Team-scoped keys introduce the ability to restrict your token authentication keys to either development or production environments. Topic-specific keys in addition to environment isolation allow you to associate each key with a specific Bundle ID streamlining key management. For detailed instructions on accessing these features, read our updated documentation on establishing a token-based connection to APNs.

I'm trying to use Image Events instead of Photoshop to manipulate a bunch of images. I need to extend the canvas and have the padding be white. I've tried pad theImage to dimensions {545, 545} with pad color {65535, 65535, 65535} But that does nothing. If I remove the 'with pad colour...' part, it works but the pad defaults to black. I've looked everywhere, but there doesn't seem to be a solution. Is there one?

The support URL provided in App Store Connect must direct to a support page with links to a loan services privacy policy. The support page must also reference the lender or lending license. The privacy policy provided in App Store Connect must include references to the lender. The verified email domains associated with your Apple Developer Program account must match domains for the submitting company or partnered financial institution.

I have several ObjC based apps in the App Store and used to validate the receipt file inside the app in my code, and then reject it with exit(173) if it's invalid, which did trigger macOS to update the receipt if possible. This isn't working any more in recent macOS versions, where the user is instead just told that the app is damaged, and they need to re-install it manually. Which sucks. So I wanted to update my code. I read about SKReceiptRefreshRequest, which is supposed to re-download and install the receipt file, if I understand it correctly. I implemented the code but now have trouble verifying that it works as intended, and does this in a user friendly way. I found in my tests that macOS now caches the receipt in ~/Library/Caches/com.apple.appstoreagent/fsCachedData and then hardlinks the file into the app. BTW: Sadly, this also requires that the app is located on the startup volume or the system will refuse to install the receipt, which wasn't a requirement in past times. Now, if the receipt is already present in the cache folder, then my code works - the receipt gets re-linked. But what if the cached receipt isn't there, yet? Such as that the user had copied the app from another Mac over to a freshly installed Mac? In the past, when the user then launched the app on the new Mac, he'd be prompted to login to the MAS and if that worked, the receipt would get installed and the app launched. Basically, the question is: What if the receipt validation fails in my app and I request a new receipt, but the user has not yet logged into MAS (e.g. new computer)? To simulate this, I logging out of the MAS and TestFlight, deleting all copies of the app and then run the app that I had copied from another Mac where it was authorized with a valid receipt for that device. If I do this with the old version that uses exit(173), I get these two messages in macOS 15.2: The second one is especially terrible because it shows the translocated path, which the average user surely get quite confused, and then maybe even search in vain for the app in there and get frustrated. But that's out of my hands. Sigh. Now, that was proving that the old method with exit(173) isn't working any more and needs to be changed in my apps. Since I'm still developing (testing) this new behavior, the app is therefore not in the MAS yet - the only way for me to test this is to use TestFlight. However, running a Testflight app copied from another Mac leads to this error: That is not helpful in simulating what would happen if this app was released in the MAS. This won't let me find out what happens if my app is run on a Mac where the receipt fails and I ask it to load it via SKReceiptRefreshRequest and if the user is NOT yet logged into the MAS account for this purchased app of his/hers. That leaves only one option: Release the app with untested code and hope for the best. Contrary to this new behavior, the old method did let me test this easily because I would just use the special App Store tester account with the MAS app, i.e. the built MAS app would, when I launched it locally, request for a login and I'd provide my tester's account. But this isn't available any more, apparently. What a mess.

