Hi! I am working on automating the Apple Pay integration process in our CI/CD pipeline and would like to confirm whether a fully automated setup is currently possible for our preproduction environment. Right now, our process is as follows: A certificate is generated for the root domain and for each individual merchant subdomain. Both certificates are manually uploaded to our preproduction servers to test and verified via HTTP. We’d like to automate this flow in GitLab CI, mainly the generation of the necessary certificates programmatically or via API. However, from my research, it seems that Apple does not currently provide an API or any support to automate this task, but I’d like to confirm this directly with you. Is there any official support or workaround for this kind of automation? If not, do you have any plans to provide it in the future? Thanks in advance for your help.

Our application is currently under review, and we are still facing issues because we receive a 401 Unauthorized response from the App Store Connect API when using the production environment. Our app integrates with Chargebee for subscription management, and in production, Chargebee is unable to authenticate with the App Store Server API. This results in a 401 Unauthorized error, preventing the user’s subscription from being synced correctly into our system. Interestingly, the same configuration works in the sandbox environment, but fails in production. We’ve tried authenticating using JWTs generated from multiple keys (including App Store Connect API / Team Keys with both Admin and App Manager access, and also In-App Purchase keys), all with the same result — sandbox access works, production does not. Here is our example code for testing with JWT token: const jwt = require('jsonwebtoken'); const fs = require('fs'); const https = require('https'); const config = { keyId: '<key_id>', issuerId: 'issuer_id', bundleId: 'bundle_id', privateKey: fs.readFileSync('path_to_key') }; const { keyId, issuerId, bundleId, privateKey } = config; const now = Math.floor(Date.now() / 1000); const jwtToken = jwt.sign( { iss: issuerId, iat: now, exp: now + 60 * 10, // 10 minutes is fine for test aud: 'appstoreconnect-v1', bid: bundleId }, privateKey, { algorithm: 'ES256', header: { alg: 'ES256', kid: keyId, typ: 'JWT' } } ); console.log('Generated JWT:\n', jwtToken); // prod const originalTransactionId = '<prod_transaction_id>'; const hostname = 'api.storekit.itunes.apple.com'; // sandbox // const originalTransactionId = '<sandbox_transaction_id>'; // const hostname = 'api.storekit-sandbox.itunes.apple.com' const options = { hostname, port: 443, path: `/inApps/v1/history/${originalTransactionId}`, method: 'GET', headers: { Authorization: `Bearer ${jwtToken}`, 'Content-Type': 'application/json', }, }; const callAppStoreConnectApi = async () => { const req = https.request(options, (res) => { console.log(`\nStatus Code: ${res.statusCode}`); let data = ''; res.on('data', (chunk) => { data += chunk; }); res.on('end', () => { console.log('Response Body:\n', data || '[Empty]'); }); }); req.on('error', (e) => { console.error('Request Error:', e); }); req.end(); }; callAppStoreConnectApi(); With this code, we were able to authenticate successfully in the sandbox environment, but not in production. I read in this discussion: https://developer.apple.com/forums/thread/711801 that the issue was resolved once the app was published to the App Store, but I haven’t found any official documentation confirming this. Does anyone know what the issue could be?

Requesting your assistance with the error shown in the screenshot below. Our team hit this snag in our first attempt to get a build out. X Failed to register bundle identifier com.fourleaf.clara Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. Contact your team's Account Holder, Alyssa L*****, or an Admin. Error: build command failed. Our initial thought was that the Apple account admin (Alyssa) needed to log in to https://developer.apple.com/account and accept the latest Terms Of Services. Alyssa logged in, but does not have any agreements awaiting acceptance. The last agreement issued -- she approved on 6/10. Screenshot also attached below. Can you please advise us as to how to resolve this build error and issue?

