Hello Apple Developer Team, I've followed the AppStoreConnect API documentation and created the following: I've created a API Key in App store > Integrations > Teams key, gave the role as admin. Created a valid JWT token When fetching the GET v1/apps, I can see the list of apps. Also I was able to make GET v1/users as well successfully. I've the valid bundle Id and capabilities enabled in the developer portal. Facing an issue while creating an app in App Store using AppStoreConnect API using POST call: This is my ruby script: response = api_request( method: :post, path: "/v1/apps", token: token, body: { data: { type: 'apps', attributes: { name: APP_NAME, primaryLocale: LOCALE, sku: "SKU#{Time.now.to_i}", bundleId: BUNDLE_ID, platform: 'IOS' } } } ) It gives me below error: { "errors": [ { "id": "09b465fc-316f-47b4-9bc3-9c340cb966aa", "status": "403", "code": "FORBIDDEN_ERROR", "title": "The given operation is not allowed", "detail": "The resource 'apps' does not allow 'CREATE'. Allowed operations are: GET_COLLECTION, GET_INSTANCE, UPDATE" } ] } Did anyone was able to successfully create the app in App Store via AppStoreConnect API? Could you please help me identify the root cause for the above issue and provide some inputs so that I could work on resolving them and move forward in the deployment process. Appreciate your help in reviewing this. Thank you, Santosh

Good day. The Infrastructure Security team my company is concerned about potential information security incidents in https://appstoreconnect.apple.com/. We intend to: Collect logs of any activities within our organization (for example, someone adding a new user with administrative privileges or publishing a new application from a corporate account). Automatically deliver these logs to our SIEM (e.g., Splunk), so that alerts can be generated and potential security incidents can be addressed, such as breaches of internal policies by an employee or a compromise of a corporate account associated with https://appstoreconnect.apple.com/. Could you please advise on how this can be implemented?

Hi Apple Developer Support, I’m working on a Node.js script to fetch all apps listed under the Education category and Reference subcategory from the US App Store, where the app name includes "exam prep". My goal is to list these apps in descending order of their earned revenue (including both paid apps and those with subscriptions). To proceed, I’m looking for guidance or code-level support on: Accessing App Store metadata programmatically via Apple-approved APIs. Filtering apps by category, subcategory, and keywords in the app name. Sorting the result set by revenue (paid and subscription earnings). Is there any recommended API or service (official or via App Store Connect) that I should be using to achieve this? Appreciate any direction, documentation, or sample code that can help. Thanks in advance!

Hi all, I'm trying to integrate Apple’s DeviceCheck API into my Flutter iOS app. I already have everything set up on the backend — the Apple private key, key ID, team ID, and DeviceCheck capability. The backend is generating and signing the JWT correctly and making requests to Apple. However, I’m currently stuck on the frontend (Flutter): 👉 How can I generate the device_token required by the DeviceCheck API (via DCDevice.generateToken) in a Flutter iOS app? I understand that DCDevice.generateToken() must be called from native Swift code. I previously attempted to use a MethodChannel to bridge this in Swift, but would prefer not to write or maintain native Swift code if possible. I've looked for a prebuilt Flutter package to handle this, but nothing exists or is up-to-date on pub.dev. Main Question: Is there any Apple-supported way to generate the device_token for DeviceCheck from a Flutter app without writing Swift code manually? If not, is DCDevice.generateToken() the only possible approach, and must I implement this via Swift and Flutter platform channels? Thanks!

We're using https://api.appstoreconnect.apple.com/v1/salesReports (https://developer.apple.com/documentation/appstoreconnectapi/get-v1-salesreports) to get the First-Time Downloads as can be seen in the App Store Connect per app. But from the API we only get data since March 2025 while in the App Store Connect data can be seen since November 2022. From the API response we read the Units for entries where 'Product Type Identifier' is 1 (https://developer.apple.com/help/app-store-connect/reference/product-type-identifiers/) per Apple Identifier. The results is for all apps as we expect, but for one app we only get data since March 2025. It is indeed the case that the app has been published in March, but the same id was in use since November 2022, under another vendor though (different vendorNumber, which we don't know). Is there any way to get the statistics from before March, like can be seen in the App Store Connect? Perhaps another way of calling salesReports or another API. We tried https://appstoreconnect.apple.com/analytics/api/v1/data/timeseries as that is the call happening in App Store Connect which over there is returning data prior to March 2025, but we couldn't get it to work nor find documentation about it. Or can we feed the old data so we would get it back from salesReports?

