2

I am working with App Store Connect API for the first time, from NodeJS (if that matters, but I also tried with curl).

I was able to authenticate and send GET requests with no problem, but when trying to send POST request I always get "METHOD_NOT_ALLOWED" error.

Is anyone able to send post request? specifically to "https://api.appstoreconnect.apple.com/v1/certificates", but I also tried the Profiles endpoint, and I got the same problem.

The docs claim its possible, but this error makes me feel something is not updated over there.

Any help will be very much appreciated!

Some extra information:

JWT Playload:

{
  iss:"KEY ISSUER",
  iat:Math.floor(Date.now() / 1000),
  exp:Math.floor(Date.now() / 1000) + (60 * 10),
  aud:'appstoreconnect-v1',
  scope:[
    'POST /v1/certificates'
  ]
}

JWT Options:

{
  algorithm:'ES256',
  header:{
    alg:'ES256',
    kid:"KEY ID",
    typ:'JWT'
  }
}

Request Body(Before Stringify):

{
  data:{
    type:'certificates',
    attributes:{
      certificateType:'IOS_DISTRIBUTION',
      csrContent:"PEM CERT"
    }
  }
}
Improve this question

1 Answer 1

Reset to default
5

The issue seems to be with the scope. It doesn't support POST. If you remove the scope key it should work fine.

enter image description here

Reference: https://developer.apple.com/documentation/appstoreconnectapi/generating_tokens_for_api_requests

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You are a life saver! How could I miss that!
I have the same issue, BUT I'm convinced this answer is incorrect. Of course, without a scope, the request works. But the JWT token is completely unrestricted, which is discouraged if not absolutely necessary. The mentioned section from the Apple docs refer explicitly to JWT tokens that need a longer lifetime than 20minutes. It mentions that for longer JWT token lifetime only requests with tokens limited to GET requests are allowed. @IdoPickle's example does not exceed 20min.
Hey @Adriano. Please, let us know if you happen to find the answer :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.