I am submitting the JWT with required payload to https://api.development.devicecheck.apple.com/v1/validate_device_token. However Apple's development devicecheck server always returns http response 401 - Unable to verify authorization token.
I generated the token following the instructions in
https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests and check token by
curl -v -H 'Authorization: Bearer [signed token]'
"https://api.appstoreconnect.apple.com/v1/apps"
I can use that token to call this API successfully. However, when I tried to use exactly the same token to verify a device ID, I got a 401 response here is my payload for the request
https://api.devicecheck.apple.com/v1/validate_device_token
It's my code:
now = int(time.time())
expire_time = now + 20 * 60
HEADERS = {
		"alg": "ES256",
		"kid": kid,
		"typ": "JWT"
}
PAYLOAD = {
		'exp': expire_time,
		'iss': iss,
		'aud': "appstoreconnect-v1"
}
jwt_token = jwt.encode(PAYLOAD, private_key, algorithm='ES256', headers=HEADERS).decode('utf-8')
auth = 'Bearer {}'.format(jwt_token)
headers = {
		'Content-Type': 'application/x-www-form-urlencoded',
		'Authorization': auth
}
response = requests.get(
		'https://api.appstoreconnect.apple.com/v1/apps',
		headers=headers
)
print(response.status_code)
print(response.text)
request_file = '.../ValidateDeviceTokenRequest.json'
data = None
with open(request_file) as json_file:
		data = json.load(json_file)
data['timestamp'] = (now) * 1000
response = requests.post(
		'https://api.devicecheck.apple.com/v1/validate_device_token',
		data=json.dumps(data).encode(),
		headers=headers
)
print(response.status_code)
print(response.text)