Issue Description I am experiencing persistent 401 Unauthorized errors when attempting to access the App Store Server API using JWT authentication. Despite following Apple's documentation and regenerating keys, I am unable to successfully authenticate. Implementation Details I'm implementing JWT authentication for the App Store Server API to retrieve transaction information from the following endpoint: https://api.storekit.itunes.apple.com/inApps/v1/transactions/{transactionID} My JWT generation code (in PHP/Laravel) follows Apple's documentation: php$kid = '6W6H649LJ4'; $header = [ "alg" => "ES256", "kid" => $kid, "typ" => "JWT" ]; $iss = 'b8d99de7-b43b-4cbb-aada-546ec784e249'; // App Store Connect API Key Issuer ID $bid = 'com.gitiho.learnCourse'; // Bundle ID $payload = [ "iss" => $iss, "iat" => time(), "exp" => time() + 3600, "aud" => "appstoreconnect-v1", "bid" => $bid ]; $pathFileAuthKeyP8 = "AuthKey_6W6H649LJ4.p8"; $contentFileAuthKey = \File::get(base_path($pathFileAuthKeyP8)); $alg = "ES256"; $jwt = \Firebase\JWT\JWT::encode($payload, $contentFileAuthKey, $alg, null, $header); Steps Taken to Troubleshoot Verified that the Issuer ID is correct and in UUID format Confirmed that the Key ID matches the private key filename Regenerated the key with proper App Store Server API permissions Ensured the private key file is properly formatted with correct headers and footers Verified that the JWT is being properly encoded using the ES256 algorithm Confirmed the bundle ID is correct for our application Checked that the API endpoint URL is correct Additional Information This implementation previously worked correctly We started experiencing 401 errors recently without changing our implementation We are using the Firebase JWT library for PHP to encode the JWT Request Could you please help identify what might be causing these authentication failures? Is there any recent change in the authentication requirements or endpoint URLs that might be affecting our integration? Thanks for support me.

Hi, We run an app house where we're creating a new app through our store for clients every few weeks. We've been using the Apple ID login through fastlane to create new apps in our CI, however we find having to log in to multiple machines every few weeks very frustrating, as it requires 2fa, and always seems to happen right when the system admins are on leave. We've tried to use the API key instead however creating apps doesn't appear to be supported, as we get a 403 error stating we can't use create. This was with the App manager role. Is it at all possible to crate an app using the api key, turn off the timeout on the ID Login or, automate this so we don't need to log in every few weeks?

Hello, I'm encountering an issue when trying to use the subscriptionGroupLookups endpoint in the App Store Connect API. Despite having the correct setup, I continue to receive a 404 NOT FOUND error when making requests to: GET https://api.appstoreconnect.apple.com/v1/subscriptionGroupLookups Here is the current state of my environment: I am the Account Holder of the App Store Connect account The App Store Connect API key has been successfully created I have the correct Key ID, Issuer ID, and .p8 private key I can authenticate and access the apps and subscriptionGroups endpoints However, the subscriptionGroupLookups endpoint always returns: { "errors": [ { "status": "404", "code": "NOT_FOUND", "title": "The specified resource does not exist" } ] } I suspect that LookUp Keys (UUIDs) have not been assigned to our subscription groups, even though they were created and are active in App Store Connect. There is no “Request Access” button visible under the Integrations tab (as mentioned in Apple support instructions), and my keys appear under “App Store Connect API” > “Keys” as active. Questions: How can I ensure that LookUp Keys are assigned to my subscription groups? Is there a way to trigger this manually or via support? Has anyone successfully resolved this? Any advice or experience would be greatly appreciated. Thank you!

Hi everyone, I’m new here. I’m working with the App Store Connect (ASC) Analytics API and I have some questions about how to retrieve historical data for downloads and in-app purchases. I’ve created two types of reports: 1. ONGOING: Retrieves current and recent data. 2. ONE_TIME_SNAPSHOT: Supposedly retrieves historical data. I am specifically interested in the Detailed versions: • App Store Downloads Detailed • App Store Purchases Detailed What's my problem? 1. The ONGOING report brings instances with data from the last few days, which seems correct for App Downloads. But not with Purchases, it brings just a few random days and I'm not sure about the granularity. 2. The ONE_TIME_SNAPSHOT report, however, retrieves instances with data from specific days, but the selection of these days appears to be random. I can’t figure out the criteria behind it. Does anyone know what the selection criteria are for the days that appear in the ONE_TIME_SNAPSHOT report? Is it possible to configure the date range for this type of report? Why are some historical dates available while others are not? Is there a way to ensure that the ONE_TIME_SNAPSHOT report brings data from all days within a specified range? Any advice or insights would be greatly appreciated! Thanks in advance!

