Failed to fetch certificates: This request is forbidden for security reasons - Unable to find a team with the given Content Provider ID '72df6041-c291-4d95-b690-2a3b75ff72f6' to which you belong. Please contact Apple Developer Program Support. https://developer.apple.com/support I have already confirmed that: All API keys were generated correctly. All required roles and permissions have been assigned in App Store Connect. To confirm my doubt, I requested api key from a fellow developer, and that worked in CodeMagic without throwing an error. Could you please help me figure out why the given Content Provider ID is not being recognized? Thank you.

I’m currently automating our iOS release pipeline with the App Store Connect API. TestFlight and App Store version creation are mostly working, but I’m stuck at the “submit for review” step. Below are the endpoint I’m calling, the payload, and the error I receive: > url: https://api.appstoreconnect.apple.com/v1/appStoreReviewSubmissions > method: POST > params: None > json: {'data': {'type': 'appStoreReviewSubmissions', 'relationships': {'appStoreVersion': {'data': {'type': 'appStoreVersions', 'id': '62db20b9-1bc6-4b1a-9b52-9834a807c377'}}}}} > response: <Response [404]> > ASCAPIError(404): The specified resource does not exist: The path provided does not match a defined resource type. | errors=[{'id': '32d2c224-0f1c-4592-a02d-a4f87b13b6b7', 'status': '404', 'code': 'NOT_FOUND', 'title': 'The specified resource does not exist', 'detail': 'The path provided does not match a defined resource type.'}] The official documentation app-store-version-submissions doesn't mention the endpoint, and I could not find any working example in open-source CLI tools. Questions: Does the App Store Connect API actually support submitting an App Store version for review? If yes, where can I find the exact endpoint & required scope documented? If no, is there a canonical list of what the API can and cannot do so I can confirm the limitation? Any pointers to docs or working code samples would be greatly appreciated.

I am using v1/apps/{appid}/appPricePoints to get app pricepoints. Few days ago i noticed that calling v1/apps/{appid}/appPricePointsfilter[territory]=USA&limit=200 i get four pages but last page just reaches only 400$ pricepoint. As i can see also on App Store connect Then i have to click additional prices Please help what am i missing ?

TLDR; I can't get QueueName to work with matchmaking a turn-based match in Unity using matchmaking rules. Long version: I'm using the apple unity plugin found here: https://github.com/apple/unityplugins/blob/main/plug-ins/Apple.GameKit/Apple.GameKit_Unity/Assets/Apple.GameKit/Documentation~/Apple.GameKit.md I have created a Queue, RuleSet and a simple Rule to match players by following these docs tightly: https://developer.apple.com/documentation/gamekit/finding-players-using-matchmaking-rules. Here is the single rule I have that drives matchmaking: { "data" : { "type" : "gameCenterMatchmakingRules", "id" : "[hiddden-rule-id]", "attributes" : { "referenceName" : "ComplimentaryFactionPreference", "description" : "default desc", "type" : "MATCH", "expression" : "requests[0].properties.preference != requests[1].properties.preference", "weight" : null }, "links" : { "self" : "https://api.appstoreconnect.apple.com/v1/gameCenterMatchmakingRules/[hidden-rule-id]" } }, "links" : { "self" : "https://api.appstoreconnect.apple.com/v1/gameCenterMatchmakingRules" } } which belongs to a rule set which belongs to a queue. I have verified these are setup and linked via the App Store Connect API. Additionally, when I tested queue-based matchmaking without a queue established, I got an error in Unity. Now, with this, I do not. However there is a problem when I attempt to use the queue for matchmaking. I have the basic C# function here: public override void StartSearch(NSMutableDictionary<NSString, NSObject> properties) { if (searching) return; base.StartSearch(properties); //Establish matchmaking requests _matchRequest = GKMatchRequest.Init(); _matchRequest.QueueName = _PreferencesToQueue(GetSerializedPreferences()); _matchRequest.Properties = properties; _matchRequest.MaxPlayers = PLAYERS_COUNT; _matchRequest.MinPlayers = PLAYERS_COUNT; _matchTask = GKTurnBasedMatch.Find(_matchRequest); } The _PreferencesToQueue(GetSerializedPreferences()); returns the exact name of the queue I added my ruleset to. After this function is called, I poll the task generated from the .Find(...) function. Every time I run this function, a new match is created almost instantly. No two players are ever added to the same match. Further, I'm running two built game instances, one on a mac and another on an ipad and when I simultaneously test, I am unable to join games this way. Can someone help me debug why I cannot seem to match make when using a queue based approach?

