Christian SeligJul 5, 2023

Anyone familiar with the StoreKit API and know what silly mistake I'm making? As a test, I'm just trying to fetch my JWT string with Ruby, which *seems* to properly output in the format "AAAA.BBBB.CCCC”, and then I try to use that as the auth header to get a list of my apps with:

curl -v https://api.appstoreconnect.apple.com/v1/apps -H "Authorization: Bearer AAAA.BBBB.CCCC” but I always get a 401 Not Authorized error.

(Fetch code: https://gist.github.com/christianselig/098a6f81f43d041eb4116798b93eb04d)

(UPDATE: Whoops, used StoreKit API key instead of ASC key)

Show threadPepper PaganJul 5, 2023
@christianselig have you tried lowering the expiry time to <20 minutes?
Show threadChristian Selig
@pepperpagan No change :(
Jul 5, 2023 at 11:08pmIvory for Mac
Show threadPepper PaganJul 5, 2023
@christianselig hmm, any change in error if you remove the iat line from the payload + keep the expiry time <20 mins?
Show threadChristian SeligJul 5, 2023
@pepperpagan No :(