I’m experiencing an issue while attempting to authenticate API calls to the App Store Connect API using a JWT token. I have App Manager permissions on my apple developer account. Despite following the official documentation and successfully verifying the JWT signature locally, I consistently receive the following response from the API: { "errors": [{ "status": "401", "code": "NOT_AUTHORIZED", "title": "Authentication credentials are missing or invalid.", "detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired." }] } import jwt import time from cryptography.hazmat.primitives import serialization from cryptography.hazmat.backends import default_backend from jwt.exceptions import InvalidSignatureError Replace with your own credentials KEY_ID = "<YOUR_KEY_ID>" ISSUER_ID = "<YOUR_ISSUER_ID>" PRIVATE_KEY_PATH = "AuthKey_<YOUR_KEY_ID>.p8" def generate_token(): """Generate a JWT for App Store Connect API authentication.""" with open(PRIVATE_KEY_PATH, "r") as f: private_key = f.read() header = { "alg": "ES256", "kid": KEY_ID, "typ": "JWT" } now = int(time.time()) payload = { "iss": ISSUER_ID, "iat": now, "exp": now + 1200, # Token valid for 20 minutes "aud": "appstoreconnect-v1" } token = jwt.encode(payload, private_key, algorithm="ES256", headers=header) return token def verify_token_signature(token): """Verify JWT signature locally using the public key derived from the .p8 private key.""" with open(PRIVATE_KEY_PATH, "rb") as key_file: private_key = serialization.load_pem_private_key( key_file.read(), password=None, backend=default_backend() ) # Derive public key from private key public_key = private_key.public_key() pem_public_key = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) try: decoded = jwt.decode( token, pem_public_key, algorithms=["ES256"], audience="appstoreconnect-v1" ) print("✅ JWT signature verified successfully.") print("Decoded payload:", decoded) except InvalidSignatureError: print("❌ JWT signature is invalid.") except Exception as e: print(f"❌ JWT verification failed: {e}") if name == "main": token = generate_token() print("Generated JWT:", token) verify_token_signature(token) Why might a JWT that is valid locally still fail authentication with a 401 NOT_AUTHORIZED error from the App Store Connect API? Are there any specific permission scopes required for API access beyond App Manager account access from Apple Store connect? Are there any known issues or additional configuration steps required for API key access? Is there a way to validate API access status for a specific key or account? Could you please share the correct example of JWT generation in Python for reference?

Hi! Earlier, I created a report using the appstore api, and it contained WEEKLY and DAILY data. However, I have now created a report for a new app, and after almost a month, it does not have DAILY granularity. How can I obtain it?

Hi! Earlier, I created a report using the appstore api, and it contained WEEKLY and HOURLY data. However, I have now created a report for a new app, and after almost a month, it does not have HOURLY granularity. How can I obtain it?

I'm getting back a 409 trying to edit the content rights declaration for one of my apps. It is correctly in the PREPARE_FOR_SUBMISSION state, confirmed through the API and on the ASC App Info page. Here's my request: curl -X PATCH -H 'Authorization: Bearer XXX' -H 'Content-Type: application/json' -d '{"data":{"id":"XXX","type":"apps","attributes":{"contentRightsDeclaration":"DOES_NOT_USE_THIRD_PARTY_CONTENT"}}}' "https://api.appstoreconnect.apple.com/v1/apps/XXX" which returns a 409 "not in proper state" error. I would also expect to be able to edit in the UI but also is not available. Any help is appreciated. Thank you.

Hello, I’m currently using the App Store Connect API to automate report downloads. I’ve successfully downloaded data for Sales and Trends and Financial Reports via API. However, I noticed there’s also a “Payment Information” report listed here: 👉 https://developer.apple.com/help/app-store-connect/reference/reporting/payment-information Could you please confirm whether this report can also be retrieved via the App Store Connect API? If so, which endpoint or reportType / reportSubType should be used? I’ve reviewed the documentation here (https://developer.apple.com/documentation/appstoreconnectapi/downloading-analytics-reports ), but couldn’t find a match. Thanks a lot for your help!

