Hey there, We've been using App Store Connect API to manage (create/update) Advanced App Clip Experiences via App Store Connect API. Everything has worked fine, we've been able to successfully manage hundreds of app clips but all of a sudden starting on December 15th the API started returning the following error: "id" => "1e15b36b-5347-4af0-9bab-7f6626ffec65" "status" => "409" "code" => "ENTITY_ERROR.INCLUDED.INVALID_ID" "title" => "The provided entity id is invalid" "detail" => "The provided included entity id 'EN' has invalid format" "source" => array:1 [▼ "pointer" => "/included/0/id" ] It does seem to be an API bug considering it has always worked fine and we didn't change anything on our side, the /included/0/id value has always been EN and never changed. Moreover, EN still seems to be a valid value according to the API docs and there are no changes reported of that field in the API release notes. Here's the request ID: 1e15b36b-5347-4af0-9bab-7f6626ffec65 I've tried using different values through trial and error (en, EN, EN-US, ...) and none of them worked.

Hello, I'm trying to upload an asset pack that has the same identifier as an asset pack that I've archived. I understand this isn't likely a common scenario, but I'd expect that uploading an archived Asset Pack to become un-archived. Reverting to the next newest version available for the Asset Pack. Further, this restriction is not clear that you won't be able to reuse the assetPackID on the archive asset pack alert Archive Asset Pack? Are you sure you want to archive "[NAME]" asset pack? All versions of this asset will no longer be accessible by your app. Errors: Failed to create a new background asset pack version for '[NAME]'. (-19243) operation not allowed (409) Cannot create version for an archived background asset. (ID: 2cc6499a-83fa-4bbb-bc1f-0bb67d2a873d) httpBody: { "errors" : [ { "id" : "2cc6499a-83fa-4bbb-bc1f-0bb67d2a873d", "status" : "409", "code" : "STATE_ERROR.ARCHIVED_BACKGROUND_ASSET", "title" : "operation not allowed", "detail" : "Cannot create version for an archived background asset." } ]

Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-26000 Attempting to submit a new build continually failing and I suspect this is due to some issues on Apple's servers (Status code: 502, Bad Gateway) Anyone else seeing this issue? Apple's status page doesn't show any open incidents. [logs] Creating authorization token for App Store Connect API [logs] Ready to upload new build to TestFlight (App: 6746477612)... [logs] Going to upload updated app to App Store Connect [logs] This might take a few minutes. Please don't interrupt the script. [logs] [altool] 2025-12-10 12:04:00.993 *** Error: Unable to upload archive. Failed to authenticate for session: ( [logs] [altool] "Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-26000 \"The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\nStatus Code: 502 (bad gateway)\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <style>\n body {\n font-family: \"Helvetica Neue\", \"HelveticaNeue\", Helvetica, Arial, sans-serif;\n font-size: 15px;\n font-weight: 200;\n line-height: 20px;\n color: #4c4c4c;\n text-align: center;\n }\n\n .section {\n margin-top: 50px;\n }\n </style>\n</head>\n<body>\n<div class=\"section\">\n <h1>&#63743;</h1>\n\n <h3>Bad Gateway</h3>\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\n</div>\n</body>\n</html>\n\n\" UserInfo={NSLocalizedRecoverySuggestion=The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\nStatus Code: 502 (bad gateway)\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <style>\n body {\n font-family: \"Helvetica Neue\", \"HelveticaNeue\", Helvetica, Arial, sans-serif;\n font-size: 15px;\n font-weight: 200;\n line-height: 20px;\n color: #4c4c4c;\n text-align: center;\n }\n\n .section {\n margin-top: 50px;\n }\n </style>\n</head>\n<body>\n<div class=\"section\">\n <h1>&#63743;</h1>\n\n <h3>Bad Gateway</h3>\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\n</div>\n</body>\n</html>\n\n, NSLocalizedDescription=The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\nStatus Code: 502 (bad gateway)\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <style>\n body {\n font-family: \"Helvetica Neue\", \"HelveticaNeue\", Helvetica, Arial, sans-serif;\n font-size: 15px;\n font-weight: 200;\n line-height: 20px;\n color: #4c4c4c;\n text-align: center;\n }\n\n .section {\n margin-top: 50px;\n }\n </style>\n</head>\n<body>\n<div class=\"section\">\n <h1>&#63743;</h1>\n\n <h3>Bad Gateway</h3>\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\n</div>\n</body>\n</html>\n\n, NSLocalizedFailureReason=App Store operation failed.}" [logs] [logs] [altool] ) (-1011) [logs] [logs] [altool] { [logs] [logs] [altool] NSLocalizedDescription = "Unable to upload archive."; [logs] [altool] NSLocalizedFailureReason = "Failed to authenticate for session: (\n \"Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-26000 \\\"The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\\nStatus Code: 502 (bad gateway)\\n\\n\\n<!DOCTYPE html>\\n<html lang=\\\"en\\\">\\n<head>\\n <style>\\n body {\\n font-family: \\\"Helvetica Neue\\\", \\\"HelveticaNeue\\\", Helvetica, Arial, sans-serif;\\n font-size: 15px;\\n font-weight: 200;\\n line-height: 20px;\\n color: #4c4c4c;\\n text-align: center;\\n }\\n\\n .section {\\n margin-top: 50px;\\n }\\n </style>\\n</head>\\n<body>\\n<div class=\\\"section\\\">\\n <h1>&#63743;</h1>\\n\\n <h3>Bad Gateway</h3>\\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\\n</div>\\n</body>\\n</html>\\n\\n\\\" UserInfo={NSLocalizedRecoverySuggestion=The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\\nStatus Code: 502 (bad gateway)\\n\\n\\n<!DOCTYPE html>\\n<html lang=\\\"en\\\">\\n<head>\\n <style>\\n body {\\n font-family: \\\"Helvetica Neue\\\", \\\"HelveticaNeue\\\", Helvetica, Arial, sans-serif;\\n font-size: 15px;\\n font-weight: 200;\\n line-height: 20px;\\n color: #4c4c4c;\\n text-align: center;\\n }\\n\\n .section {\\n margin-top: 50px;\\n }\\n </style>\\n</head>\\n<body>\\n<div class=\\\"section\\\">\\n <h1>&#63743;</h1>\\n\\n <h3>Bad Gateway</h3>\\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\\n</div>\\n</body>\\n</html>\\n\\n, NSLocalizedDescription=The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\\nStatus Code: 502 (bad gateway)\\n\\n\\n<!DOCTYPE html>\\n<html lang=\\\"en\\\">\\n<head>\\n <style>\\n body {\\n font-family: \\\"Helvetica Neue\\\", \\\"HelveticaNeue\\\", Helvetica, Arial, sans-serif;\\n font-size: 15px;\\n font-weight: 200;\\n line-height: 20px;\\n color: #4c4c4c;\\n text-align: center;\\n }\\n\\n .section {\\n margin-top: 50px;\\n }\\n </style>\\n</head>\\n<body>\\n<div class=\\\"section\\\">\\n <h1>&#63743;</h1>\\n\\n <h3>Bad Gateway</h3>\\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\\n</div>\\n</body>\\n</html>\\n\\n, NSLocalizedFailureReason=App Store operation failed.}\"\n)"; [logs] [logs] [altool] } [logs] Application Loader output above ^ [logs] The server returned an invalid MIME type: text/html [logs] Error uploading '/var/folders/m1/8_w9962s3b79dqm00nnlm85m0000gn/T/97c174a3-8844-4f85-8fd5-78df1906d170.ipa'. [logs] Unable to upload archive. Failed to authenticate for session: ( [logs] The call to the altool completed with a non-zero exit status: 1. This indicates a failure. [logs] Could not download/upload from App Store Connect! [logs] [!] Error uploading ipa file:

Hello, I have a question about when are asset packs actually updated? For Essential Asset Packs, this only during the keys included in the pack? As in, only when the app is installed for firstInstallation. And only when there's an app update for subsequentUpdate? For On Demand Asset Packs, is this only when AssetPackManager.shared.checkForUpdates() is called? Also, are any asset packs ever actually updated in the background? For example, if an On Demand Asset Pack has an update pushed, can the device automatically fetch and download the pack overnight? Or is updating limited to only when the app is active?

I was using the Download Sales and Trends Reports API (GET https://api.appstoreconnect.apple.com/v1/salesReports), but at some point, the results started not displaying properly. (The reason for this is that all the +sales values ​​aren't showing up in the CSV file.) Below, I'll show you how to use the API in Python with a screenshot. (***** elements are hidden.) If anyone knows why, please let me know.

