App store connect API returns 401

Question

Created Oct ’23

Replies 6

Boosts 2

Views 1.1k

Participants 6

Hello, following the practices use on: https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests

I used Python, and uses pyjwt and request library in attempt of making requests

I created my jwt header and payload like this

jwt_header = {
  "alg": "ES256",
  "kid": MY_KEY_ID,
  "typ": "JWT"
}

jwt_payload = {
  "iss": MY_ISSUER_NUMBER,
  "iat": time_now,
  "exp": time_10_min,
  "aud": "appstoreconnect-v1"
}

and jwt can encode successfully without error

jwt_token = jwt.encode(jwt_payload, MY_SECRET_KEY, algorithm="ES256", headers= jwt_header)

but really when I try to make a get request with


get_app_id_endpoint = "https://api.appstoreconnect.apple.com/v1/apps"

headers = {
  'Authorization': f'Bearer {jwt_token}',
  'Content-Type': 'application/json'
}

response = requests.get(get_app_id_endpoint, headers=headers)

it always gets a 401 response. Is there anything that need to be changed here? I have tried sosme of the solutions found online such as

take out "alg" field in jwt_header
take out "iat" field in jwt_payload
cast time_now and time_10_min (UNIX epoch time) to integer
take out Content-Type filed in headers

but issue remains, what could I possible do here to get over it?

Boost

Answer 1

jasontsai0528 OP

Nov ’23

bump

0

Answer 2

Divyanshu91 OP

Nov ’23

Did your issue resolve?

I am also getting same issue

0

Answer 3

dledlowDE OP

Nov ’23

We're getting this too. Really wishing the documentation had more extensive examples or more info on how requests can fail

1

Answer 4

BMTMobileQA OP

Nov ’23

My tests have been failing for the past week and a half. Apple broke something

0

Answer 5

m_elg OP

Jun ’24

I also still getting the same error from sandbox "x": "Invalid response: Client error: GET https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/2000000632845273 resulted in a 401 Unauthorized response",

while for production url "x": "Invalid response: Client error: GET https://api.storekit.itunes.apple.com/inApps/v1/transactions/2000000632845273 resulted in a 404 Not Found response:\n{"errorCode":4040010,"errorMessage":"Transaction id not found."}\n",

0

Answer 6

weeeeei8 OP

Oct ’24

Solution for 401 Unauthorized in App Store Connect API: Convert DER-encoded Signature to 64-byte Format

If you keep encountering a 401 Unauthorized error when making requests to the App Store Connect API, even though your JWT seems valid, the issue likely stems from how the signature is encoded.

The App Store Connect API requires the signature in a 64-byte binary format, but many libraries output the signature in DER encoding by default. This difference causes the API to reject the JWT, leading to the 401 error.

To fix this, you need to ensure that the signature is converted from DER encoding into the required 64-byte binary format before sending the request. This often involves using specific methods or libraries to handle the conversion.

By ensuring the correct format for the signature, your JWT will be valid, and the API should accept the request without the 401 error.

Hope this helps!

0