I tried to use the Connect app this morning and it said a developer account was needed. On the contrary, I am the account holder, which is what the CTA to fix the issue in the app stated to ask for access from. Then I tried to sign in directly on the website and it also didn't respond there. FB19906255 - App Store Connect: Connect app not responding and neither is App Store Connect portal Aug 26, 8:15 AM Central Posting in case others run into this, I have not seen the developer status page report anything yet: https://developer.apple.com/system-status/

I am trying to add webhook subscriptions for TestFlight build processing completion and TestFlight beta build review completion events. These were showcased in the WWDC25 session: https://developer.apple.com/videos/play/wwdc2025/324/ Currently, I am able to receive webhook events for distribution updates, and the corresponding checkmark option is available in the App Store Connect portal. However, there is no checkmark option in the portal to subscribe to beta build-related events. In the video, there is clearly a checkmark option for the beta review event subscription (at 4:55). The current documentation also does not mention beta processing and beta review event subscriptions. It only lists the event types that are visible in the web portal: https://developer.apple.com/documentation/appstoreconnectapi/webhookeventtype When I try to add the BUILD_BETA_DETAIL_EXTERNAL_BETA_STATE_UPDATED event (as shown in the video at 6:10) via the PATCH API request, I get the below error. "errors": [ { "id": "****-****-****-****-*********3851", "status": 409, "code": "ENTITY_ERROR.ATTRIBUTE.TYPE", "title": "An attribute in the provided entity has the wrong type", "detail": "'BUILD_BETA_DETAIL_EXTERNAL_BETA_STATE_UPDATED' is not a valid value for the attribute 'eventTypes/3'.", "expectedValues": [ "APP_STORE_VERSION_APP_VERSION_STATE_UPDATED", "BETA_FEEDBACK_CRASH_SUBMISSION_CREATED", "BETA_FEEDBACK_SCREENSHOT_SUBMISSION_CREATED" ], "source": { "pointer": "/data/attributes/eventTypes/3" } } ] } The App Store Connect web portal also does not provide a checkmark option for subscribing to this event type. My questions are: Are the TestFlight build processing completion and beta build review completion webhook events coming soon, or do they already exist? Are there any other ways to get beta build events apart from polling?

Hello, I am trying to call the StoreKit In-App API, but I am consistently receiving a 401 Unauthenticated error. Here is what I have done so far: JWT creation (via https://jwt.io): Header: { "alg": "ES256", "kid": "**********", "typ": "JWT" } Payload: { "iss": "********-e662-43d2-be42-012d0138ce39", "aud": "appstoreconnect-v1", "iat": 1757389187, "exp": 1757390987 } Private Key (.p8): -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- Algorithm used: ES256 This generates the JWT successfully. API Call: I then include the JWT in the request header as follows: Authorization: Bearer ************ Endpoint: https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/2000001003740262 Response: Status: 401 Unauthenticated Request ID: S3KCYHDVRMDKUT3TZVTY3QRRWM.0.0 Has anyone else faced this issue? Is there something incorrect with how I’m generating the JWT (e.g., iat/exp values, formatting, or encoding)? Do I need to generate separate keys for Sandbox and Production, or is the same key valid for both? Any guidance would be appreciated. Thanks in advance!

TLDR; I can't get QueueName to work with matchmaking a turn-based match in Unity using matchmaking rules. Long version: I'm using the apple unity plugin found here: https://github.com/apple/unityplugins/blob/main/plug-ins/Apple.GameKit/Apple.GameKit_Unity/Assets/Apple.GameKit/Documentation~/Apple.GameKit.md I have created a Queue, RuleSet and a simple Rule to match players by following these docs tightly: https://developer.apple.com/documentation/gamekit/finding-players-using-matchmaking-rules. Here is the single rule I have that drives matchmaking: { "data" : { "type" : "gameCenterMatchmakingRules", "id" : "[hiddden-rule-id]", "attributes" : { "referenceName" : "ComplimentaryFactionPreference", "description" : "default desc", "type" : "MATCH", "expression" : "requests[0].properties.preference != requests[1].properties.preference", "weight" : null }, "links" : { "self" : "https://api.appstoreconnect.apple.com/v1/gameCenterMatchmakingRules/[hidden-rule-id]" } }, "links" : { "self" : "https://api.appstoreconnect.apple.com/v1/gameCenterMatchmakingRules" } } which belongs to a rule set which belongs to a queue. I have verified these are setup and linked via the App Store Connect API. Additionally, when I tested queue-based matchmaking without a queue established, I got an error in Unity. Now, with this, I do not. However there is a problem when I attempt to use the queue for matchmaking. I have the basic C# function here: public override void StartSearch(NSMutableDictionary<NSString, NSObject> properties) { if (searching) return; base.StartSearch(properties); //Establish matchmaking requests _matchRequest = GKMatchRequest.Init(); _matchRequest.QueueName = _PreferencesToQueue(GetSerializedPreferences()); _matchRequest.Properties = properties; _matchRequest.MaxPlayers = PLAYERS_COUNT; _matchRequest.MinPlayers = PLAYERS_COUNT; _matchTask = GKTurnBasedMatch.Find(_matchRequest); } The _PreferencesToQueue(GetSerializedPreferences()); returns the exact name of the queue I added my ruleset to. After this function is called, I poll the task generated from the .Find(...) function. Every time I run this function, a new match is created almost instantly. No two players are ever added to the same match. Further, I'm running two built game instances, one on a mac and another on an ipad and when I simultaneously test, I am unable to join games this way. Can someone help me debug why I cannot seem to match make when using a queue based approach?

