The token is legitimate, however I keep getting bad requests (400). The payload may not be accurate.
- No document with the appropriate payload structure is visible to me.
- Receipt.bin was tried, but the file content could not be verified.
Referring this URL: https://developer.apple.com/documentation/devicecheck/assessing-fraud-risk
Here is my server side Java code:
private static String sendAttestationWithPayload(String jwt, String keyId, String attestationData, String clientData) throws Exception { // Create JSON payload JSONObject payload = new JSONObject(); payload.put("keyId", keyId); payload.put("attestationData", attestationData); payload.put("clientData", clientData);
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create(APPLE_ATTESTATION_URL))
.header("Authorization", "Bearer " + jwt)
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString(payload.toString()))
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
handleResponse(response);
return response.body();
}