Hi all, I’m an Admin user in an Apple Developer Program (Organization) team, but I’m unable to access Certificates, Identifiers & Profiles (CIP) on developer.apple.com. I’d like to understand what permission is missing and where it should be enabled. Context Program type: Apple Developer Program (Organization) My role in App Store Connect: Admin I can access App Store Connect normally, but CIP resources on developer.apple.com are blocked. The Account Holder can access CIP normally. What I see (Problem) In the Apple Developer portal → Certificates, Identifiers & Profiles, I get: “Access Unavailable — You currently don't have access to this membership resource. Contact your team's Account Holder or an Admin.” In Xcode → Settings → Accounts → Team, the “Certificates, Identifiers, & Profiles” section shows a red error indicator and doesn’t load. Only my account is affected; the Account Holder is not. What we’ve tried / confirmed Membership is active (renewal date is valid) Signed out/in of Xcode and re-added my Apple ID Confirmed selecting the correct Organization team in Xcode / Developer portal Account Holder confirmed they can access CIP Questions For an Organization team, what exact permission(s) are required for a member to access Certificates, Identifiers & Profiles? Where is this access controlled — App Store Connect → Users and Access vs developer.apple.com → People? If Admin in App Store Connect is not sufficient, what additional role/setting is needed to grant CIP access?

Xcode Cloud builds are hanging forever at the final step, Prepare Build for App Store Connect. This is a common issue that requires some fix in Cupertino. Reporting this in the afternoon of Jan 13, Pacific Time.

We need clarification on the following scenario and whether the requested actions are possible. Currently, we have an Enterprise iOS application that is distributed internally through Microsoft Intune using an Enterprise Apple Developer account. We are now planning to release the same application publicly via the Apple App Store using an App Store (public) Apple Developer account. While attempting to create a new app in App Store Connect, we are unable to proceed because the Bundle Identifier is already registered under the Enterprise account, and Apple does not allow creating another app with the same identifier. We would like clarification on the following points: Is it possible to move or transfer an app (or its Bundle Identifier) from an Enterprise Apple Developer account to a Public/App Store Apple Developer account? If yes, what is the recommended process to do so? If not, what alternatives are available while retaining the same Bundle Identifier? 2. If the app is successfully published on the App Store using the same Bundle Identifier, what will happen to users who already have the Enterprise version installed via Intune? Will their existing app automatically update from the App Store? Or will they need to uninstall the Enterprise version and install the App Store version manually? We would appreciate your guidance on the supported approach and best practices for this transition to ensure a smooth migration for existing users.

When updating an existing advanced app clip experience, the change doesn't actually apply. It shows the correct image in the UI, but when you use the app clip it shows the old image. Looking into it more, the status has "UPDATE_SUBMITTED". Seems related to this issue (https://developer.apple.com/forums/thread/810544) and this issue (https://developer.apple.com/forums/thread/810351).

Hey there, I'm building a service that requires receiving accurate sales/proceeds data along with the campaign name. From reading the documentation it looks to be fairly understandable, but in practice it is not. I have been testing this for almost a week, and I never got "Detailed Report" for "App Store Purchases Detailed" analytics report. The same report for "App Downloads Detailed" is arriving normally, but not to for the purchases. I tested for two different apps where I have around 200 daily installs and 30 purchases on each. I would love to get any thoughts on this from an Apple engineer!

Hey all, It's been now a few weeks since we started to help clients connect to their App Store Analytics API. I'm starting to notice that very often we'll see things like: Small data gaps. Eg. I have data on June 1, no data on June 2-4, and then data from June 5 to now Big data gaps. Eg. I'd have data on Jan 2024, but not on Feb-Mar 2024, then there's data again from April 2024 onwards. The actual files from Apple are like that we're not doing any treatments whatsoever. That's happening on both ONGOING and ONE_TIME_SNAPSHOT I also opened a Customer Support case and sent the files over 10 days ago, but no definitive answer so far. Are you also seeing gaps like this on your data? Any tips/recommendations?

