403 Forbidden Error on responses with "Customer Support" Key Role

Question

Created 1w

Replies 2

Boosts 0

Participants 2

My company provides an app that allows businesses to connect their Apple Apps to Salesforce so they can manage and respond to their Customer Reviews.

One of our customers has created an API Key for that purpose with a "Customer Support" Role. According to the documentation, that Role should have access to both read and respond to customer reviews: https://developer.apple.com/help/account/manage-your-team/roles/

We can retrieve Reviews successfully with this API Key. However, whenever they attempt to respond to a Review, they get an error: [Status=Forbidden, StatusCode=403]

We've confirmed this seems to be related to the Key Role, as they created a new key with an "Admin" role and the response works fine with that key. We don't understand why "Customer Support" doesn't work, though, since the docs seem to indicate that they should support responding to Reviews.

Is there some way to make a "Customer Support" API Key work for responses? If not, are there other roles that would enable them to both read and respond to Customer Reviews? Or is an "Admin" key truly the only Role that would enable responses to Customer Reviews via the API? The customer is understandably hesitant to use an "Admin" key since that opens up a lot of other access.

Boost

Answer 1

drronnie OP

3d

@erin-1440 Hi. Can you show your payload and your JWT, please? I have similar problem, but I got 405 - Method Not Allowed. I tried team key, individual key (Customer support role), individual key (Admin role). GET - is always ok.

This is may data

POST https://api.appstoreconnect.apple.com/v1/customerReviewResponses

{
    "data": {
        "attributes": {
            "responseBody": "Thank you for your answer."
        },
        "relationships": {
            "review": {
                "data": {
                    "id": "00000063-092e-1705-c3e-f11e00000000",
                    "type": "customerReviews"
                }
            }
        },
        "type": "customerReviewResponses"
    }
}


{
  "alg": "ES256",
  "typ": "JWT",
  "kid": "XXXCKP997F"
}

{
  "aud": "appstoreconnect-v1",
  "iss": "xxxxxx7e-xxf4-47e3-e053-xxxx7c11a4d1",
  "iat": 1734451886,
  "exp": 1734453086,
  "scope": [
    "POST /v1/customerReviewResponses"
  ]
}

0

Answer 2

drronnie OP

2d

I solve my problem by removing scope from JWT payload.

Customer support can't be assigned on Team key, only individual. User should have Customer Support role and access for application. Sounds like user has role but doesn't have access for application where try send response.

0