From MDM Protocol Reference, we can read the following info: "The contentMetadataLookupUrl in the VPPServiceConfigSrv response allows an MDM server to query the iTunes Store for app and book metadata. When the VPP sToken is included in the request as a cookie, an MDM server can also get authenticated app metadata for B2B apps already owned by the VPP account, as well as apps that can still be re-downloaded but can no longer be purchased. The URL query string tells the content metadata lookup service what app or book to look up. The VPP sToken must be included as a cookie named itvt to access the authenticated metadata. Here is an example of the URL to look up an app: https://uclient-api.itunes.apple.com/WebObjects/MZStorePlatform.woa/wa/lookup?version=2&id=361309726&p=mdm-lockup&caller=MDM&platform=itunes&cc=us&l=en
From Safari browser, I succeeded in getting the Pages app (id=361309726) metadata without cookie. Unfortunately, I was unable to get the metadata of a B2B app with a cookie named itvt and my sToken as value. The "isAuthenticated" parameter is always set to false w/o cookie. IMHO, this is not the expected behavior because the HTTP status should not be 200 (OK) but 401 (Unauthorized).
Did someone get B2B app metadata using the contentMetadataLookupUrl service?
