Not able to fetch public keys to verify the notification signedinfo/renewalinfo

App Store Distribution & Marketing General
anujgupta388 OP
Created 1w
Replies 1
Boosts 0
Views 64
Participants 2

Withouth authorization Bearer token: public static JWKSet getApplePublicKeys(String token) throws Exception { URL url = new URL("https://api.storekit.itunes.apple.com/inApps/v1/jwsPublicKeys"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("GET"); conn.setRequestProperty("Accept", "application/json");

	int status = conn.getResponseCode();
	InputStream stream = (status >= 200 && status < 300)
			? conn.getInputStream()
			: conn.getErrorStream();

	String body = new BufferedReader(new InputStreamReader(stream))
			.lines()
			.reduce("", (acc, line) -> acc + line);
	System.out.println("HTTP " + status + ": " + body);

	// load JWKSet from JSON string
	try (InputStream in = new ByteArrayInputStream(body.getBytes(StandardCharsets.UTF_8))) {
		return JWKSet.load(in);
	}
}

With authorization Bearer token: public static JWKSet getApplePublicKeys(String token) throws Exception { URL url = new URL("https://api.storekit.itunes.apple.com/inApps/v1/jwsPublicKeys"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setRequestMethod("GET"); conn.setRequestProperty("Accept", "application/json"); conn.setRequestProperty("Authorization", "Bearer <token>");

	int status = conn.getResponseCode();
	InputStream stream = (status >= 200 && status < 300)
			? conn.getInputStream()
			: conn.getErrorStream();

	String body = new BufferedReader(new InputStreamReader(stream))
			.lines()
			.reduce("", (acc, line) -> acc + line);
	System.out.println("HTTP " + status + ": " + body);

	// load JWKSet from JSON string
	try (InputStream in = new ByteArrayInputStream(body.getBytes(StandardCharsets.UTF_8))) {
		return JWKSet.load(in);
	}
}

Below is the my production and sandbox URls: Sandbox: https://api.storekit-sandbox.itunes.apple.com/inApps/v1/jwsPublicKeys

Production: https://api.storekit.itunes.apple.com/inApps/v1/jwsPublicKeys

Kindly help me with this. If I am doing anything wrong, please let me know. I tried using the token in the URL, and it gives me a 404. If I hit the endpoint without the token, it returns a 401. Please assist me.

Replies  1
Boosts  0
Views  64
Participants  2
App Store Commerce Engineer OP
Apple
1w

@anujgupta388 That's not a URL we offer and we don't use JWKs. I recommend checking out the App Store Server Library Java based on the code you shared, it has a SignedDataVerifier class which will do what you are looking for.

https://github.com/apple/app-store-server-library-java

0
Not able to fetch public keys to verify the notification signedinfo/renewalinfo
First post date Last post date
 
 
Q