We fetch the App Store Analytics – App Installs & Deletions (Daily) report via the Analytics Reports API and land each delivery into S3. The rows we ingest contain fields like Date, Event, Download Type, Counts, and Unique Devices. We’re trying to compute for example Installations and First-time downloads so our warehouse totals match the App Store Connect UI exactly, but our counts are consistently higher when we aggregate (with filter conditions being the same). Questions: (1) Official dedupe/versioning approach: What's the recommended approach to avoid double counting across API deliveries and to match the UI exactly? If later deliveries can revise past dates, what field(s) or process should we rely on to decide which records to keep for a given Date? (2) Completeness window: For daily data, is the recommended approach to publish rolling values that may change for a few days, or waiting until dates are considered “complete” before reporting? Any best-practice guidance would be helpful. Thanks!

Failed to fetch certificates: This request is forbidden for security reasons - Unable to find a team with the given Content Provider ID '72df6041-c291-4d95-b690-2a3b75ff72f6' to which you belong. Please contact Apple Developer Program Support. https://developer.apple.com/support I have already confirmed that: All API keys were generated correctly. All required roles and permissions have been assigned in App Store Connect. To confirm my doubt, I requested api key from a fellow developer, and that worked in CodeMagic without throwing an error. Could you please help me figure out why the given Content Provider ID is not being recognized? Thank you.

Failed to fetch certificates: This request is forbidden for security reasons - Unable to find a team with the given Content Provider ID '72df6041-c291-4d95-b690-2a3b75ff72f6' to which you belong. Please contact Apple Developer Program Support. https://developer.apple.com/support

TLDR; I can't get QueueName to work with matchmaking a turn-based match in Unity using matchmaking rules. Long version: I'm using the apple unity plugin found here: https://github.com/apple/unityplugins/blob/main/plug-ins/Apple.GameKit/Apple.GameKit_Unity/Assets/Apple.GameKit/Documentation~/Apple.GameKit.md I have created a Queue, RuleSet and a simple Rule to match players by following these docs tightly: https://developer.apple.com/documentation/gamekit/finding-players-using-matchmaking-rules. Here is the single rule I have that drives matchmaking: { "data" : { "type" : "gameCenterMatchmakingRules", "id" : "[hiddden-rule-id]", "attributes" : { "referenceName" : "ComplimentaryFactionPreference", "description" : "default desc", "type" : "MATCH", "expression" : "requests[0].properties.preference != requests[1].properties.preference", "weight" : null }, "links" : { "self" : "https://api.appstoreconnect.apple.com/v1/gameCenterMatchmakingRules/[hidden-rule-id]" } }, "links" : { "self" : "https://api.appstoreconnect.apple.com/v1/gameCenterMatchmakingRules" } } which belongs to a rule set which belongs to a queue. I have verified these are setup and linked via the App Store Connect API. Additionally, when I tested queue-based matchmaking without a queue established, I got an error in Unity. Now, with this, I do not. However there is a problem when I attempt to use the queue for matchmaking. I have the basic C# function here: public override void StartSearch(NSMutableDictionary<NSString, NSObject> properties) { if (searching) return; base.StartSearch(properties); //Establish matchmaking requests _matchRequest = GKMatchRequest.Init(); _matchRequest.QueueName = _PreferencesToQueue(GetSerializedPreferences()); _matchRequest.Properties = properties; _matchRequest.MaxPlayers = PLAYERS_COUNT; _matchRequest.MinPlayers = PLAYERS_COUNT; _matchTask = GKTurnBasedMatch.Find(_matchRequest); } The _PreferencesToQueue(GetSerializedPreferences()); returns the exact name of the queue I added my ruleset to. After this function is called, I poll the task generated from the .Find(...) function. Every time I run this function, a new match is created almost instantly. No two players are ever added to the same match. Further, I'm running two built game instances, one on a mac and another on an ipad and when I simultaneously test, I am unable to join games this way. Can someone help me debug why I cannot seem to match make when using a queue based approach?

Hello, I am trying to call the StoreKit In-App API, but I am consistently receiving a 401 Unauthenticated error. Here is what I have done so far: JWT creation (via https://jwt.io): Header: { "alg": "ES256", "kid": "**********", "typ": "JWT" } Payload: { "iss": "********-e662-43d2-be42-012d0138ce39", "aud": "appstoreconnect-v1", "iat": 1757389187, "exp": 1757390987 } Private Key (.p8): -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- Algorithm used: ES256 This generates the JWT successfully. API Call: I then include the JWT in the request header as follows: Authorization: Bearer ************ Endpoint: https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/2000001003740262 Response: Status: 401 Unauthenticated Request ID: S3KCYHDVRMDKUT3TZVTY3QRRWM.0.0 Has anyone else faced this issue? Is there something incorrect with how I’m generating the JWT (e.g., iat/exp values, formatting, or encoding)? Do I need to generate separate keys for Sandbox and Production, or is the same key valid for both? Any guidance would be appreciated. Thanks in advance!

I am trying to add webhook subscriptions for TestFlight build processing completion and TestFlight beta build review completion events. These were showcased in the WWDC25 session: https://developer.apple.com/videos/play/wwdc2025/324/ Currently, I am able to receive webhook events for distribution updates, and the corresponding checkmark option is available in the App Store Connect portal. However, there is no checkmark option in the portal to subscribe to beta build-related events. In the video, there is clearly a checkmark option for the beta review event subscription (at 4:55). The current documentation also does not mention beta processing and beta review event subscriptions. It only lists the event types that are visible in the web portal: https://developer.apple.com/documentation/appstoreconnectapi/webhookeventtype When I try to add the BUILD_BETA_DETAIL_EXTERNAL_BETA_STATE_UPDATED event (as shown in the video at 6:10) via the PATCH API request, I get the below error. "errors": [ { "id": "****-****-****-****-*********3851", "status": 409, "code": "ENTITY_ERROR.ATTRIBUTE.TYPE", "title": "An attribute in the provided entity has the wrong type", "detail": "'BUILD_BETA_DETAIL_EXTERNAL_BETA_STATE_UPDATED' is not a valid value for the attribute 'eventTypes/3'.", "expectedValues": [ "APP_STORE_VERSION_APP_VERSION_STATE_UPDATED", "BETA_FEEDBACK_CRASH_SUBMISSION_CREATED", "BETA_FEEDBACK_SCREENSHOT_SUBMISSION_CREATED" ], "source": { "pointer": "/data/attributes/eventTypes/3" } } ] } The App Store Connect web portal also does not provide a checkmark option for subscribing to this event type. My questions are: Are the TestFlight build processing completion and beta build review completion webhook events coming soon, or do they already exist? Are there any other ways to get beta build events apart from polling?

I tried to use the Connect app this morning and it said a developer account was needed. On the contrary, I am the account holder, which is what the CTA to fix the issue in the app stated to ask for access from. Then I tried to sign in directly on the website and it also didn't respond there. FB19906255 - App Store Connect: Connect app not responding and neither is App Store Connect portal Aug 26, 8:15 AM Central Posting in case others run into this, I have not seen the developer status page report anything yet: https://developer.apple.com/system-status/

Requesting your assistance with the error shown in the screenshot below. Our team hit this snag in our first attempt to get a build out. X Failed to register bundle identifier com.fourleaf.clara Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. Contact your team's Account Holder, Alyssa L*****, or an Admin. Error: build command failed. Our initial thought was that the Apple account admin (Alyssa) needed to log in to https://developer.apple.com/account and accept the latest Terms Of Services. Alyssa logged in, but does not have any agreements awaiting acceptance. The last agreement issued -- she approved on 6/10. Screenshot also attached below. Can you please advise us as to how to resolve this build error and issue?