Hello Apple Developer Community, We are currently facing an authentication issue when calling the App Store Server API for subscription validation. Despite following Apple’s documentation and verifying all credentials, we consistently receive a NOT_AUTHORIZED error response. GET https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/appTransactions/{transactionId} Environment: Sandbox and Production (both tested, same result) Our Setup: Key ID: {Your Key ID} Issuer ID: {Your Issuer ID} Bundle ID: {Your Bundle ID} JWT Header: { "alg": "ES256", "kid": "" } JWT Payload: { "iss": "", "iat": , "exp": <timestamp + 5 minutes>, "aud": "appstoreconnect-v1", "bid": "" } Authorization Header: Authorization: Bearer Troubleshooting Steps Already Taken: Verified that .p8 key, Key ID, Issuer ID, and Bundle ID are all correctly configured and match the App Store Connect details. Confirmed that the system clock is accurate (UTC). Used appropriate endpoint (sandbox or production) based on environment. Ensured that the JWT is short-lived (under 5 minutes). Added the “Bearer” prefix correctly in the header. Tested JWT generations using Python. Issue: All requests return: { "errorCode": "NOT_AUTHORIZED" } Questions: Are there any additional claims or headers required for the subscriptions endpoint? Are there specific permissions or roles needed for the API key in App Store Connect? Is there a way to get more detailed logs or diagnostics for this NOT_AUTHORIZED response? Does the App Store Server API require a different aud or bid structure for certain endpoints? We already contacted Apple Developer Support, but they suggested posting here for engineering-level guidance. Any insight or examples of a working JWT + request for this endpoint would be greatly appreciated.

We fetch the App Store Analytics – App Installs & Deletions (Daily) report via the Analytics Reports API and land each delivery into S3. The rows we ingest contain fields like Date, Event, Download Type, Counts, and Unique Devices. We’re trying to compute for example Installations and First-time downloads so our warehouse totals match the App Store Connect UI exactly, but our counts are consistently higher when we aggregate (with filter conditions being the same). Questions: (1) Official dedupe/versioning approach: What's the recommended approach to avoid double counting across API deliveries and to match the UI exactly? If later deliveries can revise past dates, what field(s) or process should we rely on to decide which records to keep for a given Date? (2) Completeness window: For daily data, is the recommended approach to publish rolling values that may change for a few days, or waiting until dates are considered “complete” before reporting? Any best-practice guidance would be helpful. Thanks!

Hi! We are seeing increased number of 404s when trying to download sales report from reportingitc-reporter.apple.com/reportservice/sales/v1 We are using API version 2.2 Is anyone else facing these issues?

I'm facing the following issue when I try to use the API https://appleid.apple.com/auth/usermigrationinfo I am currently preparing for app migration and planning to use auth/usermigrationinfo to generate a transfer identifier. My request parameters are as follows. sub=( team-scoped user identifier) target=(Team ID Target 10 letters) client_id=Bundle id client_secret= Secret generated with private key However, after calling the API, I received the following error response. { "error": "access_denied" } Does this API call have a time limit, and must it be called only after the app migration is completed? Thanks & regards

Are game applications allowed to have permission to read and write the calendar? Is this permission limited to certain types of applications? Are there any specific requirements for developers when using calendar read/write permissions? If so, what steps should developers follow to utilize this permission?

I think there's been a recent change to the App Store Connect API; I claim that it's a bug. When querying App Store Connect API endpoints that return arrays, like https://api.appstoreconnect.apple.com/v1/apps, the response includes a links property, of type PagedDocumentLinks. https://developer.apple.com/documentation/appstoreconnectapi/pageddocumentlinks links should include a next link only if there's more data to provide, and, indeed, this is how it works for the /v1/apps endpoint. But when querying inAppPurchasesV2, I find that starting very recently (this week?) the API always returns a next link, even if there's no more data to show. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=APo&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw' }, meta: { paging: { total: 223, nextCursor: 'ASw', limit: 50 } } } If I request the next link, it will generate me another response with empty data and with a new cursor. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=AV4' }, meta: { paging: { total: 223, nextCursor: 'AV4', limit: 50 } } } Code I've written against this API (including my open-source library https://github.com/dfabulich/node-app-store-connect-api) assumes that if there's another links.next link, we should follow it; as a result, my code is looping infinitely, requesting empty data until eventually I have to give up. This issue doesn't affect other endpoints, like /v1/apps, just this inAppPurchasesV2 endpoint. Was this an intentional change? It seems to be a bug.