We are using PacketTunnel as system extension to establish vpn tunnel. The flow is like: Create a PacketTunnelProvide to establish vpn When tunnel gets connected add excludedRoutes by calling setTunnelNetworkSettings(). Result: The routing table is not getting updated with new excludeRoutes entries. As per setTunnelNetworkSettings() documentation: "This function is called by tunnel provider implementations to set the network settings of the tunnel, including IP routes, DNS servers, and virtual interface addresses depending on the tunnel type. Subclasses should not override this method. This method can be called multiple times during the lifetime of a particular tunnel. It is not necessary to call this function with nil to clear out the existing settings before calling this function with a non-nil configuration." So we believe setTunnelNetworkSettings() should be able to set new excludeRoutes. We could see we are passing correct entries to setTunnelNetworkSettings(): { tunnelRemoteAddress = 10.192.229.240 DNSSettings = { protocol = cleartext server = ( 10.192.230.211, 192.168.180.15, ) matchDomains = ( , ) matchDomainsNoSearch = NO } IPv4Settings = { configMethod = manual addresses = ( 100.100.100.17, ) subnetMasks = ( 255.255.255.255, ) includedRoutes = ( { destinationAddress = 1.1.1.1 destinationSubnetMask = 255.255.255.255 gatewayAddress = 100.100.100.17 }, { destinationAddress = 2.2.2.0 destinationSubnetMask = 255.255.255.255 gatewayAddress = 100.100.100.17 }, { destinationAddress = 11.11.11.0 destinationSubnetMask = 255.255.255.0 gatewayAddress = 100.100.100.17 }, ) excludedRoutes = ( { destinationAddress = 170.114.52.2 destinationSubnetMask = 255.255.255.255 }, ) overridePrimary = NO } MTU = 1298 } The problem is present on macOS Sequoia 15.2. Is it a known issue? Did anyone else faced this issue?

I’m working on a solution to archive iMessages by using an API or similar mechanism. Here’s the desired workflow: The user provides their phone number to initiate the archiving process. They receive a text message with a URL link. Clicking on the link authorizes the archiving of their iMessages. Once authorized, their text messages are archived. So far, I’ve researched third-party services and APIs but haven’t found any that offer this capability directly for iMessages. Questions: Are there any APIs or frameworks (Apple or third-party) that support accessing and archiving iMessages programmatically?

I've been stuck for days trying to figure out how to extract the full text of a Siri prompt that launches my app. We need to be able to get the text of the full command, such as "Hey siri, buy dogfood...." so I can get "dogfood" or anything else following 'buy' . The examples I am finding are a) out of date or b) incomplelete. Right now we're using AppIntents with Shortcuts, but have to use dedicated shortcuts for each specific purchase, which are obviously very limiting.

I've been testing the Live CallerID feature using the Apple-provided local server example - live-caller-id-lookup-example. I've been running a local server with tunneling using ngrok for the initial setup. Everything was working perfectly with the following setup: @main final class CallerID: LiveCallerIDLookupProtocol { var context: LiveCallerIDLookupExtensionContext { LiveCallerIDLookupExtensionContext( serviceURL: URL(string: "https://example-tunnel.ngrok.io")!, tokenIssuerURL: URL(string: "https://example-tunnel.ngrok.io")!, userTierToken: Data(base64Encoded: "BBBB")! ) } } However, after I updated the URLs to the production ones, I encountered an issue: @main struct CallerID: LiveCallerIDLookupProtocol { var context: LiveCallerIDLookupExtensionContext { LiveCallerIDLookupExtensionContext( serviceURL: URL(string: "https://example.net/")!, tokenIssuerURL: URL(string: "https://example/issue")!, userTierToken: Data(base64Encoded: "BBBB")! ) } } The problem is that during calls or when updating PIR parameters, the application still attempts to connect to the initial ngrok tunnel URLs instead of using the new production URLs. I can confirm this because the logs on my local server show incoming requests, indicating that the application is still referencing the old ngrok tunnel URLs. Steps I’ve taken to resolve the issue include: Deleting and reinstalling the application. Using reset(forExtensionWithIdentifier:) Unfortunately, these attempts have not been successful. I even extracted the binary of the app and extension to inspect the strings, confirming that the correct production URLs are present. The server was started with the following command: PIRService --hostname 127.0.0.1 service-config.json Could this be some sort of caching bug on the iOS side, or am I missing something?

When simulating a Storekit error like an invalid device verification or others of that type, should we finish a failed transaction? When I test with a Storekit configuration file, all failed transactions persist after every restart. The Apple-provided sample code for Storekit 2 has transactions finished only when they are successful.

Hello, I'm using Apple Wallet passes with a custom backend for distributing and updating them, as described in the documentation (https://developer.apple.com/documentation/walletpasses). I'm sometimes seeing a behaviour where the device does not download an updated pass even though the push notification for informing about the changes has been successfully sent (I've received a success response from APNs). APNs documentation says that it should retry sending the notification if the device is not reachable, but in the cases I'm describing here, the request from the device to fetch the updated pass never arrives. I don't have the apns-expiration header set. Also, I've checked the load balancer and firewall logs, etc. and there are no traces of the requests. Any thoughts on what might be the issue here? Or how to debug this further?