I have iOS 26.2. App is updated with declared age range capability and entitlement and is calling AgeRangeService.shared.requestAgeRange without any error. No popup alert for Age range sharing appears when app calls for requestAgeRange and there no Sandbox Testing under developer. I have signed in Sandbox test user as well.

Regarding the “App Store Downloads” Analytics Report, I have submitted a report generation request with accessType: ONE_TIME_SNAPSHOT. Reference: https://developer.apple.com/documentation/analytics-reports/app-download I would like to confirm the scope of the Campaign data included in the report generated by this request. In the App Store Connect UI, I understand that there is an upper limit of 200 Campaign entries displayed. For the report output, however, could you please confirm whether it includes all Campaigns measured on the App Store Connect side? Or is there also any upper limit on the number of Campaign records included in the report itself?

Hi everyone! When I attempt the Post Request using Postman, as shown in my attached curl, I receive the error "{ "errors": [ { "status": "405", "code": "METHOD_NOT_ALLOWED", "title": "The request method is not valid for the resource path.", "detail": "The request method used for this request is not valid for the resource path. Please consult the documentation." } ] }". I have constructed the JWT correctly as an admin with correct private Key and Unix Times and I am able to send regular GET requests without issue and I can view the dashboards in App Store Connect. The described POST request is being rejected, although it says so in the documentation: https://developer.apple.com/documentation/appstoreconnectapi/post-v1-analyticsreportrequests. Curl: curl --location 'https://api.appstoreconnect.apple.com/v1/analyticsReportRequests' --header 'Content-Type: application/json' --header 'Authorization: Bearer XXX' --data '{ "data": { "type": "analyticsReportRequests", "attributes": { "accessType": "ONGOING" }, "relationships": { "app": { "data": { "type": "apps", "id": "XXXXXXXXXX" } } } } }' (using ONE_TIME_SNAPSHOT makes no difference) Is this a documentation error ? I'd be happy to hear about a fix.

I'd like to report an issue with the "App Referrer" source segmentation in the App Store Connect Analytics API. Issue Summary When retrieving impression data via the App Store Connect Analytics API using groupBy=["sourceType", "sourceInfo"], the impressions attributed to specific referring apps (e.g., Facebook, Instagram) do not match the values ​​displayed in the App Store Connect web dashboard. Details The total impressions in the API and dashboard are completely consistent, with the report category: App Store Discovery and Engagement Standard_Daily. The aggregated "App Referrer" (overall category) is also consistent. However, the detailed segmentation data in "App Referrer" is inconsistent, with the report category: App Store Discovery and Engagement Detailed_Daily. For example: The web dashboard shows significantly more impressions attributed to Facebook or Instagram. The API returns fewer impressions for the same referral source. Furthermore, the API does not return any "unknown"/"other" referral source entries, and displays no data for presentations where the exact referring app cannot be identified. Therefore, the sum of all sourceInfo entries returned by the API is lower than the app referral source value displayed in the web dashboard. We have confirmed: This is not due to time zone differences—the totals are exactly the same. We used the same date range, region, and platform settings as the dashboard. The difference only appears in the detailed app referral source breakdowns (e.g., "Facebook," "Instagram"). The API does not return missing presentations under any category. Questions for Apple: Does the App Store Connect web interface aggregate presentations from unidentified or privacy-restricted referring apps into known app names (e.g., Facebook or Instagram)? Is it normal for the Analytics API not to expose these presentations when the exact referring app cannot be identified? What official logic does the App Store Connect use to determine and display specific app referral sources (e.g., Facebook, Instagram)? When the API returns fewer referral records than the dashboard, how can developers accurately reproduce the same detailed app referral breakdown data in their reports? Are there any known limitations or privacy thresholds in the API that affect the disclosure of sourceInfo? Other Information Endpoint: Analytics API (Impressions grouped by sourceType and sourceInfo) Metric: Impressions Grouping Criteria: sourceType, sourceInfo We want to understand how App Store Connect allocates impressions to specific third-party apps (e.g., Facebook, Instagram) in the dashboard, and why the Analytics API returns lower numbers for these referral sources.