Hello everyone, I’m building a custom tool that uses the App Store Connect API (v1) to manage my team’s users. I can successfully list all users with: GET https://api.appstoreconnect.apple.com/v1/users …but the JSON response only includes fields like firstName, lastName, email, allAppsVisible, provisioningAllowed, and roles. There is no lastLogin or timestamp field anywhere in the User object: { "data": [ { "id": "USER_ID", "type": "users", "attributes": { "firstName": "mohit", "lastName": "tiwari", "email": "", "allAppsVisible": false, "provisioningAllowed": false }, "relationships": { … } }, … ] } My main question is: How can I retrieve each user’s “last login” timestamp via the App Store Connect API? Is this even possible with the current endpoints? If it isn’t exposed, has Apple any plans to add this? Or are there any recommended workarounds—perhaps via audit logs or another API—to track when each user last accessed App Store Connect? Thanks in advance for your guidance and any code/endpoint examples you can share!

Hi, I'm generating MusicKit JWT tokens on my backend side and using it on the client side to query the Apple Music API. One concern I have is accidentally over issuing the scope of this JWT, resulting in accidental access more services than intended like DeviceCheck or APNS. Other than using separate keys for MusicKit and other services, is there a way to limit the generated JWT to only the Apple Music API (https://api.music.apple.com/v1/*) using the JWT payload scope?

Good morning, I am configuring in backend the sending of reports regarding purchases made in app with external platform (Stripe) as per documentation. To be clear I am talking about ExternalPurchase. However, when I make the call it returns "Apple responded with status 401". I verified the token on jwt.io as per documentation and it is working. I don't understand where I am going wrong. Below I share the code with you: const express = require("express"); const bodyParser = require("body-parser"); const jwt = require("jsonwebtoken"); const fs = require("fs"); const app = express(); const https = require("https"); const APPLE_KEY_ID = "XXXXX"; const APPLE_ISSUER_ID = "xxx-xxx-xxx-xx-xxxxxx"; const APPLE_PRIVATE_KEY = fs.readFileSync("AuthKey_xxxxx.p8", "utf8"); const APPLE_AUDIENCE = "appstoreconnect-v1"; function generateAppleJwt() { const now = Math.floor(Date.now() / 1000); const payload = { iss: APPLE_ISSUER_ID, iat: now, exp: now + (5 * 60), aud: APPLE_AUDIENCE }; return jwt.sign(payload, APPLE_PRIVATE_KEY, { algorithm: "ES256", header: { alg: "ES256", kid: APPLE_KEY_ID, typ: "JWT" } }); } app.post('/webhook', bodyParser.json({ type: 'application/json' }), async (req, res) => { let eventType = req.body.type; const relevantEvents = [ "invoice.paid" ]; if (relevantEvents.includes(eventType)) { try { const data= req.body.data; const platform = data.object.subscription_details.metadata.platform; if (platform === "IOS") { const token = generateAppleJwt(); const applePayload = { appAppleId: "xxxx", bundleId: 'com.xxx.xxx.test', externalPurchaseId: data.object.id, purchaseTime: new Date(data.object.created * 1000).toISOString(), purchaseAmount: { amount: (data.object.total / 100).toFixed(2), currencyCode: data.object.currency.toUpperCase() }, purchaseLocation: { isoCountryCode: "IT" } }; const jsonString = JSON.stringify(applePayload); const agent = new https.Agent({ keepAlive: false }); const response = await fetch( "https://api.storekit-sandbox.apple.com/externalPurchase/v1/reports", { method: "PUT", headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json", "Accept-Encoding": "identity", }, body: JSON.stringify(applePayload), } ); if (!response.ok) { const errorText = await response.text(); throw new Error( `Apple responded with status ${response.status}: ${errorText}` ); } console.log("✅ Notifica inviata ad Apple con successo"); } else { if(!canSendNotification){ console.log("Non è una Sub. Nessuna notifica inviata."); }else{ console.log("Customer non iOS. Nessuna notifica inviata."); } } } catch (err) { console.error("Errore durante l’invio ad Apple:"); if (err.response) { console.error("Status:", err.response.status); console.error("Headers:", err.response.headers); console.error("Data:", err.response.data); } else { console.error("Message:", err.message); } } } res.status(200).send("OK"); }); exports.checkSubStripe = functions.https.onRequest(app);