Hey there, I'm building a service that requires receiving accurate app downloads and sales/proceeds data along with the campaign name. From reading the documentation it looks to be fairly understandable, but in practice it is not that straightforward. For example, I received the first one-time-snapshot detailed report for the App Store Purchases, and it contains partial data for several days. Shouldn't that be a full report of everything in analytics for like last year or so? Should I expect it to be updated and extended in the coming days? For the ongoing detailed report, I have not received anything yet, but I'm afraid it might have partial data as well. I will report here as well.

I am planning to build a service that automatically pulls Apple reports and stores them in my database. I was able to successfully retrieve the APP_USAGE report from the Analytics API; however, while it initially generated daily reports for a couple of days, the daily report generation subsequently stopped. The weekly and monthly reports are generated normally. I also checked the readReportRequest response, and the StoppedDueToInactivity field is returned as false. And also, when I compared the monthly reports between the API and the web console, the data does not match. Does anyone have a solution to this issue, or is there a recommended or updated approach for handling this?

I am planning to build a service that automatically pulls Apple reports and stores them in my database. I was able to successfully retrieve the APP_USAGE report from the Analytics API. It initially generated daily reports for a couple of days, but then the daily report generation stopped. The weekly and monthly reports continue to generate normally. I also checked the readReportRequest response, and the StoppedDueToInactivity field is returned as false. And also, when I compared the monthly reports between the API and the web console, the data does not match. Does anyone have a solution to this issue, or is there a recommended or updated approach for handling this?

We want to automate getting crash reports from ASC via CI or some other mechanism. Having developers manually check the Xcode Organizer isn't a scalable solution for us. Even with a api key with the App Manager role, we get a 403. https://api.appstoreconnect.apple.com/v1/diagnosticSignatures?limit=50 requires ADMIN role access which makes it a non starter in our org because of access restrictions. Since developers have access to the crash reports via Xcode in their developer roles, it should make sense for the REST API to expose the same data without ADMIN permissions.

Hello, About 7-8 months ago, I received an e-mail stating that my apple developer account would be deleted after 30 days, and my account was deleted after 30 days. I tried to contact many times, I got hopeful each time, but the Apple team never gave a full explanation. They always responded saying they would be interested, but it never came to fruition. In fact, I was most excited when I received the following e-mail: Hello Oğuzcan, My name is Joel, and I’m a senior Advisor with Developer Support. Your case has been given to me for further handling, and I’m happy to follow up with you today. I understand that you have initiated a conversation in our developer forums. Please, provide us more information and show us the email that you received, so we will assist your better. Please, reply to the received email for obtaining more information as the appropriate team will be able to assist you better. Please, reply to this email if you have further questions. Have a great day. Best Regards, Joel Developer Support I was very hopeful when I read that he was a Senior Advisor. This e-mail came on July 28, 18:17, today is December 8, 2025. I'm giving up hope now, my account won't be opened again. My members ask why there are no iOS versions of my applications, this is very difficult for me. Does anyone have any recommendations? I filled out forms and created requests many times.

I was using the Download Sales and Trends Reports API (GET https://api.appstoreconnect.apple.com/v1/salesReports), but at some point, the results started not displaying properly. (The reason for this is that all the +sales values ​​aren't showing up in the CSV file.) Below, I'll show you how to use the API in Python with a screenshot. (***** elements are hidden.) If anyone knows why, please let me know.

Hi everyone! When I attempt the Post Request using Postman, as shown in my attached curl, I receive the error "{ "errors": [ { "status": "405", "code": "METHOD_NOT_ALLOWED", "title": "The request method is not valid for the resource path.", "detail": "The request method used for this request is not valid for the resource path. Please consult the documentation." } ] }". I have constructed the JWT correctly as an admin with correct private Key and Unix Times and I am able to send regular GET requests without issue and I can view the dashboards in App Store Connect. The described POST request is being rejected, although it says so in the documentation: https://developer.apple.com/documentation/appstoreconnectapi/post-v1-analyticsreportrequests. Curl: curl --location 'https://api.appstoreconnect.apple.com/v1/analyticsReportRequests' --header 'Content-Type: application/json' --header 'Authorization: Bearer XXX' --data '{ "data": { "type": "analyticsReportRequests", "attributes": { "accessType": "ONGOING" }, "relationships": { "app": { "data": { "type": "apps", "id": "XXXXXXXXXX" } } } } }' (using ONE_TIME_SNAPSHOT makes no difference) Is this a documentation error ? I'd be happy to hear about a fix.