I think there's been a recent change to the App Store Connect API; I claim that it's a bug. When querying App Store Connect API endpoints that return arrays, like https://api.appstoreconnect.apple.com/v1/apps, the response includes a links property, of type PagedDocumentLinks. https://developer.apple.com/documentation/appstoreconnectapi/pageddocumentlinks links should include a next link only if there's more data to provide, and, indeed, this is how it works for the /v1/apps endpoint. But when querying inAppPurchasesV2, I find that starting very recently (this week?) the API always returns a next link, even if there's no more data to show. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=APo&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw' }, meta: { paging: { total: 223, nextCursor: 'ASw', limit: 50 } } } If I request the next link, it will generate me another response with empty data and with a new cursor. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=AV4' }, meta: { paging: { total: 223, nextCursor: 'AV4', limit: 50 } } } Code I've written against this API (including my open-source library https://github.com/dfabulich/node-app-store-connect-api) assumes that if there's another links.next link, we should follow it; as a result, my code is looping infinitely, requesting empty data until eventually I have to give up. This issue doesn't affect other endpoints, like /v1/apps, just this inAppPurchasesV2 endpoint. Was this an intentional change? It seems to be a bug.

I’m experiencing an issue while attempting to authenticate API calls to the App Store Connect API using a JWT token. I have App Manager permissions on my apple developer account. Despite following the official documentation and successfully verifying the JWT signature locally, I consistently receive the following response from the API: { "errors": [{ "status": "401", "code": "NOT_AUTHORIZED", "title": "Authentication credentials are missing or invalid.", "detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired." }] } import jwt import time from cryptography.hazmat.primitives import serialization from cryptography.hazmat.backends import default_backend from jwt.exceptions import InvalidSignatureError Replace with your own credentials KEY_ID = "<YOUR_KEY_ID>" ISSUER_ID = "<YOUR_ISSUER_ID>" PRIVATE_KEY_PATH = "AuthKey_<YOUR_KEY_ID>.p8" def generate_token(): """Generate a JWT for App Store Connect API authentication.""" with open(PRIVATE_KEY_PATH, "r") as f: private_key = f.read() header = { "alg": "ES256", "kid": KEY_ID, "typ": "JWT" } now = int(time.time()) payload = { "iss": ISSUER_ID, "iat": now, "exp": now + 1200, # Token valid for 20 minutes "aud": "appstoreconnect-v1" } token = jwt.encode(payload, private_key, algorithm="ES256", headers=header) return token def verify_token_signature(token): """Verify JWT signature locally using the public key derived from the .p8 private key.""" with open(PRIVATE_KEY_PATH, "rb") as key_file: private_key = serialization.load_pem_private_key( key_file.read(), password=None, backend=default_backend() ) # Derive public key from private key public_key = private_key.public_key() pem_public_key = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo ) try: decoded = jwt.decode( token, pem_public_key, algorithms=["ES256"], audience="appstoreconnect-v1" ) print("✅ JWT signature verified successfully.") print("Decoded payload:", decoded) except InvalidSignatureError: print("❌ JWT signature is invalid.") except Exception as e: print(f"❌ JWT verification failed: {e}") if name == "main": token = generate_token() print("Generated JWT:", token) verify_token_signature(token) Why might a JWT that is valid locally still fail authentication with a 401 NOT_AUTHORIZED error from the App Store Connect API? Are there any specific permission scopes required for API access beyond App Manager account access from Apple Store connect? Are there any known issues or additional configuration steps required for API key access? Is there a way to validate API access status for a specific key or account? Could you please share the correct example of JWT generation in Python for reference?

Hi! Earlier, I created a report using the appstore api, and it contained WEEKLY and DAILY data. However, I have now created a report for a new app, and after almost a month, it does not have DAILY granularity. How can I obtain it?

Hi! Earlier, I created a report using the appstore api, and it contained WEEKLY and HOURLY data. However, I have now created a report for a new app, and after almost a month, it does not have HOURLY granularity. How can I obtain it?

