401 NOT_AUTHORIZED

I has api keys, but when i request appstore connect api, it return 401 NOT_AUTHORIZED.


payload = {

'iss': '***-xx',

'exp': int(time.time()),

'aud': 'appstoreconnect-v1'

}



header = {

'alg': 'ES256',

'kid': '***'

}


This is the response.

{

"errors": [

{

"status": "401",

"code": "NOT_AUTHORIZED",

"title": "Authentication credentials are missing or invalid.",

"detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"

}

]

}

I found the reason, remove 'alg' from header, and it works.


Maybe the document should be update.

you are my hero!

Today,I also meeting this problem,I try your method 。But it`s don`t resolve my problem。Help me ,please!

I am facing the same problem. Can you please help in figuring out the reason of error? For me after removing alg attribute from header, the problem still persists.

What I do to get my JWT:

I am using a Python Library (authlib) to generate my JWT.

import datetime

from authlib.jose import jwt

def main():
    header = {
        'alg': 'ES256',
        'kid': '##########',
        'typ': 'JWT'
    }

    payload = {
        'iss': '################################',
        'aud': 'appstoreconnect-v1'
        'exp': int(datetime.datetime.now().timestamp()) + 1200 # token good for 20 min, as per https://developer.apple.com/go/?id=api-generating-tokens
    }

    key = open('AuthKey_##########.p8', 'r').read()
    token = jwt.encode(cls.header, cls.payload, key).decode('utf-8')

    print(token)

if __name__ == '__main__':
    main()

I then use that token in a form similar to 'Authorization: Bearer $token' in a GET.

401 NOT_AUTHORIZED
 
 
Q