I use PHP language to obtain our App customer reviews and generate token code as follows:
$privateKeyResource = PRIVATE_KEY; $keyId = KEY_ID; $alg = 'ES256'; $token = JWT::encode([ 'iss' => '29960467-xxxx-xxxx-xxxx-2aa42ec3e66d', 'iat' => time(), 'exp' => time() + 300, 'aud' => 'appstoreconnect-v1', "scope" => [ "GET /v1/customerReviews", ] ], $privateKeyResource, $alg, $keyId, [ "alg" => "ES256", "kid" => $keyId, "typ" => "JWT" ]);
But the api responds with 403, detailed response:
{"errors":[{"id":"26I4HZDVWBVNX5HI33OINP753Q","status":"403","code":"FORBIDDEN.REQUEST_DOES_NOT_MATCH_SCOPE","title":"This request does not match the scope specified in the API token.","detail":"The request RequestData(method=POST, path=/v1/appStoreVersions/1612795156/customerReviews, query=null) does not match any authorized scope: [RequestData(method=GET, path=/v1/customerReviews, query=null)]","links":{"see":"https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests"}}]}