Hi everyone, I am currently working on automating the renewal process for our managed certificates using the App Store Connect API. However, I've encountered an issue where certificates of the "Apple Push Service" type cannot be retrieved or created. After reviewing the documentation on CertificateType, it seems there is no corresponding type for Push Service certificates. https://developer.apple.com/documentation/appstoreconnectapi/certificatetype Is there any other way or a workaround to obtain or manage these certificates programmatically? Any advice would be greatly appreciated.

Hello everyone, I’m running into a situation in App Store Connect that appears to be a backend lock related to an approved version, and I’m looking for confirmation or similar experiences. Context: App had version 1.2.6 Version progressed to Pending Developer Release Before releasing to users, I chose Developer Reject I then edited the version number (to 1.2.7) Current State / Issue: After this, App Store Connect is effectively blocked: ❌ Cannot associate any builds to the version ❌ Uploading a build with the same version and higher build number does not help ❌ Cannot create a fresh version (no “+ Version” button is visible) ❌ App Store Connect API returns: ENTITY_ERROR.RELATIONSHIP.INVALID ❌ Remove Version / Delete Version is not available Even attempting brand‑new version numbers does not work. It looks like App Store Connect still considers the previously approved Pending Developer Release version to be active and locked internally. What I understand so far From my understanding: Once a version reaches Pending Developer Release, the appStoreVersion record becomes finalized Editing the version number does not truly create a new version Developer rejection does not unlock the version–build relationship Only one approved / pending version is allowed per app This seems to leave the app in a state where no new versions can be created without backend intervention. Question Can anyone confirm: That once a version reaches Pending Developer Release, it can only be reset or removed by App Store Connect Support, and That there is no self‑service workaround (UI, API, CI, or Transporter) to recover from this state? If anyone has gone through this and successfully had Apple reset the appStoreVersion record, I’d appreciate confirmation or tips on getting it routed correctly. Thanks in advance.

We regularly submit builds, manage provisioning profiles, and query build statuses for a large number of applications across multiple store accounts. We rely on automated tooling (Fastlane / App Store Connect API) to manage this pipeline efficiently. Recently, we have been experiencing HTTP 5xx errors when making requests to Apple's APIs (App Store Connect, Spaceship). We believe these failures are caused by rate limiting applied to our outbound IP addresses, as the errors correlate with periods of higher submission activity. We have already taken steps on our side to mitigate the issue - including distributing requests across multiple external IP addresses - but we continue to encounter these errors during peak release periods, which delays application delivery to our clients and their end users.

We are observing a discrepancy in crash data between the App Store Connect UI and the App Analytics APIs for our iOS application. For example: On March 10, App Store Connect shows approximately 2,443 crashes (average ~2K/day). However, in our analytics database (fetched via App Analytics APIs), we are seeing 10,000+ crashes for the same date. APIs Used (IDs masked): /v1/apps/{app_id}/analyticsReportRequests /v1/analyticsReportRequests/{request_id}/reports?filter[category]=APP_USAGE /v1/analyticsReports/{report_id}/instances?filter[processingDate]=YYYY-MM-DD&filter[granularity]=DAILY /v1/analyticsReportInstances/{instance_id}/segments Clarifications Required: What could be the reason for the significant difference in crash counts between App Store Connect UI and Analytics API Are there differences in how crashes are counted in: UI metrics vs raw analytics reports? Deduplication, session-level vs event-level aggregation? Is there any known aggregation rule, or filtering applied in the UI that is not reflected in the API data? Which source should be considered the accurate/authoritative count for reporting purposes? Any clarification or guidance on this discrepancy would be greatly appreciated.

