Notarize with Enterprise API Key

Hello!

I've been facing an issue with notarizing a macOS app with an Enterprise API Key.

Due to some misunderstanding setting up the project some years ago, the notarization step was using a developer's accounts API Key. I am looking to fix it to have everything centralized in the Enterprise account we work with, but I get "Debug [JWT] Generating new JWT for key ID" with the new key. This is using the xcrun notarytool directly to get more input.

Using Fastlane it fails as: Error polling for notarization info: [11:29:25]: unexpected token at ''

The project is deployed via MDM, so we need it to prevent the security warning.

I used this documentation to create the key: https://developer.apple.com/documentation/enterpriseprogramapi/creating-api-keys-for-enterprise-program-api

I have tried a Developer and an Admin access key, and the Account Holder has also created an Admin key but the errors keep the same.

I just updated my Fastlane script to use the new key with the updated values. The old developer account key still works.

I am not sure if I am missing any steps in the documentation or if this is not achievable.

Important to add that all the profiles and certificates were already set up properly in the Enterprise account, the only error was using an App Store Connect Key instead of an Enterprise Key.

Thanks in advance for the help.

I followed this other documentation: https://developer.apple.com/documentation/enterpriseprogramapi/generating-tokens-for-api-requests and generated a JWT token manually.

With it, I could curl -v -H 'Authorization: Bearer ' "https://api.enterprise.developer.apple.com/v1/certificates" with success, but for https://appstoreconnect.apple.com/notary/v2/submissions? it fails with 401.

Failed for both keys, Developer and Admin access.

I also tried changing "aud": from apple-developer-enterprise-v1 to appstoreconnect-v1, just for the sake of trying.

Hi there, I'm sorry to hear that the API keys aren't working as expected.

The notarytool log line of Debug [JWT] Generating new JWT for key ID doesn't itself indicate failure, but it does look like you've tried a few of the same debugging steps I would have recommended, such as manual curl commands.

Could you file a bug report so we can investigate these specific cases further? You can select the 'Developer Tools & Resources' topic and mention the Apple Notary service or notarytool. Please post the bug report number here, I can take a look at the details on our end.

Please include a full set of recent stderr logs from notarytool with the --verbose flag. For cURL requests, please include the full command with any authorization or tokens redacted, as well as the returned "Request ID" or "x-apple-jingle-correlation-key" header value so we can investigate your specific failed request.

Hello!!

I am copying the answer and posting here in case comments don't get the same visibility.

I believe this is the bug number: FB15939005. One thing I forgot to add in the post but I added to the bug is, the Enterprise Key is much smaller than the Developer key, something like half the characters between ---begin key--- and ---end key---.

Please let me know if I can be of more support or if I missed something.

Thanks again for the help.

Notarize with Enterprise API Key
 
 
Q