Requesting your assistance with the error shown in the screenshot below. Our team hit this snag in our first attempt to get a build out. X Failed to register bundle identifier com.fourleaf.clara Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. Contact your team's Account Holder, Alyssa L*****, or an Admin. Error: build command failed. Our initial thought was that the Apple account admin (Alyssa) needed to log in to https://developer.apple.com/account and accept the latest Terms Of Services. Alyssa logged in, but does not have any agreements awaiting acceptance. The last agreement issued -- she approved on 6/10. Screenshot also attached below. Can you please advise us as to how to resolve this build error and issue?

Context We hold an Apple Developer Program team account and rely on: • Reporter tool – for downloading financial reports (Sales and Trends, etc.) • App Store Connect API – for retrieving subscription, refund, and other sales data We are facing several management challenges: The Developer portal shows no history of Reporter or API requests. Once team members are granted access, we cannot verify their exact actions (download time, report type, date range, etc.). Lack of permission-usage auditing makes it hard to judge whether an action is legitimate or poses potential risk. Questions Does Apple provide an official way to view detailed request logs for the Reporter tool or the App Store Connect API? • If yes, please indicate where to access them (developer portal location or API endpoint) and what fields are included (timestamp, account used, request parameters, etc.). If no built-in logging exists, are there any alternative methods to help teams monitor permission usage? • For example, an event-notification mechanism when reports are generated or data is pulled. Are there plans to introduce an auditing feature in the future? If so, is there an estimated release timeframe? Thanks in advance for any guidance!

Hi, Recently our App is facing a generic error with no error details. This error is happening once Build has been successfully uploaded to AppStore Connect through Xcode Organiser. Steps followed while uploading the build: Archive the Build through Xcode Once Archive is successful, Distributing the App through Xcode Organiser using AppStore Connect distribution method. Build Uploaded successfully to AppStore Connect After 5 min we are receiving a email with below message Hello, We noticed one or more issues with a recent delivery for the following app: AppName App Apple ID 2121111 Version 3.6.9 Build 75 Please correct the following issues and upload a new binary to App Store Connect. ITMS-90755: Invalid Binary - The following binaries in your app contains prohibited instructions: AppName.app/AppName. Remove the instructions from the binaries, rebuild and resubmit. Apple Developer Relations Solutions tried till now Updating Xcode to latest version of 16.4 Recreating new Distribution certificates and Provisioning Profiles Clearing DerivedData and cleaning Build Folder This issue seems to be occurring recently only since launch of Xcode 16.4 Other Device info Macbook Pro macOS: Sequoia 15.5 Xcode: 16.4

Hi everyone! When I attempt the Post Request using Postman, as shown in my attached curl, I receive the error "{ "errors": [ { "status": "405", "code": "METHOD_NOT_ALLOWED", "title": "The request method is not valid for the resource path.", "detail": "The request method used for this request is not valid for the resource path. Please consult the documentation." } ] }". I have constructed the JWT correctly as an admin with correct private Key and Unix Times and I am able to send regular GET requests without issue and I can view the dashboards in App Store Connect. The described POST request is being rejected, although it says so in the documentation: https://developer.apple.com/documentation/appstoreconnectapi/post-v1-analyticsreportrequests. Curl: curl --location 'https://api.appstoreconnect.apple.com/v1/analyticsReportRequests' --header 'Content-Type: application/json' --header 'Authorization: Bearer XXX' --data '{ "data": { "type": "analyticsReportRequests", "attributes": { "accessType": "ONGOING" }, "relationships": { "app": { "data": { "type": "apps", "id": "XXXXXXXXXX" } } } } }' (using ONE_TIME_SNAPSHOT makes no difference) Is this a documentation error ? I'd be happy to hear about a fix.

Title Can’t accept App Store Connect team invitation – link forces “Create Apple ID” and rejects my existing e-mail Problem I just received an “X has invited you to access App Store Connect” e-mail. When I click Accept invitation, the browser opens the Apple ID page but it shows the “Create your Apple ID” form instead of a sign-in screen. If I enter my normal address, the form shows the red error: This email address is not available. Please choose another. Context I already have an Apple ID on that exact e-mail address. I was a member of a different App Store Connect team until this morning; I left that team before clicking the new invitation. Question How can I accept the invitation with my existing Apple ID instead of being forced to create a new one ?

