Hello all! Apple support refuses to admit that their documentation might be wrong and won't even let me open a support ticket to troubleshoot with me, so I'm posting here hoping anybody might be able to help more than them.
We're automating our AppStore Connect user management, and really all we want to do is be able to automatically remove users from AppStore Connect when they're deactivated in our IdP. So far, our automation does the following:
- When a user is offboarded, kicks off a workflow
- Workflow forms JWT to GET user list from AppStore Connect API, filtered by user's email address in order to get the UID
- If UID is in the response, create new JWT with scope to DELETE the user URL (/v1/users/<user_id>) per API documentation -https://developer.apple.com/documentation/appstoreconnectapi/remove_a_user_account
- Send the DELETE request with the new JWT
Since steps 1-3 work fine, we're 99% confident that our JWT is formed correctly because we use the same function as the GET request to build the JWT for the DELETE request, simply with an updated Scope to DELETE instead.
The response we get (from our IdP API endpoint along with manual Postman requests) is "405 - Method Not Allowed", which is very different from the 400 or 402 we would get if the JWT was malformed.
Anybody able to put in more effort than Apple Support and see if it's working for them? If so, any ideas why we're getting the 405 error for DELETE requests if our workflow works perfectly for the GET requests?