I'm unexpectedly getting 403 status codes when calling the perfPowerMetrics APIs for any arbitrary app on my account. This worked last week, it is not working now. I have since revoked keys and recreated admin and developer keys--no luck, still getting 403. I've been working with the analytics APIs lately so I don't know exactly when the power and performance API stopped working. I've narrowed it down to something related to the token scope. When I have a scope on this endpoint of "GET /v1/apps/1234567890/perfPowerMetrics" it is rejected -- but the docs say I can create a token and reduce its scope like this. When I remove the scope and let the token be unbounded, the API call returns a valid response. FB22313063 - App Store Connect API: Fetching xcode metrics with an admin key generated token results in a 403 unexpectedly

Hey everyone, I'm managing CI/CD pipelines for around 45 iOS apps across different Apple Developer accounts. One recurring pain point is blocked pipelines due to unsigned agreements. Things like the Paid Applications Agreement and the Apple Developer Program License Agreement. I built an internal dashboard to flag these before they block a release, but I'm hitting a wall with detection accuracy. Since there's no dedicated endpoint for agreement status, I'm running three probes per account and checking for 403 FORBIDDEN.REQUIRED_AGREEMENTS_MISSING_OR_EXPIRED: GET /v1/agreements GET /v1/bundleIds?filter[identifier]={bundleId}&filter[platform]=IOS GET /v1/certificates?limit=1 Case 1 : Works perfectly. Account has "Apple Developer Program License Agreement has been updated and needs to be reviewed" : All three endpoint return 403 (In this case, the step 1 is enough) # Step 1 /v1/agreements → HTTP 403 ⛔ BLOCKED # Step 2 /v1/bundleIds → HTTP 403 ⛔ BLOCKED # Step 3 /v1/certificates → HTTP 403 ⛔ BLOCKED # [Step 1 body] { "errors": [ { "id": "TXF6QUVS6OY66YVUNINVLKXZFA", "status": "403", "code": "FORBIDDEN.REQUIRED_AGREEMENTS_MISSING_OR_EXPIRED", "title": "A required agreement is missing or has expired.", "detail": "This request requires an in-effect agreement that has not been signed or has expired.", "links": { "see": "/business" } } ] } # [Step 2 body] { "errors": [ { "id": "MTDI5P37UTYQOOVJSMXCWUK42U", "status": "403", "code": "FORBIDDEN.REQUIRED_AGREEMENTS_MISSING_OR_EXPIRED", "title": "A required agreement is missing or has expired.", "detail": "This request requires an in-effect agreement that has not been signed or has expired.", "links": { "see": "/business" } } ] } # [Step 3 body] { "errors": [ { "id": "GI6EN2CMBFJIJJZM547LSW66KY", "status": "403", "code": "FORBIDDEN.REQUIRED_AGREEMENTS_MISSING_OR_EXPIRED", "title": "A required agreement is missing or has expired.", "detail": "This request requires an in-effect agreement that has not been signed or has expired.", "links": { "see": "/business" } } ] } Case 2 : Not detected. Different account, same message in App Store Connect UI. But v1/agreements endpoint return 404 while other 2 steps return 200 # Step 1 /v1/agreements → HTTP 404 ➖ 404 # Step 2 /v1/bundleIds → HTTP 200 ✅ OK # Step 3 /v1/certificates → HTTP 200 ✅ OK # [Step 1 body] { "errors": [ { "id": "37459578-8167-449c-ad22-e0ffa392df2d", "status": "404", "code": "NOT_FOUND", "title": "The specified resource does not exist", "detail": "The path provided does not match a defined resource type." } ] } # [Step 2 body] { "data": [ { "type": "bundleIds", "id": "xxx", "attributes": { "identifier": "xxx" }, "links": { "self": "https://api.appstoreconnect.apple.com/v1/bundleIds/[xxx]" } } ], "links": { "self": "https://api.appstoreconnect.apple.com/v1/bundleIds?fields%5BbundleIds%5D=identifier&filter%5Bplatform%5D=IOS&filter%5Bidentifier%5D=[xxx]&limit=1" }, "meta": { "paging": { "total": 1, "limit": 1 } } } # [Step 3 body] { "data": [ { "type": "certificates", "id": "xxx", "attributes": { "serialNumber": "xxx", "expirationDate": "2026-07-03T04:47:09.000+00:00", "certificateType": "DISTRIBUTION" }, "links": { "self": "https://api.appstoreconnect.apple.com/v1/certificates/[xxx]" } } ], "links": { "self": "https://api.appstoreconnect.apple.com/v1/certificates?fields%5Bcertificates%5D=serialNumber%2CcertificateType%2CexpirationDate&limit=1", "next": "https://api.appstoreconnect.apple.com/v1/certificates?fields%5Bcertificates%5D=serialNumber%2CcertificateType%2CexpirationDate&cursor=[xxx]&limit=1" }, "meta": { "paging": { "total": 4, "limit": 1 } } } Same agreement type, same UI warning, completely different API behaviour. My best guess is Apple enforces the agreement deadline progressively. The 403 gate only kicks in once the deadline is crossed or the account reaches a certain state, while the UI warning shows much earlier. What I'm looking for, Is there a supported API endpoint that reflects pending agreement status regardless of enforcement state? Or is the 403 gate genuinely the only signal available and some pending agreements just won't show up until Apple enforces them? Happy to hear "there's no API for this" if that's the reality. Just want to make sure I'm not missing something before I accept that limitation. Thanks.