Failed to fetch certificates: This request is forbidden for security reasons - Unable to find a team with the given Content Provider ID '72df6041-c291-4d95-b690-2a3b75ff72f6' to which you belong. Please contact Apple Developer Program Support. https://developer.apple.com/support

Failed to fetch certificates: This request is forbidden for security reasons - Unable to find a team with the given Content Provider ID '72df6041-c291-4d95-b690-2a3b75ff72f6' to which you belong. Please contact Apple Developer Program Support. https://developer.apple.com/support I have already confirmed that: All API keys were generated correctly. All required roles and permissions have been assigned in App Store Connect. To confirm my doubt, I requested api key from a fellow developer, and that worked in CodeMagic without throwing an error. Could you please help me figure out why the given Content Provider ID is not being recognized? Thank you.

We fetch the App Store Analytics – App Installs & Deletions (Daily) report via the Analytics Reports API and land each delivery into S3. The rows we ingest contain fields like Date, Event, Download Type, Counts, and Unique Devices. We’re trying to compute for example Installations and First-time downloads so our warehouse totals match the App Store Connect UI exactly, but our counts are consistently higher when we aggregate (with filter conditions being the same). Questions: (1) Official dedupe/versioning approach: What's the recommended approach to avoid double counting across API deliveries and to match the UI exactly? If later deliveries can revise past dates, what field(s) or process should we rely on to decide which records to keep for a given Date? (2) Completeness window: For daily data, is the recommended approach to publish rolling values that may change for a few days, or waiting until dates are considered “complete” before reporting? Any best-practice guidance would be helpful. Thanks!

Hi, In the AppstoreConnect website it's possible to retrieve the payments and estimated proceeds. Is it possible to recover it automaticaly with an API ? I saw "Payments and Proceeds" documentation (https://developer.apple.com/help/app-store-connect/getting-paid/view-payments-and-proceeds), and the "Download Sales and Trends Reports" API documentation (https://developer.apple.com/documentation/appstoreconnectapi/get-v1-salesreports). But none can retrieve the amount that Apple proceeds to the bank account. I need this because I sell in different countries with different currencies. And I manage different Apple accounts. Best Regards,

I am using v1/apps/{appid}/appPricePoints to get app pricepoints. Few days ago i noticed that calling v1/apps/{appid}/appPricePointsfilter[territory]=USA&limit=200 i get four pages but last page just reaches only 400$ pricepoint. As i can see also on App Store connect Then i have to click additional prices Please help what am i missing ?

I’m currently automating our iOS release pipeline with the App Store Connect API. TestFlight and App Store version creation are mostly working, but I’m stuck at the “submit for review” step. Below are the endpoint I’m calling, the payload, and the error I receive: > url: https://api.appstoreconnect.apple.com/v1/appStoreReviewSubmissions > method: POST > params: None > json: {'data': {'type': 'appStoreReviewSubmissions', 'relationships': {'appStoreVersion': {'data': {'type': 'appStoreVersions', 'id': '62db20b9-1bc6-4b1a-9b52-9834a807c377'}}}}} > response: <Response [404]> > ASCAPIError(404): The specified resource does not exist: The path provided does not match a defined resource type. | errors=[{'id': '32d2c224-0f1c-4592-a02d-a4f87b13b6b7', 'status': '404', 'code': 'NOT_FOUND', 'title': 'The specified resource does not exist', 'detail': 'The path provided does not match a defined resource type.'}] The official documentation app-store-version-submissions doesn't mention the endpoint, and I could not find any working example in open-source CLI tools. Questions: Does the App Store Connect API actually support submitting an App Store version for review? If yes, where can I find the exact endpoint & required scope documented? If no, is there a canonical list of what the API can and cannot do so I can confirm the limitation? Any pointers to docs or working code samples would be greatly appreciated.

