467-xxxx-xxxx-xxxx-2aa42ec3e66d',
'iat' => time(),
'exp' => time() + 300,
'aud' => 'appstoreconnect-v1',
"scope" => [
"GET /v1/customerReviews",
]
], $privateKeyResource, $alg, $keyId, [
"alg" => "ES256",
"kid" => $keyId,
"typ" => "JWT"
]);
But the api responds with 403, detailed response:
{"errors":[{"id":"26I4HZDVWBVNX5HI33OINP753Q","status":"403","code":"FORBIDDEN.REQUEST_DOES_NOT_MATCH_SCOPE","title":"This request does not match the scope specified in the API token.","detail":"The request RequestData(method=POST, path=/v1/appStoreVersions/1612795156/customerReviews, query=null) does not match any authorized scope: [RequestData(method=GET, path=/v1/customerReviews, query=null)]","links":{"see":"https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests"}}]}