I'm having the same issue. Is it possible that an App-Specific password is not allowed for a Managed Apple ID?
I've checked a number of common issues:
Apple account renews in July 2025
I have Admin permissions on the Developer accont
I've followed the instructions in Notarizing macOS software before distribution
I've checked my apple-id, team-id, and recreated the App-Specific password many times.
It seems I may need to go the direction of Team or Individual API keys but I cannot get that to work either. There is no button to create an API key even though it says I have the permission.
It seems I may need the Account Holder to enable the App Store Connect API. Can someone confirm that whether that would allow creating Team or Individual API Keys?
$ xcrun notarytool store-credentials 'Notarization' --apple-id $APPLEID --team-id $TEAMID --verbose
[05:40:47.046Z] Debug [MAIN] Running notarytool version: unknown (0), date: 2024-12-04T05:40:47Z, command: /Library/Developer/CommandLineTools/usr/bin/notarytool store-credentials Notarization --apple-id redacted --team-id redacted --verbose
This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name.
App-specific password for redacted:
Validating your credentials...
[05:41:00.244Z] Info [API] Initialized Notary API with base URL: https://appstoreconnect.apple.com/notary/v2/
[05:41:00.245Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/test?, Parameters: [:], Custom Headers: private<Dictionary<String, String>>
[05:41:00.245Z] Debug [AUTHENTICATION] Delaying current request to refresh app-specific password token.
[05:41:00.246Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/asp?, Parameters: [:], Custom Headers: private<Dictionary<String, String>>
[05:41:00.246Z] Debug [AUTHENTICATION] Authenticating request to '/notary/v2/asp' with Basic Auth. Username: redacted, Password: private<String>, Team ID: redacted
[05:41:00.248Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls.
[05:41:00.917Z] Debug [API] Received response status code: 401, message: unauthorized, URL: https://appstoreconnect.apple.com/notary/v2/asp?, Correlation Key: FPB3JXB5F7KWNVLZVOKWME4ZKU
[05:41:00.917Z] Error [TASKMANAGER] Completed Task with ID 2 has encountered an error.
[05:41:00.917Z] Debug [TASKMANAGER] Ending Task Manager loop.
Error: HTTP status code: 401. Unable to authenticate. Invalid session. Ensure that all authentication arguments are correct.
Post
Replies
Boosts
Views
Activity
My Account Holder enabled the App Store Connect API and I'm now able to notarize apps using a Team API key. I couldn't get this to work using an App-Specific password and my apple-id.
I created a Team API Key. I didn't try with an Individual API Key.