Title: WeatherKit REST API returns 401 NOT_ENABLED although App ID and WeatherKit key are enabled
Body: I am integrating WeatherKit REST API for an iOS app, but every request returns:
HTTP 401 {"reason":"NOT_ENABLED"}
Configuration summary:
- The App ID has WeatherKit enabled in App Services.
- The App ID also has WeatherKit enabled in Capabilities.
- The WeatherKit key shows WeatherKit enabled in the Keys page.
- A Service ID has been created.
- The backend generates an ES256 JWT using the .p8 private key.
- The decoded JWT header and payload have been verified.
I have redacted the actual Team ID, Key ID, Bundle ID, and Service ID here for security reasons.
Test A:
- JWT header.id = TEAM_ID.SERVICE_ID
- JWT payload.iss = TEAM_ID
- JWT payload.sub = SERVICE_ID
- kid = WEATHERKIT_KEY_ID
- exp - iat = 3600 seconds
Result: HTTP 401 {"reason":"NOT_ENABLED"}
Test B:
- JWT header.id = TEAM_ID.BUNDLE_ID
- JWT payload.iss = TEAM_ID
- JWT payload.sub = BUNDLE_ID
- kid = WEATHERKIT_KEY_ID
- exp - iat = 3600 seconds
Result: HTTP 401 {"reason":"NOT_ENABLED"}
Since Apple returns NOT_ENABLED instead of INVALID_AUTH_TOKEN, the JWT appears to be structurally accepted, but WeatherKit is not enabled for the authenticated identifier/key combination.
Questions:
- For WeatherKit REST API, should the JWT sub claim use the Service ID or the App Bundle ID?
- What exactly causes HTTP 401 NOT_ENABLED?
- Is there any additional WeatherKit REST API enablement required besides enabling WeatherKit on the App ID and creating a WeatherKit key?
- Could this be an account-side entitlement propagation issue?
Is there any additional WeatherKit REST API enablement …
Yes. You have to enable the WeatherKit app service on your App ID. See this post.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"