I think there's been a recent change to the App Store Connect API; I claim that it's a bug. When querying App Store Connect API endpoints that return arrays, like https://api.appstoreconnect.apple.com/v1/apps, the response includes a links property, of type PagedDocumentLinks. https://developer.apple.com/documentation/appstoreconnectapi/pageddocumentlinks links should include a next link only if there's more data to provide, and, indeed, this is how it works for the /v1/apps endpoint. But when querying inAppPurchasesV2, I find that starting very recently (this week?) the API always returns a next link, even if there's no more data to show. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=APo&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw' }, meta: { paging: { total: 223, nextCursor: 'ASw', limit: 50 } } } If I request the next link, it will generate me another response with empty data and with a new cursor. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=AV4' }, meta: { paging: { total: 223, nextCursor: 'AV4', limit: 50 } } } Code I've written against this API (including my open-source library https://github.com/dfabulich/node-app-store-connect-api) assumes that if there's another links.next link, we should follow it; as a result, my code is looping infinitely, requesting empty data until eventually I have to give up. This issue doesn't affect other endpoints, like /v1/apps, just this inAppPurchasesV2 endpoint. Was this an intentional change? It seems to be a bug.

Hi! We are seeing increased number of 404s when trying to download sales report from reportingitc-reporter.apple.com/reportservice/sales/v1 We are using API version 2.2 Is anyone else facing these issues?

Hello, I’m currently using the App Store Connect API to automate report downloads. I’ve successfully downloaded data for Sales and Trends and Financial Reports via API. However, I noticed there’s also a “Payment Information” report listed here: 👉 https://developer.apple.com/help/app-store-connect/reference/reporting/payment-information Could you please confirm whether this report can also be retrieved via the App Store Connect API? If so, which endpoint or reportType / reportSubType should be used? I’ve reviewed the documentation here (https://developer.apple.com/documentation/appstoreconnectapi/downloading-analytics-reports ), but couldn’t find a match. Thanks a lot for your help!

I’m experiencing an issue while attempting to authenticate API calls to the App Store Connect API using a JWT token. I have App Manager permissions on my apple developer account. Despite following the official documentation and successfully verifying the JWT signature locally, I consistently receive the following response from the API: { "errors": [{ "status": "401", "code": "NOT_AUTHORIZED", "title": "Authentication credentials are missing or invalid.", "detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired." }] } import jwt import time from cryptography.hazmat.primitives import serialization from cryptography.hazmat.backends import default_backend from jwt.exceptions import InvalidSignatureError Replace with your own credentials KEY_ID = "<YOUR_KEY_ID>" ISSUER_ID = "<YOUR_ISSUER_ID>" PRIVATE_KEY_PATH = "AuthKey_<YOUR_KEY_ID>.p8" def generate_token(): """Generate a JWT for App Store Connect API authentication.""" with open(PRIVATE_KEY_PATH, "r") as f: private_key = f.read() header = { "alg": "ES256", "kid": KEY_ID, "typ": "JWT" } now = int(time.time()) payload = { "iss": ISSUER_ID, "iat": now, "exp": now + 1200, # Token valid for 20 minutes "aud": "appstoreconnect-v1" } token = jwt.encode(payload, private_key, algorithm="ES256", headers=header) return token def verify_token_signature(token): """Verify JWT signature locally using the public key derived from the .p8 private key.""" with open(PRIVATE_KEY_PATH, "rb") as key_file: private_key = serialization.load_pem_private_key( key_file.read(), password=None, backend=default_backend() ) # Derive public key from private key public_key = private_key.public_key() pem_public_key = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) try: decoded = jwt.decode( token, pem_public_key, algorithms=["ES256"], audience="appstoreconnect-v1" ) print("✅ JWT signature verified successfully.") print("Decoded payload:", decoded) except InvalidSignatureError: print("❌ JWT signature is invalid.") except Exception as e: print(f"❌ JWT verification failed: {e}") if name == "main": token = generate_token() print("Generated JWT:", token) verify_token_signature(token) Why might a JWT that is valid locally still fail authentication with a 401 NOT_AUTHORIZED error from the App Store Connect API? Are there any specific permission scopes required for API access beyond App Manager account access from Apple Store connect? Are there any known issues or additional configuration steps required for API key access? Is there a way to validate API access status for a specific key or account? Could you please share the correct example of JWT generation in Python for reference?