Hey has someone figured out how or when does a report request become inactive? Is there like a fixed time period for how long an ONGOING accessType stays active? And does the same rule apply for ONE_TIME_SNAPSHOT? Has someone managed to create multiple active reports for both accessTypes per one app? And can you have multiple inactive ones?

Hey has someone figured out how or when does a report request become inactive? Is there like a fixed time period for how long an ONGOING accessType stays active? And does the same rule apply for ONE_TIME_SNAPSHOP? Has someone managed to create multiple active reports for both accessTypes per one app? And can you have multiple inactive ones?

Hey has someone figured out how or when does a report request become inactive? Is there like a fixed time period for how long an ONGOING accessType stays active? And does the same rule apply for ONE_TIME_SNAPSHOP? Has someone managed to create multiple active reports for both accessTypes per one app? And can you have multiple inactive ones? Sadly couldn't find answers to my questions from the App Store Connect API documentation :(

The App Store Connect API specification states that a customer review includes a rating, a title, a body, a reviewer nickname, a creation date, a territory and a response. Unfortunately, it does not provide information on the app version that was reviewed or whether it was edited after a response was posted (or at least when it was last updated). In order to retrieve all reviews including the app version, you first need to fetch all versions of an app, and then fetch all reviews per version. This results in a lot of unnecessary requests, particularly when there are very few to no reviews for a version. Furthermore, determining if or when a review has been updated by a customer is simply not possible via the API. As these informations are available in the App Store Connect UI for all reviews, I would appreciate it if they could be added to the API as well.

I had a personal Apple account which I used to upload apps to App Store Connect for our company. I used altool with an app-specific password, like this: xcrun altool --upload-app -u mylogin%mycompany.com -p my-app-specific-password --file MyApp.ipa --type ios --verbose Recently I was asked to convert to it a company-managed account. Once I did this, altool stopped working, with the error "Failed to determine the appleID from bundleID com.mycompany.myapp with platform IOS. Unable to generate an Apple Connect token at this time due to a general error." The complete error log is below. I tried creating a new app-specific password, but had the same result. If I deliberately use the wrong password, I get a different error: "Failed to determine the appleID from bundleID com.mycompany.myapp with platform IOS. Your Apple ID or password was entered incorrectly." So I don't think it's a password problem. I can manually upload to App Store Connect using Xcode with this same account, so it seems like it has the right permission. Any idea why altool wouldn't work? complete output

Hi, In the web portal of developer.apple.com when you create or edit a provisioning profile there is a possibility to set "Entitlements", which is I understand also called as "Template". Our project has such entitlements, like NSE Filtering or CarPlay. But in the ProfileCreateRequest https://developer.apple.com/documentation/appstoreconnectapi/profilecreaterequest there is no possibility to provide such parameter, this is why we are not able to automate our flow of provisioning profile update. Is there any workaround? Or maybe I need to fill a request to improve this API?

I'm experiencing an issue with the Analytics Reports API. Since last week, no data is being returned from the following endpoint: https://api.appstoreconnect.apple.com/v1/analyticsReports/r2-ac29debd-e528-406d-bdfa-fab6d4403ee2/instances The endpoint responds successfully but returns empty data for the date range where data should exist. Other report endpoints for the same app work correctly. Please investigate why this report stopped delivering data.