Good morning, I am configuring in backend the sending of reports regarding purchases made in app with external platform (Stripe) as per documentation. To be clear I am talking about ExternalPurchase. However, when I make the call it returns "Apple responded with status 401". I verified the token on jwt.io as per documentation and it is working. I don't understand where I am going wrong. Below is the code: const express = require("express"); const bodyParser = require("body-parser"); const jwt = require("jsonwebtoken"); const fs = require("fs"); const app = express(); const https = require("https"); const APPLE_KEY_ID = "xxx"; const APPLE_ISSUER_ID = "xxx-xxx-xxx-xxx-xxx"; const APPLE_PRIVATE_KEY = fs.readFileSync("AuthKey_xxx.p8", "utf8"); const APPLE_AUDIENCE = "appstoreconnect-v1"; function generateAppleJwt() { const now = Math.floor(Date.now() / 1000); const payload = { iss: APPLE_ISSUER_ID, iat: now, exp: now + (5 * 60), aud: APPLE_AUDIENCE }; return jwt.sign(payload, APPLE_PRIVATE_KEY, { algorithm: "ES256", header: { alg: "ES256", kid: APPLE_KEY_ID, typ: "JWT" } }); } app.post('/webhook', bodyParser.json({ type: 'application/json' }), async (req, res) => { let eventType = req.body.type; const relevantEvents = [ "invoice.paid" ]; if (relevantEvents.includes(eventType)) { try { const data= req.body.data; const platform = data.object.subscription_details.metadata.platform; if (platform === "IOS") { const token = generateAppleJwt(); const applePayload = { appAppleId: "xxx", bundleId: 'com.xxx.xxx.test', externalPurchaseId: data.object.id, purchaseTime: new Date(data.object.created * 1000).toISOString(), purchaseAmount: { amount: (data.object.total / 100).toFixed(2), currencyCode: data.object.currency.toUpperCase() }, purchaseLocation: { isoCountryCode: "IT" } }; const jsonString = JSON.stringify(applePayload); const agent = new https.Agent({ keepAlive: false }); const response = await fetch( "https://api.storekit-sandbox.apple.com/externalPurchase/v1/reports", { method: "PUT", headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json", "Accept-Encoding": "identity", }, body: JSON.stringify(applePayload), } ); if (!response.ok) { const errorText = await response.text(); throw new Error( `Apple responded with status ${response.status}: ${errorText}` ); } console.log("✅ Notifica inviata ad Apple con successo"); } else { if(!canSendNotification){ console.log("Non è una Sub. Nessuna notifica inviata."); }else{ console.log("Customer non iOS. Nessuna notifica inviata."); } } } catch (err) { console.error("Errore durante l’invio ad Apple:"); if (err.response) { console.error("Status:", err.response.status); console.error("Headers:", err.response.headers); console.error("Data:", err.response.data); } else { console.error("Message:", err.message); } } } res.status(200).send("OK"); }); exports.checkSubStripe = functions.https.onRequest(app);

Good morning, I am configuring in backend the sending of reports regarding purchases made in app with external platform (Stripe) as per documentation. To be clear I am talking about ExternalPurchase. However, when I make the call it returns "Apple responded with status 401". I verified the token on jwt.io as per documentation and it is working. I don't understand where I am going wrong. Below I share the code with you: const express = require("express"); const bodyParser = require("body-parser"); const jwt = require("jsonwebtoken"); const fs = require("fs"); const app = express(); const https = require("https"); const APPLE_KEY_ID = "XXXXX"; const APPLE_ISSUER_ID = "xxx-xxx-xxx-xx-xxxxxx"; const APPLE_PRIVATE_KEY = fs.readFileSync("AuthKey_xxxxx.p8", "utf8"); const APPLE_AUDIENCE = "appstoreconnect-v1"; function generateAppleJwt() { const now = Math.floor(Date.now() / 1000); const payload = { iss: APPLE_ISSUER_ID, iat: now, exp: now + (5 * 60), aud: APPLE_AUDIENCE }; return jwt.sign(payload, APPLE_PRIVATE_KEY, { algorithm: "ES256", header: { alg: "ES256", kid: APPLE_KEY_ID, typ: "JWT" } }); } app.post('/webhook', bodyParser.json({ type: 'application/json' }), async (req, res) => { let eventType = req.body.type; const relevantEvents = [ "invoice.paid" ]; if (relevantEvents.includes(eventType)) { try { const data= req.body.data; const platform = data.object.subscription_details.metadata.platform; if (platform === "IOS") { const token = generateAppleJwt(); const applePayload = { appAppleId: "xxxx", bundleId: 'com.xxx.xxx.test', externalPurchaseId: data.object.id, purchaseTime: new Date(data.object.created * 1000).toISOString(), purchaseAmount: { amount: (data.object.total / 100).toFixed(2), currencyCode: data.object.currency.toUpperCase() }, purchaseLocation: { isoCountryCode: "IT" } }; const jsonString = JSON.stringify(applePayload); const agent = new https.Agent({ keepAlive: false }); const response = await fetch( "https://api.storekit-sandbox.apple.com/externalPurchase/v1/reports", { method: "PUT", headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json", "Accept-Encoding": "identity", }, body: JSON.stringify(applePayload), } ); if (!response.ok) { const errorText = await response.text(); throw new Error( `Apple responded with status ${response.status}: ${errorText}` ); } console.log("✅ Notifica inviata ad Apple con successo"); } else { if(!canSendNotification){ console.log("Non è una Sub. Nessuna notifica inviata."); }else{ console.log("Customer non iOS. Nessuna notifica inviata."); } } } catch (err) { console.error("Errore durante l’invio ad Apple:"); if (err.response) { console.error("Status:", err.response.status); console.error("Headers:", err.response.headers); console.error("Data:", err.response.data); } else { console.error("Message:", err.message); } } } res.status(200).send("OK"); }); exports.checkSubStripe = functions.https.onRequest(app);