Hello Apple Support Team, We are currently experiencing a critical business issue caused by a sudden performance degradation in the App Store Connect API. This problem is blocking key parts of our production systems at wappier Optimizing game performance - website: https://wappier.com/ Since October 15, requests to the following endpoint have been taking extremely long to complete when fetching more than approximately 200 in-app purchase items. In many cases, these requests never complete even after several hours, making it impossible for us to retrieve all required data. Endpoint: https://api.appstoreconnect.apple.com/v1/apps/1252850847/inAppPurchasesV2 Parameters: { "include": "appStoreReviewScreenshot,inAppPurchaseLocalizations", "cursor": "Jd6I", "limit": "200" } We confirm that: This behavior started suddenly on October 15. No changes were made on our end. We found no corresponding updates or API change announcements in your release notes. Requests for fewer than 200 in-app products continue to perform normally. This issue is blocking our operations, as our systems depend on timely responses from this endpoint for in-app purchase data synchronization. We kindly ask your team to investigate this issue urgently and provide us guidance, and if possible, revert any recent change introduced around October 15 that could have impacted this endpoint’s performance. Thank you very much for your prompt attention and support. wappier Dev Team

As part of ConsumptionRequest fields there's a bit of unclarity. In my case I am only concerned with subscriptions, as they give some premium features in the app. The fields and the questions are the following: playTime: is this the time used in the app in total or just the time the app has been used while using the subscription? consumptionStatus: does this relate only to the user using the premium features he/she paid for? or the fact that the user had access to those features only? Thanks!

I am following the Downloading Analytics Reports guide which consists of five steps: request the ONGOING report generation for the app once list all analytics report requests for the app list all analytics reports based on the analytics report request id :x: list all analytics report instances based on the analytics report id list all segments of the analytics report instance to get the download url I can only complete the third step which returns a list of all available reports. However when I continue with step four, the request for the analytics report instances returns with a response code 200 but the data array is always empty: I am using the Home Screen Widget Installs report but this is also happening for other reports Also changing or omitting the filter doesn't change anything { "data": [], "links": { "self": "https://api.appstoreconnect.apple.com/v1/analyticsReports/{reportId}/instances?filter%5Bgranularity%5D=DAILY" }, "meta": { "paging": { "total": 0, "limit": 50 } } } What could be the reason that the data array is empty and how can I fix it because there is no error message?

I am trying to add webhook subscriptions for TestFlight build processing completion and TestFlight beta build review completion events. These were showcased in the WWDC25 session: https://developer.apple.com/videos/play/wwdc2025/324/ Currently, I am able to receive webhook events for distribution updates, and the corresponding checkmark option is available in the App Store Connect portal. However, there is no checkmark option in the portal to subscribe to beta build-related events. In the video, there is clearly a checkmark option for the beta review event subscription (at 4:55). The current documentation also does not mention beta processing and beta review event subscriptions. It only lists the event types that are visible in the web portal: https://developer.apple.com/documentation/appstoreconnectapi/webhookeventtype When I try to add the BUILD_BETA_DETAIL_EXTERNAL_BETA_STATE_UPDATED event (as shown in the video at 6:10) via the PATCH API request, I get the below error. "errors": [ { "id": "****-****-****-****-*********3851", "status": 409, "code": "ENTITY_ERROR.ATTRIBUTE.TYPE", "title": "An attribute in the provided entity has the wrong type", "detail": "'BUILD_BETA_DETAIL_EXTERNAL_BETA_STATE_UPDATED' is not a valid value for the attribute 'eventTypes/3'.", "expectedValues": [ "APP_STORE_VERSION_APP_VERSION_STATE_UPDATED", "BETA_FEEDBACK_CRASH_SUBMISSION_CREATED", "BETA_FEEDBACK_SCREENSHOT_SUBMISSION_CREATED" ], "source": { "pointer": "/data/attributes/eventTypes/3" } } ] } The App Store Connect web portal also does not provide a checkmark option for subscribing to this event type. My questions are: Are the TestFlight build processing completion and beta build review completion webhook events coming soon, or do they already exist? Are there any other ways to get beta build events apart from polling?

