We are following up on the previous discussion regarding the 401 Unauthorized response from the production App Store Server API when using sandbox transaction IDs before release. (Reference: https://developer.apple.com/forums/thread/806452) From the Apple staff’s response, we understand that: “Until you have a release in production, access to the production APIs is not allowed. Once you have a release in production this will be unlocked.” We would like to confirm a few technical details related to this point: Q1. Activation timing of production API access At what exact point does access to the production App Store Server API become available? (A) Immediately after App Review approval (status: “Ready for Sale”), but before the app is publicly available on the App Store (B) Only after the app is actually published and visible on the App Store This timing is important for our backend logic that verifies transactions during the review and initial release phases. Q2. Fallback logic between pre-release and post-release Before release, we plan to implement a fallback mechanism that retries sandbox verification when receiving HTTP 401 from the production endpoint. After the app is officially released, we expect that calling the production API with a sandbox transactionId should instead return HTTP 404 Not Found. Is this understanding correct? Should our fallback condition switch from detecting 401 → sandbox (pre-release) to 404 → sandbox (post-release)? Q3. Transition behavior immediately after release When the app transitions from “Ready for Sale” to actually being live on the App Store, is the production API immediately available for real transactions? Or does it take some time (e.g., a few hours) before production access becomes stable? We would appreciate confirmation of: The exact timing when production API access becomes active Whether the 401→404 transition is the expected design behavior Any recommended best practices for handling this transition safely in production systems Thank you for your continued support and clarification.

We have encountered an issue when verifying transactions using the Get Transaction Info API. We tested the behavior in both the sandbox and production environments and observed the following results. When calling the production endpoint: https://api.storekit.itunes.apple.com/inApps/v1/transactions/{transactionId} with a transactionId generated in the sandbox environment, the API returns HTTP 401 Unauthorized. However, based on the documentation and common understanding, we expected HTTP 404 Not Found in this case. Using the same JWT token, if we call the sandbox endpoint: https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/{transactionId}, we receive HTTP 200 OK with the expected response body. We have also confirmed that the same behavior occurs when using the Get Transaction History API — it works correctly in the sandbox environment but returns 401 in production. Could you please confirm whether this behavior (receiving 401 instead of 404) is expected by design, or if it indicates a potential issue? If this is not the intended behavior, we would appreciate any guidance or instructions to resolve it. Thank you very much for your technical support. 「Get Transaction Info」APIを用いてトランザクションの検証を行ったところ、以下の問題が発生しました。 サンドボックス環境および本番環境の両方で検証を行い、次の結果を確認しています。 本番環境エンドポイント https://api.storekit.itunes.apple.com/inApps/v1/transactions/{transactionId} に対して サンドボックス環境で生成された transactionId を使用すると、HTTP 401 Unauthorized が返却されます。 （一般的には、この場合 404 Not Found が返る想定であると理解しています。） 同一のJWTトークン を用いて サンドボックス環境のエンドポイント https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/{transactionId} を呼び出した場合は、HTTP 200 OK が返り、期待通りのレスポンスボディを受け取ることができています。 また、同様の挙動が Get Transaction History を使用した場合にも発生することを確認しています。 サンドボックス環境では正常に動作しますが、本番環境では401が返却されます。 この挙動（401が返却されること）は仕様上想定されたものか、または何らかの問題によるものかご確認をお願いいたします。 もし想定外の挙動である場合は、解決に向けたご案内をいただけますと幸いです。 本件について、技術的なサポートをお願いいたします。 よろしくお願いいたします。