I'm unexpectedly getting 403 status codes when calling the perfPowerMetrics APIs for any arbitrary app on my account.
This worked last week, it is not working now. I have since revoked keys and recreated admin and developer keys--no luck, still getting 403. I've been working with the analytics APIs lately so I don't know exactly when the power and performance API stopped working.
I've narrowed it down to something related to the token scope. When I have a scope on this endpoint of "GET /v1/apps/1234567890/perfPowerMetrics" it is rejected -- but the docs say I can create a token and reduce its scope like this. When I remove the scope and let the token be unbounded, the API call returns a valid response.
FB22313063 - App Store Connect API: Fetching xcode metrics with an admin key generated token results in a 403 unexpectedly
Since adopting a newer AppStoreConnect API OpenAPI spec, the trailing '/' in the server was added back; this was something I manually patched last summer.
Without the patch to remove the trailing '/', when used with the Swift OpenAPI Generator, a URL with two slashes is produced which was invalid against the SCOPE of the token evidently.
Notice .com//v1 and the double slash.
https://api.appstoreconnect.apple.com//v1/apps/1672441148/perfPowerMetrics
There is nothing wrong with the App Store Connect API itself other than perhaps the scope should honor two slashes since the spec declares it?
I submitted a feedback for this last summer to have the Apple minted OpenAPI spec remove the trailing slash in the server url.
FB18389250 - AppStoreConnect API: OpenAPI spec file has a server trailing '/' which results in Swift OpenAPI Generator code to have paths with two slashes unexpectedly