401 Unauthorized received when querying GSX REST API

Attempting to access GSX REST API, previously used the SOAP API. Just attempting to authenticate (on both the token and check endpoints) gives me a 401 Authorization required. GSX Web Support a bit slow to respond at the moment, hoping someone else had this experience and could shed some light. I am authenticating from the IP address that is whitelisted with the new certificate that was generated for me, with my GSX Administrator account.


cURL command:

curl -X POST "https://partner-connect.apple.com/gsx/api/authenticate/token" -H "X-Apple-SoldTo: ##########" -H "X-Apple-ShipTo: ##########" -H "Content-Type: application/json" -H "Accept: application/json" -H "Accept-Language: en_US" -d '{"userAppleId": "##########", "authToken": "##########"}' --cert "AppleCare-Partner-##########.Prod.apple.com.chain.pem" --key "privatekey.pem"


Full Request URL

https://partner-connect.apple.com/gsx/api/authenticate/token

Request Headers:

X-Apple-SoldTo: ##########

X-Apple-ShipTo: ##########

Content-Type: application/json

Accept: application/json

Accept-Language: en_US

Request Body:

{"userAppleId": "##########", "authToken": "##########"}

Response Headers

HTTP/1.1 401 Unauthorized

Server: Apple

Date: Fri, 06 Dec 2019 19:28:56 GMT

Content-Type: text/html

Content-Length: 188

Connection: keep-alive

Strict-Transport-Security: max-age=31536000; includeSubdomains

X-Frame-Options: SAMEORIGIN

Response Body:

<html>

<head><title>401 Authorization Required</title></head>

<body bgcolor="white">

<center><h1>401 Authorization Required</h1></center>

<hr><center>Apple</center>

</body>

</html>

Accepted Reply

I ended up doing two things, but I think only one thing properly fixed it:

  1. Had Apple regenerate my certificate.
  2. Realized that there was some incompatibility with OpenSSL+NSS and I had to run a command to convert my certificate. I don't recall what that command was off the top of my head and I'm not in a position to look for my notes at the moment but a quick Google search turns up this command which I think is what I used:
    openssl rsa -des3 -in your.key -out your.encrypted.key
    (See https://stackoverflow.com/questions/22499425/ssl-certificate-generated-with-openssl-not-working-on-nss)

Replies

Hi, Is the problem solved?

Hi, is there any news on the solution for this problem? I have it too, but mine is still in sandbox and return a JSON with the error.

I've requested the Activation token to exchange with the Authentication token following the istruction mentioned here https://eservicecentral.apple.com/partnerdocs/gsx/docs/index.html#/authentication using one of the sandbox user that Apple send to me.


cURL command

curl -X POST https://partner-connect-uat.apple.com/gsx/api/authenticate/token -H 'X-Apple-SoldTo: ##########' -H 'X-Apple-ShipTo: ##########' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"authToken":"########-####-####-####-############", "userAppleId":"####@###.###"}' --cert 'AppleCare-Partner-########.Test.apple.com.chain.pem' --key 'privatekey.pem' --pass "########"


Full request URL

htttps://partenr-connect-uat.apple.com/gsx/api/authenticate/token


Request headers

X-Apple-SoldTo: 0000127456

X-Apple-ShipTo: 0000127456

Content-Type: application/json

Accept: application/json


Request body

{"authToken":"########-####-####-####-############", "userAppleId":"####@###.###"}


Response headers

HTTP/1.1 401 Unauthorized

Server: Apple

Date: Tue, 14 Jan 2020 17:58:08 GMT

Content-Type: application/json;charset=UTF-8

Content-Length: 133

Connection: keep-alive

X-Apple-Trace-ID: GEN-GSX-59237218-d91f-453a-a203-230fcbbd7fa1

Content-Language: it_IT

X-Apple-Error-Codes: UNAUTHORIZED

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: 0

X-Content-Type-Options: nosniff

Strict-Transport-Security: max-age=31536000 ; includeSubDomains

X-Frame-Options: DENY

X-XSS-Protection: 1 ; mode=block

Referrer-Policy: no-referrer

Strict-Transport-Security: max-age=31536000; includeSubdomains

X-Frame-Options: SAMEORIGIN


Response body

{"errorId":"###################", "errors":[{"code":"UNAUTHORIZED","message":"You are not authorized."}]}

I ended up doing two things, but I think only one thing properly fixed it:

  1. Had Apple regenerate my certificate.
  2. Realized that there was some incompatibility with OpenSSL+NSS and I had to run a command to convert my certificate. I don't recall what that command was off the top of my head and I'm not in a position to look for my notes at the moment but a quick Google search turns up this command which I think is what I used:
    openssl rsa -des3 -in your.key -out your.encrypted.key
    (See https://stackoverflow.com/questions/22499425/ssl-certificate-generated-with-openssl-not-working-on-nss)