Good morning, I am configuring in backend the sending of reports regarding purchases made in app with external platform (Stripe) as per documentation. To be clear I am talking about ExternalPurchase. However, when I make the call it returns "Apple responded with status 401". I verified the token on jwt.io as per documentation and it is working. I don't understand where I am going wrong. Below is the code: const express = require("express"); const bodyParser = require("body-parser"); const jwt = require("jsonwebtoken"); const fs = require("fs"); const app = express(); const https = require("https"); const APPLE_KEY_ID = "xxx"; const APPLE_ISSUER_ID = "xxx-xxx-xxx-xxx-xxx"; const APPLE_PRIVATE_KEY = fs.readFileSync("AuthKey_xxx.p8", "utf8"); const APPLE_AUDIENCE = "appstoreconnect-v1"; function generateAppleJwt() { const now = Math.floor(Date.now() / 1000); const payload = { iss: APPLE_ISSUER_ID, iat: now, exp: now + (5 * 60), aud: APPLE_AUDIENCE }; return jwt.sign(payload, APPLE_PRIVATE_KEY, { algorithm: "ES256", header: { alg: "ES256", kid: APPLE_KEY_ID, typ: "JWT" } }); } app.post('/webhook', bodyParser.json({ type: 'application/json' }), async (req, res) => { let eventType = req.body.type; const relevantEvents = [ "invoice.paid" ]; if (relevantEvents.includes(eventType)) { try { const data= req.body.data; const platform = data.object.subscription_details.metadata.platform; if (platform === "IOS") { const token = generateAppleJwt(); const applePayload = { appAppleId: "xxx", bundleId: 'com.xxx.xxx.test', externalPurchaseId: data.object.id, purchaseTime: new Date(data.object.created * 1000).toISOString(), purchaseAmount: { amount: (data.object.total / 100).toFixed(2), currencyCode: data.object.currency.toUpperCase() }, purchaseLocation: { isoCountryCode: "IT" } }; const jsonString = JSON.stringify(applePayload); const agent = new https.Agent({ keepAlive: false }); const response = await fetch( "https://api.storekit-sandbox.apple.com/externalPurchase/v1/reports", { method: "PUT", headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json", "Accept-Encoding": "identity", }, body: JSON.stringify(applePayload), } ); if (!response.ok) { const errorText = await response.text(); throw new Error( `Apple responded with status ${response.status}: ${errorText}` ); } console.log("✅ Notifica inviata ad Apple con successo"); } else { if(!canSendNotification){ console.log("Non è una Sub. Nessuna notifica inviata."); }else{ console.log("Customer non iOS. Nessuna notifica inviata."); } } } catch (err) { console.error("Errore durante l’invio ad Apple:"); if (err.response) { console.error("Status:", err.response.status); console.error("Headers:", err.response.headers); console.error("Data:", err.response.data); } else { console.error("Message:", err.message); } } } res.status(200).send("OK"); }); exports.checkSubStripe = functions.https.onRequest(app);

Title Can’t accept App Store Connect team invitation – link forces “Create Apple ID” and rejects my existing e-mail Problem I just received an “X has invited you to access App Store Connect” e-mail. When I click Accept invitation, the browser opens the Apple ID page but it shows the “Create your Apple ID” form instead of a sign-in screen. If I enter my normal address, the form shows the red error: This email address is not available. Please choose another. Context I already have an Apple ID on that exact e-mail address. I was a member of a different App Store Connect team until this morning; I left that team before clicking the new invitation. Question How can I accept the invitation with my existing Apple ID instead of being forced to create a new one ?

