401 NOT_AUTHORIZED

I has api keys, but when i request appstore connect api, it return 401 NOT_AUTHORIZED.


payload = {

'iss': '***-xx',

'exp': int(time.time()),

'aud': 'appstoreconnect-v1'

}



header = {

'alg': 'ES256',

'kid': '***'

}


This is the response.

{

"errors": [

{

"status": "401",

"code": "NOT_AUTHORIZED",

"title": "Authentication credentials are missing or invalid.",

"detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"

}

]

}

Up vote post of testerman Down vote post of testerman
7k views
Posted by
testerman
Reply
Add a Comment

Replies

I found the reason, remove 'alg' from header, and it works.


Maybe the document should be update.

Posted by
testerman
Up vote reply of testerman Down vote reply of testerman
Add a Comment

you are my hero!

Posted by
jotade
Up vote reply of jotade Down vote reply of jotade
Add a Comment

Today,I also meeting this problem,I try your method 。But it`s don`t resolve my problem。Help me ,please!

Posted by
hxyppp
Up vote reply of hxyppp Down vote reply of hxyppp
Add a Comment
I am facing the same problem. Can you please help in figuring out the reason of error? For me after removing alg attribute from header, the problem still persists.
Posted by
NavjotDeol
Up vote reply of NavjotDeol Down vote reply of NavjotDeol
Add a Comment

What I do to get my JWT:

I am using a Python Library (authlib) to generate my JWT.

import datetime

from authlib.jose import jwt

def main():
    header = {
        'alg': 'ES256',
        'kid': '##########',
        'typ': 'JWT'
    }

    payload = {
        'iss': '################################',
        'aud': 'appstoreconnect-v1'
        'exp': int(datetime.datetime.now().timestamp()) + 1200 # token good for 20 min, as per https://developer.apple.com/go/?id=api-generating-tokens
    }

    key = open('AuthKey_##########.p8', 'r').read()
    token = jwt.encode(cls.header, cls.payload, key).decode('utf-8')

    print(token)

if __name__ == '__main__':
    main()

I then use that token in a form similar to 'Authorization: Bearer $token' in a GET.

Posted by
quickbacon
Post not yet marked as solved Up vote reply of quickbacon Down vote reply of quickbacon
Add a Comment