I'd like to report an issue with the "App Referrer" source segmentation in the App Store Connect Analytics API. Issue Summary When retrieving impression data via the App Store Connect Analytics API using groupBy=["sourceType", "sourceInfo"], the impressions attributed to specific referring apps (e.g., Facebook, Instagram) do not match the values ​​displayed in the App Store Connect web dashboard. Details The total impressions in the API and dashboard are completely consistent, with the report category: App Store Discovery and Engagement Standard_Daily. The aggregated "App Referrer" (overall category) is also consistent. However, the detailed segmentation data in "App Referrer" is inconsistent, with the report category: App Store Discovery and Engagement Detailed_Daily. For example: The web dashboard shows significantly more impressions attributed to Facebook or Instagram. The API returns fewer impressions for the same referral source. Furthermore, the API does not return any "unknown"/"other" referral source entries, and displays no data for presentations where the exact referring app cannot be identified. Therefore, the sum of all sourceInfo entries returned by the API is lower than the app referral source value displayed in the web dashboard. We have confirmed: This is not due to time zone differences—the totals are exactly the same. We used the same date range, region, and platform settings as the dashboard. The difference only appears in the detailed app referral source breakdowns (e.g., "Facebook," "Instagram"). The API does not return missing presentations under any category. Questions for Apple: Does the App Store Connect web interface aggregate presentations from unidentified or privacy-restricted referring apps into known app names (e.g., Facebook or Instagram)? Is it normal for the Analytics API not to expose these presentations when the exact referring app cannot be identified? What official logic does the App Store Connect use to determine and display specific app referral sources (e.g., Facebook, Instagram)? When the API returns fewer referral records than the dashboard, how can developers accurately reproduce the same detailed app referral breakdown data in their reports? Are there any known limitations or privacy thresholds in the API that affect the disclosure of sourceInfo? Other Information Endpoint: Analytics API (Impressions grouped by sourceType and sourceInfo) Metric: Impressions Grouping Criteria: sourceType, sourceInfo We want to understand how App Store Connect allocates impressions to specific third-party apps (e.g., Facebook, Instagram) in the dashboard, and why the Analytics API returns lower numbers for these referral sources.

I was using the Download Sales and Trends Reports API (GET https://api.appstoreconnect.apple.com/v1/salesReports), but at some point, the results started not displaying properly. (The reason for this is that all the +sales values ​​aren't showing up in the CSV file.) Below, I'll show you how to use the API in Python with a screenshot. (***** elements are hidden.) If anyone knows why, please let me know.

Hello, About 7-8 months ago, I received an e-mail stating that my apple developer account would be deleted after 30 days, and my account was deleted after 30 days. I tried to contact many times, I got hopeful each time, but the Apple team never gave a full explanation. They always responded saying they would be interested, but it never came to fruition. In fact, I was most excited when I received the following e-mail: Hello Oğuzcan, My name is Joel, and I’m a senior Advisor with Developer Support. Your case has been given to me for further handling, and I’m happy to follow up with you today. I understand that you have initiated a conversation in our developer forums. Please, provide us more information and show us the email that you received, so we will assist your better. Please, reply to the received email for obtaining more information as the appropriate team will be able to assist you better. Please, reply to this email if you have further questions. Have a great day. Best Regards, Joel Developer Support I was very hopeful when I read that he was a Senior Advisor. This e-mail came on July 28, 18:17, today is December 8, 2025. I'm giving up hope now, my account won't be opened again. My members ask why there are no iOS versions of my applications, this is very difficult for me. Does anyone have any recommendations? I filled out forms and created requests many times.