I'm getting back a 409 trying to edit the content rights declaration for one of my apps. It is correctly in the PREPARE_FOR_SUBMISSION state, confirmed through the API and on the ASC App Info page. Here's my request: curl -X PATCH -H 'Authorization: Bearer XXX' -H 'Content-Type: application/json' -d '{"data":{"id":"XXX","type":"apps","attributes":{"contentRightsDeclaration":"DOES_NOT_USE_THIRD_PARTY_CONTENT"}}}' "https://api.appstoreconnect.apple.com/v1/apps/XXX" which returns a 409 "not in proper state" error. I would also expect to be able to edit in the UI but also is not available. Any help is appreciated. Thank you.

Hello, I’m currently using the App Store Connect API to automate report downloads. I’ve successfully downloaded data for Sales and Trends and Financial Reports via API. However, I noticed there’s also a “Payment Information” report listed here: 👉 https://developer.apple.com/help/app-store-connect/reference/reporting/payment-information Could you please confirm whether this report can also be retrieved via the App Store Connect API? If so, which endpoint or reportType / reportSubType should be used? I’ve reviewed the documentation here (https://developer.apple.com/documentation/appstoreconnectapi/downloading-analytics-reports ), but couldn’t find a match. Thanks a lot for your help!

Hello Apple Developer Community, We are currently facing an authentication issue when calling the App Store Server API for subscription validation. Despite following Apple’s documentation and verifying all credentials, we consistently receive a NOT_AUTHORIZED error response. GET https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/appTransactions/{transactionId} Environment: Sandbox and Production (both tested, same result) Our Setup: Key ID: {Your Key ID} Issuer ID: {Your Issuer ID} Bundle ID: {Your Bundle ID} JWT Header: { "alg": "ES256", "kid": "" } JWT Payload: { "iss": "", "iat": , "exp": <timestamp + 5 minutes>, "aud": "appstoreconnect-v1", "bid": "" } Authorization Header: Authorization: Bearer Troubleshooting Steps Already Taken: Verified that .p8 key, Key ID, Issuer ID, and Bundle ID are all correctly configured and match the App Store Connect details. Confirmed that the system clock is accurate (UTC). Used appropriate endpoint (sandbox or production) based on environment. Ensured that the JWT is short-lived (under 5 minutes). Added the “Bearer” prefix correctly in the header. Tested JWT generations using Python. Issue: All requests return: { "errorCode": "NOT_AUTHORIZED" } Questions: Are there any additional claims or headers required for the subscriptions endpoint? Are there specific permissions or roles needed for the API key in App Store Connect? Is there a way to get more detailed logs or diagnostics for this NOT_AUTHORIZED response? Does the App Store Server API require a different aud or bid structure for certain endpoints? We already contacted Apple Developer Support, but they suggested posting here for engineering-level guidance. Any insight or examples of a working JWT + request for this endpoint would be greatly appreciated.

We fetch the App Store Analytics – App Installs & Deletions (Daily) report via the Analytics Reports API and land each delivery into S3. The rows we ingest contain fields like Date, Event, Download Type, Counts, and Unique Devices. We’re trying to compute for example Installations and First-time downloads so our warehouse totals match the App Store Connect UI exactly, but our counts are consistently higher when we aggregate (with filter conditions being the same). Questions: (1) Official dedupe/versioning approach: What's the recommended approach to avoid double counting across API deliveries and to match the UI exactly? If later deliveries can revise past dates, what field(s) or process should we rely on to decide which records to keep for a given Date? (2) Completeness window: For daily data, is the recommended approach to publish rolling values that may change for a few days, or waiting until dates are considered “complete” before reporting? Any best-practice guidance would be helpful. Thanks!

Hi! We are seeing increased number of 404s when trying to download sales report from reportingitc-reporter.apple.com/reportservice/sales/v1 We are using API version 2.2 Is anyone else facing these issues?

I'm facing the following issue when I try to use the API https://appleid.apple.com/auth/usermigrationinfo I am currently preparing for app migration and planning to use auth/usermigrationinfo to generate a transfer identifier. My request parameters are as follows. sub=( team-scoped user identifier) target=(Team ID Target 10 letters) client_id=Bundle id client_secret= Secret generated with private key However, after calling the API, I received the following error response. { "error": "access_denied" } Does this API call have a time limit, and must it be called only after the app migration is completed? Thanks & regards

Are game applications allowed to have permission to read and write the calendar? Is this permission limited to certain types of applications? Are there any specific requirements for developers when using calendar read/write permissions? If so, what steps should developers follow to utilize this permission?