Context We hold an Apple Developer Program team account and rely on: • Reporter tool – for downloading financial reports (Sales and Trends, etc.) • App Store Connect API – for retrieving subscription, refund, and other sales data We are facing several management challenges: The Developer portal shows no history of Reporter or API requests. Once team members are granted access, we cannot verify their exact actions (download time, report type, date range, etc.). Lack of permission-usage auditing makes it hard to judge whether an action is legitimate or poses potential risk. Questions Does Apple provide an official way to view detailed request logs for the Reporter tool or the App Store Connect API? • If yes, please indicate where to access them (developer portal location or API endpoint) and what fields are included (timestamp, account used, request parameters, etc.). If no built-in logging exists, are there any alternative methods to help teams monitor permission usage? • For example, an event-notification mechanism when reports are generated or data is pulled. Are there plans to introduce an auditing feature in the future? If so, is there an estimated release timeframe? Thanks in advance for any guidance!

Requesting your assistance with the error shown in the screenshot below. Our team hit this snag in our first attempt to get a build out. X Failed to register bundle identifier com.fourleaf.clara Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. Contact your team's Account Holder, Alyssa L*****, or an Admin. Error: build command failed. Our initial thought was that the Apple account admin (Alyssa) needed to log in to https://developer.apple.com/account and accept the latest Terms Of Services. Alyssa logged in, but does not have any agreements awaiting acceptance. The last agreement issued -- she approved on 6/10. Screenshot also attached below. Can you please advise us as to how to resolve this build error and issue?

Hello, I am trying to call the StoreKit In-App API, but I am consistently receiving a 401 Unauthenticated error. Here is what I have done so far: JWT creation (via https://jwt.io): Header: { "alg": "ES256", "kid": "**********", "typ": "JWT" } Payload: { "iss": "********-e662-43d2-be42-012d0138ce39", "aud": "appstoreconnect-v1", "iat": 1757389187, "exp": 1757390987 } Private Key (.p8): -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- Algorithm used: ES256 This generates the JWT successfully. API Call: I then include the JWT in the request header as follows: Authorization: Bearer ************ Endpoint: https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/2000001003740262 Response: Status: 401 Unauthenticated Request ID: S3KCYHDVRMDKUT3TZVTY3QRRWM.0.0 Has anyone else faced this issue? Is there something incorrect with how I’m generating the JWT (e.g., iat/exp values, formatting, or encoding)? Do I need to generate separate keys for Sandbox and Production, or is the same key valid for both? Any guidance would be appreciated. Thanks in advance!

Hi, In the AppstoreConnect website it's possible to retrieve the payments and estimated proceeds. Is it possible to recover it automaticaly with an API ? I saw "Payments and Proceeds" documentation (https://developer.apple.com/help/app-store-connect/getting-paid/view-payments-and-proceeds), and the "Download Sales and Trends Reports" API documentation (https://developer.apple.com/documentation/appstoreconnectapi/get-v1-salesreports). But none can retrieve the amount that Apple proceeds to the bank account. I need this because I sell in different countries with different currencies. And I manage different Apple accounts. Best Regards,

I’m currently automating our iOS release pipeline with the App Store Connect API. TestFlight and App Store version creation are mostly working, but I’m stuck at the “submit for review” step. Below are the endpoint I’m calling, the payload, and the error I receive: > url: https://api.appstoreconnect.apple.com/v1/appStoreReviewSubmissions > method: POST > params: None > json: {'data': {'type': 'appStoreReviewSubmissions', 'relationships': {'appStoreVersion': {'data': {'type': 'appStoreVersions', 'id': '62db20b9-1bc6-4b1a-9b52-9834a807c377'}}}}} > response: <Response [404]> > ASCAPIError(404): The specified resource does not exist: The path provided does not match a defined resource type. | errors=[{'id': '32d2c224-0f1c-4592-a02d-a4f87b13b6b7', 'status': '404', 'code': 'NOT_FOUND', 'title': 'The specified resource does not exist', 'detail': 'The path provided does not match a defined resource type.'}] The official documentation app-store-version-submissions doesn't mention the endpoint, and I could not find any working example in open-source CLI tools. Questions: Does the App Store Connect API actually support submitting an App Store version for review? If yes, where can I find the exact endpoint & required scope documented? If no, is there a canonical list of what the API can and cannot do so I can confirm the limitation? Any pointers to docs or working code samples would be greatly appreciated.

Hi! We are seeing increased number of 404s when trying to download sales report from reportingitc-reporter.apple.com/reportservice/sales/v1 We are using API version 2.2 Is anyone else facing these issues?