I'd like to report an issue with the "App Referrer" source segmentation in the App Store Connect Analytics API. Issue Summary When retrieving impression data via the App Store Connect Analytics API using groupBy=["sourceType", "sourceInfo"], the impressions attributed to specific referring apps (e.g., Facebook, Instagram) do not match the values ​​displayed in the App Store Connect web dashboard. Details The total impressions in the API and dashboard are completely consistent, with the report category: App Store Discovery and Engagement Standard_Daily. The aggregated "App Referrer" (overall category) is also consistent. However, the detailed segmentation data in "App Referrer" is inconsistent, with the report category: App Store Discovery and Engagement Detailed_Daily. For example: The web dashboard shows significantly more impressions attributed to Facebook or Instagram. The API returns fewer impressions for the same referral source. Furthermore, the API does not return any "unknown"/"other" referral source entries, and displays no data for presentations where the exact referring app cannot be identified. Therefore, the sum of all sourceInfo entries returned by the API is lower than the app referral source value displayed in the web dashboard. We have confirmed: This is not due to time zone differences—the totals are exactly the same. We used the same date range, region, and platform settings as the dashboard. The difference only appears in the detailed app referral source breakdowns (e.g., "Facebook," "Instagram"). The API does not return missing presentations under any category. Questions for Apple: Does the App Store Connect web interface aggregate presentations from unidentified or privacy-restricted referring apps into known app names (e.g., Facebook or Instagram)? Is it normal for the Analytics API not to expose these presentations when the exact referring app cannot be identified? What official logic does the App Store Connect use to determine and display specific app referral sources (e.g., Facebook, Instagram)? When the API returns fewer referral records than the dashboard, how can developers accurately reproduce the same detailed app referral breakdown data in their reports? Are there any known limitations or privacy thresholds in the API that affect the disclosure of sourceInfo? Other Information Endpoint: Analytics API (Impressions grouped by sourceType and sourceInfo) Metric: Impressions Grouping Criteria: sourceType, sourceInfo We want to understand how App Store Connect allocates impressions to specific third-party apps (e.g., Facebook, Instagram) in the dashboard, and why the Analytics API returns lower numbers for these referral sources.

I think there's been a recent change to the App Store Connect API; I claim that it's a bug. When querying App Store Connect API endpoints that return arrays, like https://api.appstoreconnect.apple.com/v1/apps, the response includes a links property, of type PagedDocumentLinks. https://developer.apple.com/documentation/appstoreconnectapi/pageddocumentlinks links should include a next link only if there's more data to provide, and, indeed, this is how it works for the /v1/apps endpoint. But when querying inAppPurchasesV2, I find that starting very recently (this week?) the API always returns a next link, even if there's no more data to show. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=APo&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw' }, meta: { paging: { total: 223, nextCursor: 'ASw', limit: 50 } } } If I request the next link, it will generate me another response with empty data and with a new cursor. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=AV4' }, meta: { paging: { total: 223, nextCursor: 'AV4', limit: 50 } } } Code I've written against this API (including my open-source library https://github.com/dfabulich/node-app-store-connect-api) assumes that if there's another links.next link, we should follow it; as a result, my code is looping infinitely, requesting empty data until eventually I have to give up. This issue doesn't affect other endpoints, like /v1/apps, just this inAppPurchasesV2 endpoint. Was this an intentional change? It seems to be a bug.

