Thank you, I also read the thread.
It seems to me that the period during which risk metric refresh is possible is within a month of attestation.
After that, 404 is returned. When performs app attest on the device again, I have confirmed that the refresh is successful with the receipt from the previous attestation. This is probably the reason why there are some cases of success again after 404 failure.
How are you getting on with App Attest generally?
Only one attestation is performed while using the app.
There seems to be an Apple internal spec that hasn't been public, I want this to be clearly revealed in order to use this feature properly.
gbgwon
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution