Hello Apple Developer Community,
We are currently facing an authentication issue when calling the App Store Server API for subscription validation. Despite following Apple’s documentation and verifying all credentials, we consistently receive a NOT_AUTHORIZED error response. GET https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/appTransactions/{transactionId}
Environment: Sandbox and Production (both tested, same result) Our Setup:
Key ID: {Your Key ID} Issuer ID: {Your Issuer ID} Bundle ID: {Your Bundle ID}
JWT Header: { "alg": "ES256", "kid": "<KeyID>" }
JWT Payload: { "iss": "<IssuerID>", "iat": <current timestamp>, "exp": <timestamp + 5 minutes>, "aud": "appstoreconnect-v1", "bid": "<bundleID>" }
Authorization Header: Authorization: Bearer <JWT Token>
Troubleshooting Steps Already Taken:
Verified that .p8 key, Key ID, Issuer ID, and Bundle ID are all correctly configured and match the App Store Connect details.
Confirmed that the system clock is accurate (UTC).
Used appropriate endpoint (sandbox or production) based on environment.
Ensured that the JWT is short-lived (under 5 minutes).
Added the “Bearer” prefix correctly in the header.
Tested JWT generations using Python.
Issue: All requests return: { "errorCode": "NOT_AUTHORIZED" }
Questions:
Are there any additional claims or headers required for the subscriptions endpoint?
Are there specific permissions or roles needed for the API key in App Store Connect?
Is there a way to get more detailed logs or diagnostics for this NOT_AUTHORIZED response?
Does the App Store Server API require a different aud or bid structure for certain endpoints?
We already contacted Apple Developer Support, but they suggested posting here for engineering-level guidance. Any insight or examples of a working JWT + request for this endpoint would be greatly appreciated.