Hi, In the AppstoreConnect website it's possible to retrieve the payments and estimated proceeds. Is it possible to recover it automaticaly with an API ? I saw "Payments and Proceeds" documentation (https://developer.apple.com/help/app-store-connect/getting-paid/view-payments-and-proceeds), and the "Download Sales and Trends Reports" API documentation (https://developer.apple.com/documentation/appstoreconnectapi/get-v1-salesreports). But none can retrieve the amount that Apple proceeds to the bank account. I need this because I sell in different countries with different currencies. And I manage different Apple accounts. Best Regards,

Failed to fetch certificates: This request is forbidden for security reasons - Unable to find a team with the given Content Provider ID '72df6041-c291-4d95-b690-2a3b75ff72f6' to which you belong. Please contact Apple Developer Program Support. https://developer.apple.com/support

Hello, I am trying to call the StoreKit In-App API, but I am consistently receiving a 401 Unauthenticated error. Here is what I have done so far: JWT creation (via https://jwt.io): Header: { "alg": "ES256", "kid": "**********", "typ": "JWT" } Payload: { "iss": "********-e662-43d2-be42-012d0138ce39", "aud": "appstoreconnect-v1", "iat": 1757389187, "exp": 1757390987 } Private Key (.p8): -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- Algorithm used: ES256 This generates the JWT successfully. API Call: I then include the JWT in the request header as follows: Authorization: Bearer ************ Endpoint: https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/2000001003740262 Response: Status: 401 Unauthenticated Request ID: S3KCYHDVRMDKUT3TZVTY3QRRWM.0.0 Has anyone else faced this issue? Is there something incorrect with how I’m generating the JWT (e.g., iat/exp values, formatting, or encoding)? Do I need to generate separate keys for Sandbox and Production, or is the same key valid for both? Any guidance would be appreciated. Thanks in advance!

Hi All! Ever since the new PLA I have issues with adding my entitlements to my profiles. Previously when adding an entitlement I used the format [entitlementName] [AppId] [type] e.g. Apple Pay Pass Suppression [AppId] Development However ever since the new PLA I get an warning in my terminal that the template name is not supported by the App Store Connect API. Anyone that can help me out with the new format? I cant seem to find any helpful documentation online. Thanks! PS: the link in the screenshot points to this website: https://docs.fastlane.tools/actions/match/#managed-capabilities The naming strategy the use on the website doesnt work either: Apple Pay Pass Suppression Development

What App Store Connect API endpoint(s) do I need to use to get the release dates of an app's various app versions? On App Store Connect itself, I can navigate to a given app and select "History", on the left side under General. See screenshot: In the screenshot, you can clearly see that version 1.9 became Ready for Distribution on Nov 12, 2024 at 3:28 AM, and that version 1.10 became Ready for Distribution on February 18, 2025 at 8:10 AM. However, I haven't been able to find to get any of these detailed status history via the App Store Connect API. Specifically I'm looking for release, or "go live", dates for the various versions of a given app. I'd have expected one of these API endpoints, or some combination thereof, to include this information in some way, but I'm just not finding it: GET https://api.appstoreconnect.apple.com/v1/apps/{id}/appStoreVersions GET https://api.appstoreconnect.apple.com/v1/appStoreVersions/{id} GET https://api.appstoreconnect.apple.com/v1/apps/{id}/builds GET https://api.appstoreconnect.apple.com/v1/apps/{id}/reviewSubmissions I've submitted FB16730940 and also via TSI.