My admin has given me (App Manager) the permission to create API keys. If I visit my profile, I can see that permission ticked, and the "Individual API Key" section is now visible where it was not before. However, there is no button to create an individual API key. What else do we need to do to make this option available?

As of June 9, 2025 we are no longer able to automate the creation of our offline provisioning profiles that we used to do on a weekly basis for testing of our internal products offline. I am not sure if the isOfflineProfile was an undocumented attribute that we were using, or if it was deprecated or if the removal of that capability was an oversight. The release notes for 4.0 of the API don't mention a deprecation. https://developer.apple.com/documentation/appstoreconnectapi/app-store-connect-api-4-0-release-notes When making the request to the v1/profiles endpoint to create the provisioning profile we now receive the following response: { "status": "409", "code": "ENTITY_ERROR.ATTRIBUTE.UNKNOWN", "title": "The provided entity includes an unknown attribute", "detail": "'isOfflineProfile' is not an attribute on the resource 'profiles'", "source": { "pointer": "/data/attributes/isOfflineProfile" } }

Hello, I am thinking of developing a parental control app but I do not know if I need to request the api for using "Time Screen API". In positive case, where it should be? Is there anyway to use this for educational centers? Not just for families? Kind regards.

I'm using App Store Connect API to automate onboarding/off-boarding user invitations for my team members when they start working on my app. Once devs join the team, I'd like to invite them to the specific app's beta test group. This requires some additional work after the user has joined the team because unlike visibleApps, there's no way to initially indicate the beta test groups that a user should have access to. One challenge I'm finding is that people don't immediately join the team on time so polling feels a bit excessive/wasteful. Is there some recommended mechanism for adding users to the internal test flight group, or is there a way to trigger a webhook when the list of users is updated. I noticed that there's a new /v1/marketplaceWebhooks API so I imagine this is the recommended format for registering callbacks. Any assistance here would be greatly appreciated.

Can't add banking info in App Store Connect - getting 400 error when searching for any bank in any country. Steps: App Store Connect → Banking setup Search any bank, any country "We could not find banks matching criteria" + 400 error in dev tools Tried: Multiple browsers/incognito Different countries Clear cache This is blocking my Paid Apps Agreement (shows "Pending User Info") and my app review for in-app purchases. Anyone else having this issue? Any workarounds? Thanks!

Hello everyone, I’m building a custom tool that uses the App Store Connect API (v1) to manage my team’s users. I can successfully list all users with: GET https://api.appstoreconnect.apple.com/v1/users …but the JSON response only includes fields like firstName, lastName, email, allAppsVisible, provisioningAllowed, and roles. There is no lastLogin or timestamp field anywhere in the User object: { "data": [ { "id": "USER_ID", "type": "users", "attributes": { "firstName": "mohit", "lastName": "tiwari", "email": "", "allAppsVisible": false, "provisioningAllowed": false }, "relationships": { … } }, … ] } My main question is: How can I retrieve each user’s “last login” timestamp via the App Store Connect API? Is this even possible with the current endpoints? If it isn’t exposed, has Apple any plans to add this? Or are there any recommended workarounds—perhaps via audit logs or another API—to track when each user last accessed App Store Connect? Thanks in advance for your guidance and any code/endpoint examples you can share!

Hi, I'm generating MusicKit JWT tokens on my backend side and using it on the client side to query the Apple Music API. One concern I have is accidentally over issuing the scope of this JWT, resulting in accidental access more services than intended like DeviceCheck or APNS. Other than using separate keys for MusicKit and other services, is there a way to limit the generated JWT to only the Apple Music API (https://api.music.apple.com/v1/*) using the JWT payload scope?

