Recently I've started receiving a "FORBIDDEN_ERROR" error when submitting a PATCH to "/v1/apps/xxxx". The data below is what is being sent:
{
"data": {
"type": "apps",
"id": "xxxx",
"attributes": {
"contentRightsDeclaration": "DOES_NOT_USE_THIRD_PARTY_CONTENT"
}
}
}
This used to work (for over a year) fine. We also update several other things (Category, Age Rating, Available Territories etc) and they still work as expected; this is the only type that has started (about a month or so ago) to behave this way. I also generated a new API key with full Admin privileges but the issue still occurs.
The specific error returned is:
{
"errors" : [ {
"id" : "1cfb7772-940c-46d5-bfe5-a97bbe314",
"status" : "403",
"code" : "FORBIDDEN_ERROR",
"title" : "This request is forbidden for security reasons",
"detail" : "The API key in use does not allow this request"
} ]
}
Any ideas how to fix this or what's going on?
Thanks in advance.
App Store Connect API
RSS for tagThe App Store Connect API helps you automate tasks usually done on the Apple Developer website and App Store Connect.
Post
Replies
Boosts
Views
Activity
We publish many apps using our CI/CD system that makes use of the App Store Connect API and iTMSTransporter. Since around 9:00am on 19 Oct 2023 (Melbourne/Australia time UTC+10), all our attempts to upload our .ipa files using iTMSTransporter began failing.
The specific command line invocation is:
/usr/local/itms/bin/iTMSTransporter -m upload -v eXtreme -f "/path/to/Bundle.itmsp" -jwt {jwt-here}
The error is occurring in the midst of the upload with the error message:
Apple's web service operation return value:
[2023-10-20 09:35:09 AEDT] <main> DBG-X: parameter Errors = [An error occurred while trying to call the requested method validateAssets. (1272)]
[2023-10-20 09:35:09 AEDT] <main> DBG-X: parameter RestartClient = false
[2023-10-20 09:35:09 AEDT] <main> DBG-X: parameter ErrorCode = 1272
[2023-10-20 09:35:09 AEDT] <main> DBG-X: parameter ErrorMessage = An error occurred while trying to call the requested method validateAssets. (1272)
[2023-10-20 09:35:09 AEDT] <main> DBG-X: parameter Success = false
[2023-10-20 09:35:09 AEDT] <main> ERROR: An error occurred while trying to call the requested method validateAssets. (1272)
[2023-10-20 09:35:09 AEDT] <main> DBG-X: The error code is: 1272
Is anyone else experiencing this issue? Is there any kind of work around or something we need to change?
Some other notes:
The same .ipa files can be successfully uploaded manually using Transporter
This is affecting apps built against both XCode 14 and XCode 15
There was an outage shown on Apple's system status for a few hours that overlaps with this period, but Apple claim it was resolved 22 hours ago 🙃
I'm trying to set up Keys for the App Store Connect API. The website first makes you acknowledge a 'terms and conditions' type dialog, but the dialog seems to be broken. The submit button spins forever and the browser console shows an error. I've tried on all the browsers, desktop and mobile, and it's the same behavior. Can someone help me get past this dialog box so I can access the Keys section of the site?
Hey, fellow iOS developers! I'm working on an app for iOS 17 and need to implement single-side printing using the AirPrint API. I've done some research, but I'm still facing a few challenges. Can anyone provide guidance or share some sample code to achieve this?
I've already imported the UIKit and MobileCoreServices frameworks and have set up the basic AirPrint functionality. Now, I'm looking specifically for instructions and code to enable single-sided printing.
URL - https://www.controlf5.in/
Test code
`**import UIKit
import MobileCoreServices
// Set up AirPrint functionality
func printDocument() {
let printController = UIPrintInteractionController.shared
let printInfo = UIPrintInfo(dictionary: nil)
printInfo.outputType = .general
printController.printInfo = printInfo
let formatter = UIMarkupTextPrintFormatter(markupText: "Your printable content goes here")
formatter.perPageContentInsets = UIEdgeInsets(top: 36, left: 36, bottom: 36, right: 36)
printController.printFormatter = formatter
printController.present(animated: true) { (controller, success, error) in
if success {
print("Printing completed successfully")
} else if let error = error {
print("Printing failed with error: \(error.localizedDescription)")
}
}
}**`
Is it possible to modify "Description" and "What's New in This Version" field via App Store Connect API?
