hi @huanling820713 Its been a few years since your question, but in case you were not across it, Apple introduced enterprise API this year (2024): https://developer.apple.com/documentation/enterpriseprogramapi

Hi @CloudosaurusRex , I did not get an answer - we have just accepted that this is how it works. Many attempts to workaround, but basically, when the app is signed with the certificate and profiles to produce an IPA, it is at that stage the aps-environment is set. Sign with a distribution certificate (adhoc/store/inhouse) - you get prod - sign with a developer certificate, you get sandbox

hi @Fictix , Did you ever get resolution on this? I have similar issue, but with a single test device (duplicated 5 times), and fortunately saw your post - so have not disabled them all - the one I did disable and attempt to re-enable brought up same error about the duplicate UDID.

API Key issue is now resolved by revoking old keys and generating and using new keys. API works as expected: https://forums.developer.apple.com/forums/thread/763225

API Key issue is resolved by revoking old keys and generating and using new keys. API works as expected.

Thanks - our team faced similar issue - and I can confirm for us it is now resolved with newly generated keys working as expected. API calls are succeeding. Please pass on grateful thanks to the Enterprise API team for making these APIs available - a welcome bonus.

For anyone coming here, know that Apple has released Enterprise Program API for managing resource in the Enterprise domain. https://developer.apple.com/documentation/EnterpriseProgramAPI Only caveat for me at moment, is that I am having issues reading the API key that is generated. I have no problems reading our regular App Store API keys. The exact same code does not read the Enterprise API Key

This is great news. I have dipped toes into the water to try it out - but I am having an issue with the API Key that is generated. So curious to know if anyone else coming here has faced similar issues? Essentially, the exact same code used to read our regular App Store Connect API Key does not work when reading the Enterprise API key. We use (from CryptoKit): P256.Signing.PrivateKey(pemRepresentation: pemString) to read the string representation of the key from the p8 file. This works fine for App Store Connect API key files. This does not work for Enterprise API key files. Error is 'invalidPEMDocument' suggesting some issue either with the key file, or, maybe the p8 for Enterprise is not in PEM format, and I should use a different format to read it.

Hi Andrea, The store account needs to be a new and separate apple id account from the enterprise account. The accounts cannot map to the same person. Proof of identity is required, and that identity cannot be the same person. We face similar issues, - our approach was to nominate a separate senior team member to be the 'account holder' for each account. We queried directly with apple support, but It is currently the apple policy so we just had to work with that.

This is not possible. TestFlight will only accept apps signed with AppStore Distribution Certificate. To distribute apps with Enterprise distribution profiles you must manage distribution yourself. When you export an IPA from an XCARCHIVE using Xcode Organiser, you will see options to generate files (plists etc) that assist you in IPA deployment. There are 3rd party platforms that enable Enterprise Distribution, for example Test Fairy, and until recently Microsoft App Center.

hi @ChuckMN , thanks for your comprehensive reply, i appreciate the time you spent. We are across all the things you mentioned. We are very large org also, and have had our apple developer and apple enterprise accounts for many years. We have semi-automated workarounds (scripts) to ease some of the pain of managing the enterprise side, but that of course is not ideal. We will just need to continue as we have, or liaise with our apple contacts to see what may work. Apple is certainly trying to move Enterprise Users to other options like Custom Apps (considering the annual enterprise review process in place these days). Thanks.

You can only have a maximum of 2 iOS Distribution Certificates active at a time - you must revoke one of them in order to create a new one. But, it sounds like you're not sure which one to revoke, because you can't tell which one is being used in your provisioning profiles, because both certificates have the same date, making it hard to distinguish. If you examine (Get Info) on the downloaded provisioning profiles, using Finder on the mac, you can see into them and see the Serial Number, and the SHA-1 of the certificate that profile is using. By cross referencing that Serial Number in the profile to the Serial number of the certificates, you can then determine which cert is being used in your distribution profiles. The creation date/time of the cert is also rendered in keychain and the finder down to the second, in addition to the serial number of the cert, so that is another way to distinguish between certs if you download them on your mac to cross reference them with your profiles. Hope that is of assistance.

there was an outage, now resolved https://developer.apple.com/system-status/ notary service still showing outage the moment

there's an outage: https://developer.apple.com/system-status/

it took a while before it was showing on the status page - but there's an outage: https://developer.apple.com/system-status/