I’m experiencing an issue while attempting to authenticate API calls to the App Store Connect API using a JWT token. I have App Manager permissions on my apple developer account. Despite following the official documentation and successfully verifying the JWT signature locally, I consistently receive the following response from the API: { "errors": [{ "status": "401", "code": "NOT_AUTHORIZED", "title": "Authentication credentials are missing or invalid.", "detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired." }] } import jwt import time from cryptography.hazmat.primitives import serialization from cryptography.hazmat.backends import default_backend from jwt.exceptions import InvalidSignatureError Replace with your own credentials KEY_ID = "<YOUR_KEY_ID>" ISSUER_ID = "<YOUR_ISSUER_ID>" PRIVATE_KEY_PATH = "AuthKey_<YOUR_KEY_ID>.p8" def generate_token(): """Generate a JWT for App Store Connect API authentication.""" with open(PRIVATE_KEY_PATH, "r") as f: private_key = f.read() header = { "alg": "ES256", "kid": KEY_ID, "typ": "JWT" } now = int(time.time()) payload = { "iss": ISSUER_ID, "iat": now, "exp": now + 1200, # Token valid for 20 minutes "aud": "appstoreconnect-v1" } token = jwt.encode(payload, private_key, algorithm="ES256", headers=header) return token def verify_token_signature(token): """Verify JWT signature locally using the public key derived from the .p8 private key.""" with open(PRIVATE_KEY_PATH, "rb") as key_file: private_key = serialization.load_pem_private_key( key_file.read(), password=None, backend=default_backend() ) # Derive public key from private key public_key = private_key.public_key() pem_public_key = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) try: decoded = jwt.decode( token, pem_public_key, algorithms=["ES256"], audience="appstoreconnect-v1" ) print("✅ JWT signature verified successfully.") print("Decoded payload:", decoded) except InvalidSignatureError: print("❌ JWT signature is invalid.") except Exception as e: print(f"❌ JWT verification failed: {e}") if name == "main": token = generate_token() print("Generated JWT:", token) verify_token_signature(token) Why might a JWT that is valid locally still fail authentication with a 401 NOT_AUTHORIZED error from the App Store Connect API? Are there any specific permission scopes required for API access beyond App Manager account access from Apple Store connect? Are there any known issues or additional configuration steps required for API key access? Is there a way to validate API access status for a specific key or account? Could you please share the correct example of JWT generation in Python for reference?

Hello, I’m currently using the App Store Connect API to automate report downloads. I’ve successfully downloaded data for Sales and Trends and Financial Reports via API. However, I noticed there’s also a “Payment Information” report listed here: 👉 https://developer.apple.com/help/app-store-connect/reference/reporting/payment-information Could you please confirm whether this report can also be retrieved via the App Store Connect API? If so, which endpoint or reportType / reportSubType should be used? I’ve reviewed the documentation here (https://developer.apple.com/documentation/appstoreconnectapi/downloading-analytics-reports ), but couldn’t find a match. Thanks a lot for your help!

We fetch the App Store Analytics – App Installs & Deletions (Daily) report via the Analytics Reports API and land each delivery into S3. The rows we ingest contain fields like Date, Event, Download Type, Counts, and Unique Devices. We’re trying to compute for example Installations and First-time downloads so our warehouse totals match the App Store Connect UI exactly, but our counts are consistently higher when we aggregate (with filter conditions being the same). Questions: (1) Official dedupe/versioning approach: What's the recommended approach to avoid double counting across API deliveries and to match the UI exactly? If later deliveries can revise past dates, what field(s) or process should we rely on to decide which records to keep for a given Date? (2) Completeness window: For daily data, is the recommended approach to publish rolling values that may change for a few days, or waiting until dates are considered “complete” before reporting? Any best-practice guidance would be helpful. Thanks!

Hi! We are seeing increased number of 404s when trying to download sales report from reportingitc-reporter.apple.com/reportservice/sales/v1 We are using API version 2.2 Is anyone else facing these issues?

Hi! I am working on automating the Apple Pay integration process in our CI/CD pipeline and would like to confirm whether a fully automated setup is currently possible for our preproduction environment. Right now, our process is as follows: A certificate is generated for the root domain and for each individual merchant subdomain. Both certificates are manually uploaded to our preproduction servers to test and verified via HTTP. We’d like to automate this flow in GitLab CI, mainly the generation of the necessary certificates programmatically or via API. However, from my research, it seems that Apple does not currently provide an API or any support to automate this task, but I’d like to confirm this directly with you. Is there any official support or workaround for this kind of automation? If not, do you have any plans to provide it in the future? Thanks in advance for your help.