Our application is currently under review, and we are still facing issues because we receive a 401 Unauthorized response from the App Store Connect API when using the production environment. Our app integrates with Chargebee for subscription management, and in production, Chargebee is unable to authenticate with the App Store Server API. This results in a 401 Unauthorized error, preventing the user’s subscription from being synced correctly into our system. Interestingly, the same configuration works in the sandbox environment, but fails in production. We’ve tried authenticating using JWTs generated from multiple keys (including App Store Connect API / Team Keys with both Admin and App Manager access, and also In-App Purchase keys), all with the same result — sandbox access works, production does not. Here is our example code for testing with JWT token: const jwt = require('jsonwebtoken'); const fs = require('fs'); const https = require('https'); const config = { keyId: '<key_id>', issuerId: 'issuer_id', bundleId: 'bundle_id', privateKey: fs.readFileSync('path_to_key') }; const { keyId, issuerId, bundleId, privateKey } = config; const now = Math.floor(Date.now() / 1000); const jwtToken = jwt.sign( { iss: issuerId, iat: now, exp: now + 60 * 10, // 10 minutes is fine for test aud: 'appstoreconnect-v1', bid: bundleId }, privateKey, { algorithm: 'ES256', header: { alg: 'ES256', kid: keyId, typ: 'JWT' } } ); console.log('Generated JWT:\n', jwtToken); // prod const originalTransactionId = '<prod_transaction_id>'; const hostname = 'api.storekit.itunes.apple.com'; // sandbox // const originalTransactionId = '<sandbox_transaction_id>'; // const hostname = 'api.storekit-sandbox.itunes.apple.com' const options = { hostname, port: 443, path: `/inApps/v1/history/${originalTransactionId}`, method: 'GET', headers: { Authorization: `Bearer ${jwtToken}`, 'Content-Type': 'application/json', }, }; const callAppStoreConnectApi = async () => { const req = https.request(options, (res) => { console.log(`\nStatus Code: ${res.statusCode}`); let data = ''; res.on('data', (chunk) => { data += chunk; }); res.on('end', () => { console.log('Response Body:\n', data || '[Empty]'); }); }); req.on('error', (e) => { console.error('Request Error:', e); }); req.end(); }; callAppStoreConnectApi(); With this code, we were able to authenticate successfully in the sandbox environment, but not in production. I read in this discussion: https://developer.apple.com/forums/thread/711801 that the issue was resolved once the app was published to the App Store, but I haven’t found any official documentation confirming this. Does anyone know what the issue could be?

Context We hold an Apple Developer Program team account and rely on: • Reporter tool – for downloading financial reports (Sales and Trends, etc.) • App Store Connect API – for retrieving subscription, refund, and other sales data We are facing several management challenges: The Developer portal shows no history of Reporter or API requests. Once team members are granted access, we cannot verify their exact actions (download time, report type, date range, etc.). Lack of permission-usage auditing makes it hard to judge whether an action is legitimate or poses potential risk. Questions Does Apple provide an official way to view detailed request logs for the Reporter tool or the App Store Connect API? • If yes, please indicate where to access them (developer portal location or API endpoint) and what fields are included (timestamp, account used, request parameters, etc.). If no built-in logging exists, are there any alternative methods to help teams monitor permission usage? • For example, an event-notification mechanism when reports are generated or data is pulled. Are there plans to introduce an auditing feature in the future? If so, is there an estimated release timeframe? Thanks in advance for any guidance!

Hi everyone! When I attempt the Post Request using Postman, as shown in my attached curl, I receive the error "{ "errors": [ { "status": "405", "code": "METHOD_NOT_ALLOWED", "title": "The request method is not valid for the resource path.", "detail": "The request method used for this request is not valid for the resource path. Please consult the documentation." } ] }". I have constructed the JWT correctly as an admin with correct private Key and Unix Times and I am able to send regular GET requests without issue and I can view the dashboards in App Store Connect. The described POST request is being rejected, although it says so in the documentation: https://developer.apple.com/documentation/appstoreconnectapi/post-v1-analyticsreportrequests. Curl: curl --location 'https://api.appstoreconnect.apple.com/v1/analyticsReportRequests' --header 'Content-Type: application/json' --header 'Authorization: Bearer XXX' --data '{ "data": { "type": "analyticsReportRequests", "attributes": { "accessType": "ONGOING" }, "relationships": { "app": { "data": { "type": "apps", "id": "XXXXXXXXXX" } } } } }' (using ONE_TIME_SNAPSHOT makes no difference) Is this a documentation error ? I'd be happy to hear about a fix.

Hi, Recently our App is facing a generic error with no error details. This error is happening once Build has been successfully uploaded to AppStore Connect through Xcode Organiser. Steps followed while uploading the build: Archive the Build through Xcode Once Archive is successful, Distributing the App through Xcode Organiser using AppStore Connect distribution method. Build Uploaded successfully to AppStore Connect After 5 min we are receiving a email with below message Hello, We noticed one or more issues with a recent delivery for the following app: AppName App Apple ID 2121111 Version 3.6.9 Build 75 Please correct the following issues and upload a new binary to App Store Connect. ITMS-90755: Invalid Binary - The following binaries in your app contains prohibited instructions: AppName.app/AppName. Remove the instructions from the binaries, rebuild and resubmit. Apple Developer Relations Solutions tried till now Updating Xcode to latest version of 16.4 Recreating new Distribution certificates and Provisioning Profiles Clearing DerivedData and cleaning Build Folder This issue seems to be occurring recently only since launch of Xcode 16.4 Other Device info Macbook Pro macOS: Sequoia 15.5 Xcode: 16.4