I tried to use the Connect app this morning and it said a developer account was needed. On the contrary, I am the account holder, which is what the CTA to fix the issue in the app stated to ask for access from. Then I tried to sign in directly on the website and it also didn't respond there. FB19906255 - App Store Connect: Connect app not responding and neither is App Store Connect portal Aug 26, 8:15 AM Central Posting in case others run into this, I have not seen the developer status page report anything yet: https://developer.apple.com/system-status/

Requesting your assistance with the error shown in the screenshot below. Our team hit this snag in our first attempt to get a build out. X Failed to register bundle identifier com.fourleaf.clara Apple 403 detected - Access forbidden. This request is forbidden for security reasons - You currently don't have access to this membership resource. Contact your team's Account Holder, Alyssa L*****, or an Admin. Error: build command failed. Our initial thought was that the Apple account admin (Alyssa) needed to log in to https://developer.apple.com/account and accept the latest Terms Of Services. Alyssa logged in, but does not have any agreements awaiting acceptance. The last agreement issued -- she approved on 6/10. Screenshot also attached below. Can you please advise us as to how to resolve this build error and issue?

Context We hold an Apple Developer Program team account and rely on: • Reporter tool – for downloading financial reports (Sales and Trends, etc.) • App Store Connect API – for retrieving subscription, refund, and other sales data We are facing several management challenges: The Developer portal shows no history of Reporter or API requests. Once team members are granted access, we cannot verify their exact actions (download time, report type, date range, etc.). Lack of permission-usage auditing makes it hard to judge whether an action is legitimate or poses potential risk. Questions Does Apple provide an official way to view detailed request logs for the Reporter tool or the App Store Connect API? • If yes, please indicate where to access them (developer portal location or API endpoint) and what fields are included (timestamp, account used, request parameters, etc.). If no built-in logging exists, are there any alternative methods to help teams monitor permission usage? • For example, an event-notification mechanism when reports are generated or data is pulled. Are there plans to introduce an auditing feature in the future? If so, is there an estimated release timeframe? Thanks in advance for any guidance!

Hi, Recently our App is facing a generic error with no error details. This error is happening once Build has been successfully uploaded to AppStore Connect through Xcode Organiser. Steps followed while uploading the build: Archive the Build through Xcode Once Archive is successful, Distributing the App through Xcode Organiser using AppStore Connect distribution method. Build Uploaded successfully to AppStore Connect After 5 min we are receiving a email with below message Hello, We noticed one or more issues with a recent delivery for the following app: AppName App Apple ID 2121111 Version 3.6.9 Build 75 Please correct the following issues and upload a new binary to App Store Connect. ITMS-90755: Invalid Binary - The following binaries in your app contains prohibited instructions: AppName.app/AppName. Remove the instructions from the binaries, rebuild and resubmit. Apple Developer Relations Solutions tried till now Updating Xcode to latest version of 16.4 Recreating new Distribution certificates and Provisioning Profiles Clearing DerivedData and cleaning Build Folder This issue seems to be occurring recently only since launch of Xcode 16.4 Other Device info Macbook Pro macOS: Sequoia 15.5 Xcode: 16.4

Title Can’t accept App Store Connect team invitation – link forces “Create Apple ID” and rejects my existing e-mail Problem I just received an “X has invited you to access App Store Connect” e-mail. When I click Accept invitation, the browser opens the Apple ID page but it shows the “Create your Apple ID” form instead of a sign-in screen. If I enter my normal address, the form shows the red error: This email address is not available. Please choose another. Context I already have an Apple ID on that exact e-mail address. I was a member of a different App Store Connect team until this morning; I left that team before clicking the new invitation. Question How can I accept the invitation with my existing Apple ID instead of being forced to create a new one ?

