I'm trying to get a response from Look Up Order ID. I have the following code to test the JWT token is working:
var {KJUR, KEYUTIL} = require('jsrsasign');
var uuid = require('uuid');
var moment = require('moment');
var axios = require('axios');
var R = require('ramda');
function fixPrivateKeyReturnLine(privKey) {
const privateKeyPatcher = R.replace(new RegExp("\\\\n", "\g"), "\n");
return privateKeyPatcher(privKey);
}
function getToken(){
var oHeader = {alg: 'ES256', typ: 'JWT', kid: `${process.env.APPLE_KEY_ID}`};
var oPayload = {
iss: `${process.env.APPLE_ISS}`,
iat: moment().unix(),
exp: moment().add(20, 'minutes').unix(),
aud: 'appstoreconnect-v1',
nonce: uuid.v4(),
bid: 'com.XXXXX.YYYYY', // Bundle -> attributes.identifier
}
var sHeader = JSON.stringify(oHeader);
var sPayload = JSON.stringify(oPayload);
var secret = fixPrivateKeyReturnLine(process.env.APPLE_API_KEY);
var prvKey = KEYUTIL.getKey(secret);
return KJUR.jws.JWS.sign('ES256', sHeader, sPayload, prvKey);
}
function getByOrderId(url, orderId){
var axiosHeaders = {
headers: {
"Authorization": `Bearer ${getToken()}`,
"Content-Type": "application/json"
}
}
return axios.get(`${url}/${orderId}`, axiosHeaders)
.then( res => console.log(`Response ---> ${res}`))
.catch( err => console.log(`ERROR ---> ${err}`))
}
getByOrderId('https://api.storekit.itunes.apple.com/inApps/v1/lookup', 'order_id');
// Response Production: ERROR ---> Error: Request failed with status code 401
getByOrderId('https://api.storekit-sandbox.itunes.apple.com/inApps/v1/lookup', 'order_id');
// Response Sandbox: ERROR ---> Error: Request failed with status code 404
When I create the JWT and hit Sandbox I get 404 (Not found), which makes me think the token is well generated. If I change the endpoint to Production URL I get 401 (Unauthorized).
Do I need to create 2 In-Apps keys for each environment? Should I use App Store Connect API keys? How can I check/debug where is the error on the Production endpoint? or Is there anything am I missing?