Hi All! Ever since the new PLA I have issues with adding my entitlements to my profiles. Previously when adding an entitlement I used the format [entitlementName] [AppId] [type] e.g. Apple Pay Pass Suppression [AppId] Development However ever since the new PLA I get an warning in my terminal that the template name is not supported by the App Store Connect API. Anyone that can help me out with the new format? I cant seem to find any helpful documentation online. Thanks! PS: the link in the screenshot points to this website: https://docs.fastlane.tools/actions/match/#managed-capabilities The naming strategy the use on the website doesnt work either: Apple Pay Pass Suppression Development

Title Can’t accept App Store Connect team invitation – link forces “Create Apple ID” and rejects my existing e-mail Problem I just received an “X has invited you to access App Store Connect” e-mail. When I click Accept invitation, the browser opens the Apple ID page but it shows the “Create your Apple ID” form instead of a sign-in screen. If I enter my normal address, the form shows the red error: This email address is not available. Please choose another. Context I already have an Apple ID on that exact e-mail address. I was a member of a different App Store Connect team until this morning; I left that team before clicking the new invitation. Question How can I accept the invitation with my existing Apple ID instead of being forced to create a new one ?

Good morning, I am configuring in backend the sending of reports regarding purchases made in app with external platform (Stripe) as per documentation. To be clear I am talking about ExternalPurchase. However, when I make the call it returns "Apple responded with status 401". I verified the token on jwt.io as per documentation and it is working. I don't understand where I am going wrong. Below is the code: const express = require("express"); const bodyParser = require("body-parser"); const jwt = require("jsonwebtoken"); const fs = require("fs"); const app = express(); const https = require("https"); const APPLE_KEY_ID = "xxx"; const APPLE_ISSUER_ID = "xxx-xxx-xxx-xxx-xxx"; const APPLE_PRIVATE_KEY = fs.readFileSync("AuthKey_xxx.p8", "utf8"); const APPLE_AUDIENCE = "appstoreconnect-v1"; function generateAppleJwt() { const now = Math.floor(Date.now() / 1000); const payload = { iss: APPLE_ISSUER_ID, iat: now, exp: now + (5 * 60), aud: APPLE_AUDIENCE }; return jwt.sign(payload, APPLE_PRIVATE_KEY, { algorithm: "ES256", header: { alg: "ES256", kid: APPLE_KEY_ID, typ: "JWT" } }); } app.post('/webhook', bodyParser.json({ type: 'application/json' }), async (req, res) => { let eventType = req.body.type; const relevantEvents = [ "invoice.paid" ]; if (relevantEvents.includes(eventType)) { try { const data= req.body.data; const platform = data.object.subscription_details.metadata.platform; if (platform === "IOS") { const token = generateAppleJwt(); const applePayload = { appAppleId: "xxx", bundleId: 'com.xxx.xxx.test', externalPurchaseId: data.object.id, purchaseTime: new Date(data.object.created * 1000).toISOString(), purchaseAmount: { amount: (data.object.total / 100).toFixed(2), currencyCode: data.object.currency.toUpperCase() }, purchaseLocation: { isoCountryCode: "IT" } }; const jsonString = JSON.stringify(applePayload); const agent = new https.Agent({ keepAlive: false }); const response = await fetch( "https://api.storekit-sandbox.apple.com/externalPurchase/v1/reports", { method: "PUT", headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json", "Accept-Encoding": "identity", }, body: JSON.stringify(applePayload), } ); if (!response.ok) { const errorText = await response.text(); throw new Error( `Apple responded with status ${response.status}: ${errorText}` ); } console.log("✅ Notifica inviata ad Apple con successo"); } else { if(!canSendNotification){ console.log("Non è una Sub. Nessuna notifica inviata."); }else{ console.log("Customer non iOS. Nessuna notifica inviata."); } } } catch (err) { console.error("Errore durante l’invio ad Apple:"); if (err.response) { console.error("Status:", err.response.status); console.error("Headers:", err.response.headers); console.error("Data:", err.response.data); } else { console.error("Message:", err.message); } } } res.status(200).send("OK"); }); exports.checkSubStripe = functions.https.onRequest(app);