Good morning, I am configuring in backend the sending of reports regarding purchases made in app with external platform (Stripe) as per documentation. To be clear I am talking about ExternalPurchase. However, when I make the call it returns "Apple responded with status 401". I verified the token on jwt.io as per documentation and it is working. I don't understand where I am going wrong. Below is the code: const express = require("express"); const bodyParser = require("body-parser"); const jwt = require("jsonwebtoken"); const fs = require("fs"); const app = express(); const https = require("https"); const APPLE_KEY_ID = "xxx"; const APPLE_ISSUER_ID = "xxx-xxx-xxx-xxx-xxx"; const APPLE_PRIVATE_KEY = fs.readFileSync("AuthKey_xxx.p8", "utf8"); const APPLE_AUDIENCE = "appstoreconnect-v1"; function generateAppleJwt() { const now = Math.floor(Date.now() / 1000); const payload = { iss: APPLE_ISSUER_ID, iat: now, exp: now + (5 * 60), aud: APPLE_AUDIENCE }; return jwt.sign(payload, APPLE_PRIVATE_KEY, { algorithm: "ES256", header: { alg: "ES256", kid: APPLE_KEY_ID, typ: "JWT" } }); } app.post('/webhook', bodyParser.json({ type: 'application/json' }), async (req, res) => { let eventType = req.body.type; const relevantEvents = [ "invoice.paid" ]; if (relevantEvents.includes(eventType)) { try { const data= req.body.data; const platform = data.object.subscription_details.metadata.platform; if (platform === "IOS") { const token = generateAppleJwt(); const applePayload = { appAppleId: "xxx", bundleId: 'com.xxx.xxx.test', externalPurchaseId: data.object.id, purchaseTime: new Date(data.object.created * 1000).toISOString(), purchaseAmount: { amount: (data.object.total / 100).toFixed(2), currencyCode: data.object.currency.toUpperCase() }, purchaseLocation: { isoCountryCode: "IT" } }; const jsonString = JSON.stringify(applePayload); const agent = new https.Agent({ keepAlive: false }); const response = await fetch( "https://api.storekit-sandbox.apple.com/externalPurchase/v1/reports", { method: "PUT", headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json", "Accept-Encoding": "identity", }, body: JSON.stringify(applePayload), } ); if (!response.ok) { const errorText = await response.text(); throw new Error( `Apple responded with status ${response.status}: ${errorText}` ); } console.log("✅ Notifica inviata ad Apple con successo"); } else { if(!canSendNotification){ console.log("Non è una Sub. Nessuna notifica inviata."); }else{ console.log("Customer non iOS. Nessuna notifica inviata."); } } } catch (err) { console.error("Errore durante l’invio ad Apple:"); if (err.response) { console.error("Status:", err.response.status); console.error("Headers:", err.response.headers); console.error("Data:", err.response.data); } else { console.error("Message:", err.message); } } } res.status(200).send("OK"); }); exports.checkSubStripe = functions.https.onRequest(app);