Hi, I am currently using the App Store Connect API to retrieve metrics for my app. Specifically, I am trying to match the following metrics displayed in the App Store Connect UI under the Metrics section: *Usage -Installations -Deletions -Active Devices *App Store -Impressions (Unique Devices) -Page Views (Unique Devices) To compute these metrics, I have exported the following CSV files: app_sessions_standard.csv app_store_discovery_and_engagement_standard.csv app_store_installation_and_deletion_standard.csv However, when I try to compute the metrics from the CSV files, the values do not match those shown in the App Store Connect dashboard. Could you please clarify why there is a discrepancy between the UI metrics and the data available through the API or CSV exports? Are there any known delays, filters, or calculation differences that could explain this? Thank you for your assistance. Best regards,

Hey there, I'm building a service that requires receiving accurate app downloads and sales/proceeds data along with the campaign name. From reading the documentation it looks to be fairly understandable, but in practice it is not that straightforward. For example, I received the first one-time-snapshot detailed report for the App Store Purchases, and it contains partial data for several days. Shouldn't that be a full report of everything in analytics for like last year or so? Should I expect it to be updated and extended in the coming days? For the ongoing detailed report, I have not received anything yet, but I'm afraid it might have partial data as well. I will report here as well.

Dear community, in order to modernize our build pipelines, I wanted to try out the new App Store Connect build upload API that was introduced in the WWDC video "Automate your development process with the App Store Connect API". However, when POSTing to https://api.appstoreconnect.apple.com/v1/buildUploads, I receive the following error message: { "errors": [ { "id": "9fb916ea-4d26-4712-8c55-d1d4b5320bf2", "status": "404", "code": "PATH_ERROR", "title": "The URL path is not valid", "detail": "The resource 'v1/buildUploads' does not exist" } ] } Is this API not yet available or am I doing something wrong? If it is not yet available, is there an ETA? Thanks in advance & best regards, Yannik

I need to get the app icon from the AppStore Connect API in order to display a list of my apps. However there seems to be no way. I See in the appstoreconnect.apple.com website that the icons are there and available, there is even a function where you can click on it and get the high res version: https://appstoreconnect.apple.com/apps/1504874998/distribution/ios/version/deliverable (this link is of course not available from the outside) I tried builds/{id}/icons which always returns nothing and found an iconAssetToken object in the builds array, but the link is weirdly formatted and leads to nothing. Hope someone can help, I'm fairly new to the API and the usage is quite odd for me so far. Best, Nils

Hello Apple Developer Support, I am facing an issue when attempting to use the App Store Connect API with my API key. While basic access (e.g., /v1/apps) works correctly, any requests related to Certificates, Identifiers & Profiles (CIP) are failing with a 403 Forbidden error. Here are the details of the request and validation results: JWT Details: { "header": { "alg": "ES256", "kid": "2XLW343BLM", "typ": "JWT" }, "payload": { "iss": "9cf6159c-e038-4703-b542-7652242a6dbf", "iat": 1757515277, "exp": 1757516357, "aud": "appstoreconnect-v1" } } Test Results: ✅ /v1/apps?limit=1 → Status: 200 (working) ❌ /v1/bundleIds?limit=1 → Status: 403 Error: Unable to find a team with the given Content Provider ID 9cf6159c-e038-4703-b542-7652242a6dbf to which you belong. ❌ /v1/certificates?limit=1 → Status: 403 Error: This request is forbidden for security reasons. ❌ /v1/profiles?limit=1 → Status: 403 Error: Unable to find a team with the given Content Provider ID. I have already confirmed that: All API keys were generated correctly. All required roles and permissions have been assigned in App Store Connect. It seems that while public access endpoints are functioning, the CIP endpoints are blocked for my account/key. Could you please advise: Why the given Content Provider ID is not being recognized? Whether additional permissions, roles, or configuration are required to enable access to Certificates, Identifiers, and Profiles through the API? If it is possible to reset or refresh my membership/team configuration so that I can successfully access the App Store Connect API endpoints for CIP. Thank you for your support and guidance. Best regards