您好,我们想获得App Store自定义产品页面的收益值,我们可以使用哪个API获取数据
Hello, we would like to obtain the values of proceeds to the custom product page of the App Store,Which API can we use to obtain data
This is my code:
import jwt from 'jsonwebtoken'
import path from 'path'
import fs from 'fs'
// You get privateKey, apiKeyId and issuerId from your Apple App Store Connect account
const filePath = path.resolve(
__dirname,
<PATH_TO_PRIVATE_KEY>
)
const privateKey = fs.readFileSync(filePath)
// this is the file you can only download once and should treat like a real, very precious key.
const apiKeyId = <API_KEY_ID>
const issuerId = <ISSUER_ID>
let payload = {
"iss": issuerId,
"aud": "appstoreconnect-v1"
}
let token = jwt.sign(payload, privateKey, {
algorithm: 'ES256',
expiresIn: '60m',
header: {
alg: 'ES256',
kid: apiKeyId,
typ: 'JWT',
}
});
console.log('@token: ', token);
// Congrats! the token printed can now be tested with the curl command below
// curl -v https://api.appstoreconnect.apple.com/v1/apps --Header "Authorization: Bearer <YOUR TOKEN>"
I ran this script to test the token and call the GET curl like this, but still got 401 unauthorized.
curl -v https://api.appstoreconnect.apple.com/v1/apps --Header "Authorization: Bearer <token>"
This is the the error text:
text: '{\n' +
'\t"errors": [{\n' +
'\t\t"status": "401",\n' +
'\t\t"code": "NOT_AUTHORIZED",\n' +
'\t\t"title": "Authentication credentials are missing or invalid.",\n' +
'\t\t"detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"\n' +
'\t}]\n' +
'}',
I used jwt.io to verify that the token has valid expiration date.
The decoded token from jwt.io gives me these info:
payload:
{
"iss": <ISSUER_ID>,
"iat": 1696812284,
"exp": 1696815884, // an hour from the issued at time
"aud": "appstoreconnect-v1"
}
header:
{
"alg": "ES256",
"typ": "JWT",
"kid": <API_KEY_ID>
}
I am not so sure what can cause this 401 Unauthorized error.
Hello!
I've been wanting to capture review data from my app in AppStore, and have managed to do so using the List All Customer Reviews for an App endpoint. However, it looks like this endpoint only sends review data from reviews where the user wrote something in the text box.
Is there any way i can also retrieve data from reviews where the text box is blank, meaning reviews where someone only left a rating without any text?
Hello.
I use the App Store Connect API with my XCode Cloud setup to update a Workflow description. Specifically PATCH https://api.appstoreconnect.apple.com/v1/ciWorkflows/{id}. A few days ago this API call stopped working, the API gives a 409 error and reports "You must provide a value for the attribute 'startConditions' with this request". I can't find anything about this attribute in the documentation if there has been a change. I tried adding it, but the API reports that this attribute doesn't exist. Has anyone else found this or has any suggestions?
Thanks,
David.
Is there an API that returns the current price info? (example snippet below).
I am looking to return via API the data is downloadable from the Appstore Connect UI from Download Current Price for an Inapp Product or Subscription.
Countries or Regions Currency Code Price Proceeds May Adjust Automatically
United States USD 1.99 1.69 N
Afghanistan USD 1.99 1.69 Y
Albania USD 1.99 1.41 Y
Hi,
i am trying to upload certificate signing request (CSR) for Pass Type ID via API, using this endpoint https://api.appstoreconnect.apple.com/v1/certificates.
Request body looks like this, with POST method and content type application/json:
{
"data": {
"attributes": {
"certificateType": "PASS_TYPE_ID",
"csrContent": "LS0tL...S0tLS0K"
},
"type": "certificates"
}
}
csrContent is base64 encoded.
The response from API is:
{
"errors" : [ {
"id" : "71a...4c9",
"status" : "404",
"code" : "NOT_FOUND",
"title" : "The specified resource does not exist",
"detail" : "There is no identifier with ID 'null' on this team."
} ]
}
CSR was created with KeyChain on Mac (as described here: https://developer.apple.com/help/account/create-certificates/create-a-certificate-signing-request), but i can also do it with OpenSSL.
First of all, there is no pairing information between Pass Type Identifier and certificate in request. Status 404? I would expect 400. And given detail is totally useless... The documentation is poor for this topic: https://developer.apple.com/documentation/appstoreconnectapi/create_a_certificate. So that brings me to the idea of adding it (Pass Type Identifier) to the CSR content, but where?
I am able to read all certificates stored via Developer Account and put them together with private keys... but storing it is pain...
Does anyone have an idea?
Hi,
I'm writing a Python script to automate the extraction of reports from the Apple App Store Connect API, more specifically the SALES and the SUBSCRIBER reports, using Airflow.
The code passed the tests but when implemented in production, the Airflow task calling the Apple App Store Connect API fails, due to a 401 unauthorized error. This suggests there is some issue with the authentication (JWT / bearer token) part.
I tried various solutions but none of them worked.
Here is part of the code, at this point I don't really understand what is wrong.
