Receiving 404 Error for APNs Server Notifications When Validating signedPayload

Hi everyone,

I'm experiencing an issue with APNs server notifications where I receive a 404 error when trying to validate the signedPayload from Apple's notification. Below is a sanitized version of my code:

class ServerNotificationAppleController extends Controller
{
    // URL for StoreKit keys (Sandbox environment)
    private $storeKitKeysUrl = 'https://api.storekit-sandbox.itunes.apple.com/inApps/v1/keys';
 
    public function handleNotification(Request $request)
    {
        \Log::info($request);
        
        $signedPayload = $request->input('signedPayload');
 
        if (!$signedPayload) {
            return response()->json(['error' => 'signedPayload not provided'], 400);
        }
 
        // Step 1: Create your JWT token (token creation logic can be in a separate service)
        $jwtToken = $this->generateAppleJWT();
 
        // Step 2: Send a request to the StoreKit keys endpoint
        $response = Http::withHeaders([
            'Authorization' => 'Bearer ' . $jwtToken,
        ])->get($this->storeKitKeysUrl);
 
        Log::info('Apple Keys Status:', ['status' => $response->status()]);
        Log::info('Apple Keys Body:', ['body' => $response->body()]);
 
        if ($response->status() !== 200) {
            return response()->json(['error' => "Apple public keys couldn't be retrieved"], 401);
        }
 
        $keysData = $response->json();
 
        // Step 3: Validate the signedPayload
        $validatedPayload = $this->validateSignedPayload($signedPayload, $keysData);
 
        if (!$validatedPayload) {
            return response()->json(['error' => 'Invalid signedPayload'], 400);
        }
 
        // Process the validated data as needed
        Log::info("Apple Purchase Data:", (array)$validatedPayload);
 
        return response()->json(['message' => 'Notification processed successfully'], 200);
    }
 
    private function generateAppleJWT()
    {
        // API key details (replace placeholders with actual values)
        $keyId = config('services.apple.key_id');         // e.g., <YOUR_KEY_ID>
        $issuerId = config('services.apple.issuer_id');       // e.g., <YOUR_ISSUER_ID>
        $privateKey = file_get_contents(storage_path(config('services.apple.private_key')));
 
        // Set current UTC time and expiration time (20 minutes later)
        $nowUtc = Carbon::now('UTC');
        $expirationUtc = $nowUtc->copy()->addMinutes(20);
 
        // Create the payload with UTC timestamps
        $payload = [
            'iss' => $issuerId,
            'iat' => $nowUtc->timestamp,
            'exp' => $expirationUtc->timestamp,
            'aud' => 'appstoreconnect-v1',
            'bid' => 'com.example.app', // Replace with your Bundle ID if necessary
        ];
 
        // Generate the JWT token
        return JWT::encode($payload, $privateKey, 'ES256', $keyId);
    }
 
    private function validateSignedPayload($signedPayload, $keysData)
    {
        try {
            $jwkKeys = JWK::parseKeySet($keysData);
            return JWT::decode($signedPayload, $jwkKeys, ['RS256']);
        } catch (\Exception $e) {
            Log::error("Apple Purchase Validation Error: " . $e->getMessage());
            return null;
        }
    }
}

I’m particularly puzzled by the fact that I receive a 404 error when trying to retrieve the public keys from the StoreKit keys endpoint. Has anyone encountered this issue or can provide insight into what might be causing the error?

Any help or suggestions would be greatly appreciated. Thanks!