I hope this message finds you well. I’m reaching out to ask whether specific App Store Connect metrics available in the App Analytics dashboard can also be accessed via the App Store Connect REST API. I have reviewed the official API documentation, but I couldn’t find confirmation regarding the metrics listed below. Could you kindly clarify if the following metrics are available through the REST API? And if so, could you point me to the relevant endpoints or documentation? From the "Usage" group: Installations (Opt-in only) Active Devices Deletions (Uninstalls) From the "App Store" group: Impressions (Unique Devices) Product Page Views (Unique Devices) If these metrics are not available via the REST API, is there an alternative method to programmatically access or export them? Thank you very much in advance for your help and guidance.

Hi everyone, I’m new here. I’m working with the App Store Connect (ASC) Analytics API and I have some questions about how to retrieve historical data for downloads and in-app purchases. I’ve created two types of reports: 1. ONGOING: Retrieves current and recent data. 2. ONE_TIME_SNAPSHOT: Supposedly retrieves historical data. I am specifically interested in the Detailed versions: • App Store Downloads Detailed • App Store Purchases Detailed What's my problem? 1. The ONGOING report brings instances with data from the last few days, which seems correct for App Downloads. But not with Purchases, it brings just a few random days and I'm not sure about the granularity. 2. The ONE_TIME_SNAPSHOT report, however, retrieves instances with data from specific days, but the selection of these days appears to be random. I can’t figure out the criteria behind it. Does anyone know what the selection criteria are for the days that appear in the ONE_TIME_SNAPSHOT report? Is it possible to configure the date range for this type of report? Why are some historical dates available while others are not? Is there a way to ensure that the ONE_TIME_SNAPSHOT report brings data from all days within a specified range? Any advice or insights would be greatly appreciated! Thanks in advance!

I'm trying to programmatically create an Advanced AppClip Experience via the API. following the docs https://developer.apple.com/documentation/appstoreconnectapi/app-clips-and-app-clip-experiences I have created the header image. But when I try to create the experience I can not figure out a) how to create a localisationID to be included in the relationships object b) how to get the included object to be recognised Any one have experience or can offer help?

We are experiencing an issue with our iOS TestFlight builds where in-app purchase (IAP) products are not being retrieved as expected. We are using Unity IAP to handle our purchases, and despite having all the products correctly configured and approved in App Store Connect, we consistently receive errors such as: UnityIAP: Received 0 products Unavailable product [product_id] We have thoroughly verified that: The product identifiers are correctly configured in App Store Connect. The bundle ID mappings are correctly set on both Unity and our backend. The same setup works on the live App Store build, where purchases are fetched and validated correctly for the same set of In App products. Sandbox test accounts are being used during TestFlight testing. This issue only started appearing recently and affects the TestFlight builds only. Note: My App ID and Product ID are correct, the IAP is live on the App Store, and the product is recognized in sandbox. Looking forward to your support on this matter.

Hello, I'm encountering an issue when trying to use the subscriptionGroupLookups endpoint in the App Store Connect API. Despite having the correct setup, I continue to receive a 404 NOT FOUND error when making requests to: GET https://api.appstoreconnect.apple.com/v1/subscriptionGroupLookups Here is the current state of my environment: I am the Account Holder of the App Store Connect account The App Store Connect API key has been successfully created I have the correct Key ID, Issuer ID, and .p8 private key I can authenticate and access the apps and subscriptionGroups endpoints However, the subscriptionGroupLookups endpoint always returns: { "errors": [ { "status": "404", "code": "NOT_FOUND", "title": "The specified resource does not exist" } ] } I suspect that LookUp Keys (UUIDs) have not been assigned to our subscription groups, even though they were created and are active in App Store Connect. There is no “Request Access” button visible under the Integrations tab (as mentioned in Apple support instructions), and my keys appear under “App Store Connect API” > “Keys” as active. Questions: How can I ensure that LookUp Keys are assigned to my subscription groups? Is there a way to trigger this manually or via support? Has anyone successfully resolved this? Any advice or experience would be greatly appreciated. Thank you!

Hi, We run an app house where we're creating a new app through our store for clients every few weeks. We've been using the Apple ID login through fastlane to create new apps in our CI, however we find having to log in to multiple machines every few weeks very frustrating, as it requires 2fa, and always seems to happen right when the system admins are on leave. We've tried to use the API key instead however creating apps doesn't appear to be supported, as we get a 403 error stating we can't use create. This was with the App manager role. Is it at all possible to crate an app using the api key, turn off the timeout on the ID Login or, automate this so we don't need to log in every few weeks?