Any help in identifying the issue is appreciated:
class AppStore(ReadApi):
def __init__(
self,
api_secret_conf: dict,
vendor_number: int,
**kwargs,
):
ReadApi.__init__(self, **kwargs)
self.kid = api_secret_conf["kid"] # Key ID
self.iss = api_secret_conf["iss"] # Issuer ID
self.private_key = api_secret_conf["private_key"] # Private key
self.vendor_number = int(vendor_number)
def generate_jwt_token(self):
# Generate jwt token required by App Store Connect API
# Each token is valid for 20 minutes (max time allowed)
jwt_headers = {"alg": "ES256", "kid": self.kid, "typ": "JWT"}
jwt_payload = {
"iss": self.iss,
"iat": int(time.time()),
"exp": int(time.time()) + 60 * 20,
"aud": "appstoreconnect-v1",
}
private_key = self.private_key.encode("utf8")
token = jwt.encode(
jwt_payload, private_key, algorithm="ES256", headers=jwt_headers
)
decoded_token = token.decode("utf-8")
return decoded_token
Hello, I'm a completely new user of Apple's sales & trends report. Could someone here help me explain the meaning of 1, 1F, and 1T in the product type identifier? Can I use them to know the number of my iOS app downloads? Thank you for your help!
I test the api in sandbox env. It works fine.
curl --location 'https://api.storekit-sandbox.itunes.apple.com/inApps/v1/notifications/history' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6Ij......' \
--data '{
"startDate":1693324766487,
"endDate" :1693324766587
}'
But in production env , it return 401 Unauthorized error.
My app is not publish to the apple store.
How could i confirm [errorCode 4040005] like follow steps:
If you don’t have environment information, follow these steps:
Call the endpoint using the production URL. If the call succeeds, the original transaction identifier belongs to the production environment.
If you receive an [errorCode 4040005] with errorMessage as OriginalTransactionIdNotFoundError, (or HTTP response code 404 from the Send Consumption Information endpoint), call the endpoint using the sandbox environment.
If the call succeeds, the original transaction identifier belongs to the sandbox environment. If the call fails with the same error code, the original transaction identifier isn’t present in either environment.
Hello, I write problems App Store Connect with my dashoard.
https://datrics.notion.site/App-Store-and-Google-Trends-Problems-a010d3e5e2c147dcb30398533eb5fb29
Can you help me?
Why can't I see the "Keys" tab under my Apple Developer Account?
I'm already an admin and everyone from my organization already accepted the latest Terms of Service.
https://api.appstoreconnect.apple.com/v1/users/2a449234-15b3-4056-bd87-3cfe65711a52/visibleApps
when calling this api, it's response change randomly
calling 100 times,
somtime I got
{
"data" : [ ],
"links" : {
"self" : "https://api.appstoreconnect.apple.com/v1/users/2a449234-15b3-4056-bd87-3cfe65711a52/visibleApps"
},
"meta" : {
"paging" : {
"total" : 0,
"limit" : 50
}
}
}
somtime I got
{
"data" : [ {
"type" : "apps",
"id" : "***",
"attributes" : {
"name" : "***",
"bundleId" : "***",
...
and the data count also random
(no one edit the user role and visibleapps)
this occurred after 2023/08/17 08:40 (GMT+8)
I wonder if it's caused by api met error and return the incomplete data array back?
for example, user A has 3 visible apps
and
app1 <-- fail here
then return "data" : [ ]
app1
app2
app3 <-- fail here
then return "data" : [ {app1 detail}, {app2 detail}]
Is it possible to get app analytics data such as product page views from an Apple Api?
See below image showing the data we're looking to get from an API.
I've seen code like below. Is this the way to get app analytics data? The below code isn't quite complete. Is there documentation somewhere of how to get this data properly?
Is this URL an internal URL that shouldn't be used?
https://appstoreconnect.apple.com/analytics/api/v1/data/time-series
import requests
import json
url = "https://appstoreconnect.apple.com/analytics/api/v1/data/time-series"
adamId = "0000000000" # App ID
measures = "installs" # or "impressionsTotalUnique"
cookie_dqsid = "dqsid=ey...." # ?????
payload = json.dumps({
"adamId": [adamId],
"measures": [measures],
"frequency": "day",
"startTime": "2021-10-16T00:00:00Z",
"endTime": "2021-11-14T00:00:00Z",
"group": {
"metric": measures,
"dimension": "source",
"rank": "DESCENDING",
"limit": 100
}
})
headers = {
'Host': 'appstoreconnect.apple.com',
'X-Requested-By': 'dev.apple.com',
'Cookie': cookie_dqsid,
'Content-Type': 'application/json'
}
response = requests.request("POST", url, headers=headers, data=payload, allow_redirects=False)
print(response.text)
EAS build unable to authenticate with Apple.
› Saving Apple ID password to the local Keychain
Learn more
✖ Logging in...
Authentication with Apple Developer Portal failed!
Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later
Error: credentials command failed.
Why two api for similar things return different results.
Get beta group builds response with empty data, but get builds filter for beta group response have datas.