Good morning, I am configuring in backend the sending of reports regarding purchases made in app with external platform (Stripe) as per documentation. To be clear I am talking about ExternalPurchase. However, when I make the call it returns "Apple responded with status 401". I verified the token on jwt.io as per documentation and it is working. I don't understand where I am going wrong. Below I share the code with you: const express = require("express"); const bodyParser = require("body-parser"); const jwt = require("jsonwebtoken"); const fs = require("fs"); const app = express(); const https = require("https"); const APPLE_KEY_ID = "XXXXX"; const APPLE_ISSUER_ID = "xxx-xxx-xxx-xx-xxxxxx"; const APPLE_PRIVATE_KEY = fs.readFileSync("AuthKey_xxxxx.p8", "utf8"); const APPLE_AUDIENCE = "appstoreconnect-v1"; function generateAppleJwt() { const now = Math.floor(Date.now() / 1000); const payload = { iss: APPLE_ISSUER_ID, iat: now, exp: now + (5 * 60), aud: APPLE_AUDIENCE }; return jwt.sign(payload, APPLE_PRIVATE_KEY, { algorithm: "ES256", header: { alg: "ES256", kid: APPLE_KEY_ID, typ: "JWT" } }); } app.post('/webhook', bodyParser.json({ type: 'application/json' }), async (req, res) => { let eventType = req.body.type; const relevantEvents = [ "invoice.paid" ]; if (relevantEvents.includes(eventType)) { try { const data= req.body.data; const platform = data.object.subscription_details.metadata.platform; if (platform === "IOS") { const token = generateAppleJwt(); const applePayload = { appAppleId: "xxxx", bundleId: 'com.xxx.xxx.test', externalPurchaseId: data.object.id, purchaseTime: new Date(data.object.created * 1000).toISOString(), purchaseAmount: { amount: (data.object.total / 100).toFixed(2), currencyCode: data.object.currency.toUpperCase() }, purchaseLocation: { isoCountryCode: "IT" } }; const jsonString = JSON.stringify(applePayload); const agent = new https.Agent({ keepAlive: false }); const response = await fetch( "https://api.storekit-sandbox.apple.com/externalPurchase/v1/reports", { method: "PUT", headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json", "Accept-Encoding": "identity", }, body: JSON.stringify(applePayload), } ); if (!response.ok) { const errorText = await response.text(); throw new Error( `Apple responded with status ${response.status}: ${errorText}` ); } console.log("✅ Notifica inviata ad Apple con successo"); } else { if(!canSendNotification){ console.log("Non è una Sub. Nessuna notifica inviata."); }else{ console.log("Customer non iOS. Nessuna notifica inviata."); } } } catch (err) { console.error("Errore durante l’invio ad Apple:"); if (err.response) { console.error("Status:", err.response.status); console.error("Headers:", err.response.headers); console.error("Data:", err.response.data); } else { console.error("Message:", err.message); } } } res.status(200).send("OK"); }); exports.checkSubStripe = functions.https.onRequest(app);

My admin has given me (App Manager) the permission to create API keys. If I visit my profile, I can see that permission ticked, and the "Individual API Key" section is now visible where it was not before. However, there is no button to create an individual API key. What else do we need to do to make this option available?

Dear community, in order to modernize our build pipelines, I wanted to try out the new App Store Connect build upload API that was introduced in the WWDC video "Automate your development process with the App Store Connect API". However, when POSTing to https://api.appstoreconnect.apple.com/v1/buildUploads, I receive the following error message: { "errors": [ { "id": "9fb916ea-4d26-4712-8c55-d1d4b5320bf2", "status": "404", "code": "PATH_ERROR", "title": "The URL path is not valid", "detail": "The resource 'v1/buildUploads' does not exist" } ] } Is this API not yet available or am I doing something wrong? If it is not yet available, is there an ETA? Thanks in advance & best regards, Yannik

As of June 9, 2025 we are no longer able to automate the creation of our offline provisioning profiles that we used to do on a weekly basis for testing of our internal products offline. I am not sure if the isOfflineProfile was an undocumented attribute that we were using, or if it was deprecated or if the removal of that capability was an oversight. The release notes for 4.0 of the API don't mention a deprecation. https://developer.apple.com/documentation/appstoreconnectapi/app-store-connect-api-4-0-release-notes When making the request to the v1/profiles endpoint to create the provisioning profile we now receive the following response: { "status": "409", "code": "ENTITY_ERROR.ATTRIBUTE.UNKNOWN", "title": "The provided entity includes an unknown attribute", "detail": "'isOfflineProfile' is not an attribute on the resource 'profiles'", "source": { "pointer": "/data/attributes/isOfflineProfile" } }

Hello, I am thinking of developing a parental control app but I do not know if I need to request the api for using "Time Screen API". In positive case, where it should be? Is there anyway to use this for educational centers? Not just for families? Kind regards.