Starting on 1/30/2026, we started getting an error when using Reporter to retrieve a Subscriber/Sales report from App Store Connect. Our script was working daily perfectly for a long time before this. It normally pulls the report from 1 day prior. We have been troubleshooting and cannot seem to find any issues on our end. Is this a universal issue for other users too?

I am contacting you to clarify a technical issue regarding the behavior of App Store Server Notifications (V2), as we have observed differences depending on the subscription plan. Currently, we have noticed the following behavior when a refund occurs for an auto-renewable subscription: Observed Behavior: Monthly Plan:When a refund occurs, we receive a REFUND notification, followed by an EXPIRED notification indicating the subscription has ended. Annual Plan:When a refund occurs, we receive the REFUND notification, but the expected EXPIRED notification does not arrive. Questions: Are there any differences in the conditions for sending EXPIRED notifications after a REFUND, depending on the subscription plan (monthly vs. annual)? Is the absence of the EXPIRED notification for annual plans an intended behavior by Apple, or could it be a possible issue? I would appreciate your guidance on this matter.

I know 500 means an issue on the server. But the system status page is all green and I think the App Store Connect API has a history of incorrectly returning 500 instead of 4xx statuses, e.g. here. So I'm sharing this in the hope of getting some more information. I am following the steps here: https://developer.apple.com/documentation/appstoreconnectapi/uploading-assets-to-app-store-connect My PNG data is successfully uploaded to the URL contained in the Upload Operation for the screenshot. The next step is to confirm the upload with its MD5 checksum, which fails. [15:59:27.289] DEBUG (74920): AppleUploadService: PUT https://northamerica-1.object-storage.apple.com/itmspod11-assets-massilia-200001/PurpleSource211/v4/d8/8d/4b/d88d4b7c-ef96-e3a0-bfab-b793903bf2db/taiz5B2iCIVeTQQlGZFfx4f2jMPAbVruq7JKHmykh7M_U003d-1768937158953?... [15:59:28.727] DEBUG (74920): AppleUploadService: 200 OK [15:59:33.735] DEBUG (74920): AppStoreConnectApiClient: PATCH https://api.appstoreconnect.apple.com/v1/appScreenshots/08e7802f-5a52-49a8-91c5-f4040721607a { "data": { "type": "appScreenshots", "id": "08e7802f-5a52-49a8-91c5-f4040721607a", "attributes": { "uploaded": true, "sourceFileChecksum": "714d426fc4fb39f732dca9f481c7039b" } } } [15:59:34.359] DEBUG (74920): AppStoreConnectApiClient: 500 Internal Server Error I can't see anything wrong with my request body. Has anyone else encountered something similar or is this truly an outage?

Hello, I am using the App Store Connect Finance Reports API to export monthly financial statements. API endpoint: https://api.appstoreconnect.apple.com/v1/financeReports Request parameters: reportDate: 2026-01 reportType: FINANCE_DETAIL However, the returned report shows an unexpected date range: Start Date: 09/29/2025 End Date: 11/01/2025 This does not match the requested month January 2026, and instead seems to cover a different settlement period. I would like to confirm: Is the Finance Reports API returning data based on Apple’s settlement cycle rather than the requested calendar month? How should we correctly map reportDate to the actual statement period? Is there a recommended way to reliably retrieve the financial report for a specific month (e.g. Jan 2026)? This behavior makes automated reconciliation difficult, so any clarification or guidance would be appreciated. Thank you very much for your help.

we have 80 users occur error,when use aca pay

我们仅有一个订阅组，一个用户收到了订阅续费消息，我们不知道发生了什么， 续费消息中的originTransactionId没有发生变化，但是userAccountToken却变化了，指向了另一个用户，此时旧的用户不会收到续费在哪的任何消息。 哪位技术大佬可以帮助解答问题，什么情况下会出现这样的情况

问题：一个用户升级后，苹果的通知消息中 userAccountToken 不变，但是 originTransactionId变了。此时升级前的originTransactionId还会进行周期扣款，升级后的originTransactionId也会进行周期扣款。 注意，订阅的配置是在同一个组中 哪位技术大佬可以帮助解答问题，什么情况下会出现这样的情况