Good morning, I am configuring in backend the sending of reports regarding purchases made in app with external platform (Stripe) as per documentation. To be clear I am talking about ExternalPurchase. However, when I make the call it returns "Apple responded with status 401". I verified the token on jwt.io as per documentation and it is working. I don't understand where I am going wrong. Below I share the code with you: const express = require("express"); const bodyParser = require("body-parser"); const jwt = require("jsonwebtoken"); const fs = require("fs"); const app = express(); const https = require("https"); const APPLE_KEY_ID = "XXXXX"; const APPLE_ISSUER_ID = "xxx-xxx-xxx-xx-xxxxxx"; const APPLE_PRIVATE_KEY = fs.readFileSync("AuthKey_xxxxx.p8", "utf8"); const APPLE_AUDIENCE = "appstoreconnect-v1"; function generateAppleJwt() { const now = Math.floor(Date.now() / 1000); const payload = { iss: APPLE_ISSUER_ID, iat: now, exp: now + (5 * 60), aud: APPLE_AUDIENCE }; return jwt.sign(payload, APPLE_PRIVATE_KEY, { algorithm: "ES256", header: { alg: "ES256", kid: APPLE_KEY_ID, typ: "JWT" } }); } app.post('/webhook', bodyParser.json({ type: 'application/json' }), async (req, res) => { let eventType = req.body.type; const relevantEvents = [ "invoice.paid" ]; if (relevantEvents.includes(eventType)) { try { const data= req.body.data; const platform = data.object.subscription_details.metadata.platform; if (platform === "IOS") { const token = generateAppleJwt(); const applePayload = { appAppleId: "xxxx", bundleId: 'com.xxx.xxx.test', externalPurchaseId: data.object.id, purchaseTime: new Date(data.object.created * 1000).toISOString(), purchaseAmount: { amount: (data.object.total / 100).toFixed(2), currencyCode: data.object.currency.toUpperCase() }, purchaseLocation: { isoCountryCode: "IT" } }; const jsonString = JSON.stringify(applePayload); const agent = new https.Agent({ keepAlive: false }); const response = await fetch( "https://api.storekit-sandbox.apple.com/externalPurchase/v1/reports", { method: "PUT", headers: { Authorization: `Bearer ${token}`, "Content-Type": "application/json", "Accept-Encoding": "identity", }, body: JSON.stringify(applePayload), } ); if (!response.ok) { const errorText = await response.text(); throw new Error( `Apple responded with status ${response.status}: ${errorText}` ); } console.log("✅ Notifica inviata ad Apple con successo"); } else { if(!canSendNotification){ console.log("Non è una Sub. Nessuna notifica inviata."); }else{ console.log("Customer non iOS. Nessuna notifica inviata."); } } } catch (err) { console.error("Errore durante l’invio ad Apple:"); if (err.response) { console.error("Status:", err.response.status); console.error("Headers:", err.response.headers); console.error("Data:", err.response.data); } else { console.error("Message:", err.message); } } } res.status(200).send("OK"); }); exports.checkSubStripe = functions.https.onRequest(app);

My admin has given me (App Manager) the permission to create API keys. If I visit my profile, I can see that permission ticked, and the "Individual API Key" section is now visible where it was not before. However, there is no button to create an individual API key. What else do we need to do to make this option available?

As of June 9, 2025 we are no longer able to automate the creation of our offline provisioning profiles that we used to do on a weekly basis for testing of our internal products offline. I am not sure if the isOfflineProfile was an undocumented attribute that we were using, or if it was deprecated or if the removal of that capability was an oversight. The release notes for 4.0 of the API don't mention a deprecation. https://developer.apple.com/documentation/appstoreconnectapi/app-store-connect-api-4-0-release-notes When making the request to the v1/profiles endpoint to create the provisioning profile we now receive the following response: { "status": "409", "code": "ENTITY_ERROR.ATTRIBUTE.UNKNOWN", "title": "The provided entity includes an unknown attribute", "detail": "'isOfflineProfile' is not an attribute on the resource 'profiles'", "source": { "pointer": "/data/attributes/isOfflineProfile" } }

Hello, I am thinking of developing a parental control app but I do not know if I need to request the api for using "Time Screen API". In positive case, where it should be? Is there anyway to use this for educational centers? Not just for families? Kind regards.

I'm using App Store Connect API to automate onboarding/off-boarding user invitations for my team members when they start working on my app. Once devs join the team, I'd like to invite them to the specific app's beta test group. This requires some additional work after the user has joined the team because unlike visibleApps, there's no way to initially indicate the beta test groups that a user should have access to. One challenge I'm finding is that people don't immediately join the team on time so polling feels a bit excessive/wasteful. Is there some recommended mechanism for adding users to the internal test flight group, or is there a way to trigger a webhook when the list of users is updated. I noticed that there's a new /v1/marketplaceWebhooks API so I imagine this is the recommended format for registering callbacks. Any assistance here would be greatly appreciated.