Hello everyone, I have some questions regarding the behavior of the offerIdentifier property in the TransactionPayload from App Store Server Notifications. When a user redeems an Offer Code, the offerIdentifier field is populated with the respective identifier. However, I am unsure how this field behaves in different scenarios, and I would appreciate any insights or clarification: Does the offerIdentifier persist throughout the subscription lifecycle (from the initial purchase to expiration)? Does it become null once the Offer Code benefits expire? Is it only present at the time of purchase and omitted in subsequent notifications? Additionally, I would like to understand the behavior of the offerIdentifier in the following scenario: A user purchases a lower-tier subscription using an Offer Code. Later, they upgrade to a higher-tier plan, causing the Offer Code benefits to effectively expire. What happens to the offerIdentifier in the transaction for the upgrade? Will it still appear in transactions after the upgrade, or will it be null? I couldn't find explicit details about these situations in the official documentation, so I hope someone here might have experience or knowledge to share. Thank you in advance for your help!

Good day. Installed Sequoia Developer Beta. After that, the laptop started to behave incorrectly, programs over 1 GB stopped installing, updates were not installed, sometimes it rebooted spontaneously. Decided to roll back. With the help of another Macbook, I managed to install 14.6.1. Errors remained. Updates are not installed. Tried to restore through the recovery menu, error at 52 minutes, using a boot disk, the same error. What else can I do? Mac Book Pro M1 16gb/2tb

All the cards seem to have expired in Dec 2024: https://developer.apple.com/apple-pay/sandbox-testing/ Are there updated cards? Some gateways only support Mastercard and Discover which all appear expired.

I recently started saving a file, where I hold some app state, to an AppGroup in order to share it with my widget extension. Of the some 16k daily active users of my app, 55 are initially unable to read the file (it might not yet be created). And they are unable to write a file to the AppGroup as well. I only know this due to logging the error to Crashlytics. Error Reading: "The file “BFTPreferences” couldn’t be opened because you don’t have permission to view it. Error Code:257" My App sees this error and informs the user to restart their device. I have not been contacted by any of these users for support, so I assume the restart fixes things. Has anyone seen this before? Is restarting the device the only fix? Am I doing something wrong? The only solution I can think of currently is to save the file to the app's Documents directory and save a copy to the AppGroup for use in my extensions. At least then the main app won't have an issue and it will just be the widget unable to display data until a restart. Reading the file: do { // archive data let data = try PropertyListSerialization.data(fromPropertyList: preferences, format: .xml, options: 0) // write data do { if let groupURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupIdentifier) { let fullPath = groupURL.appendingPathComponent(preferencesFileName) try data.write(to: fullPath) } else { fatalError("Unable to find app group \(appGroupIdentifier)") } } catch { logthis("Failed to write dictionary data to disk. \(error.localizedDescription)") } } catch { logthis("Failed to archive dictionary. \(error.localizedDescription)") } Writing the file: do { if let groupURL = FileManager.default.containerURL(forSecurityApplicationGroupIdentifier: appGroupIdentifier) { let fullPath = groupURL.appendingPathComponent(preferencesFileName) let data = try Data(contentsOf: fullPath) if let dictionary = try PropertyListSerialization.propertyList(from: data, format: nil) as? NSMutableDictionary { preferences = dictionary } } else { fatalError("Unable to find app group \(appGroupIdentifier)") } } catch { if (error as NSError).code == NSFileReadNoSuchFileError { // file doesn't exist so create it } else { logthis("Couldn't read BFTPreferences:\(error.localizedDescription)\nError Code:\((error as NSError).code)") <--error code 257 is caught here } }

Is there a way to distinguish physical mouse/keyboard input from remote control mouse/keyboard input on Mac? Or even better, is there a way to detect if my Mac is being remotely controlled?

After opening the Apple Pay Popup and try to close the popup (without scanning the QR Code), the oncancel handler (accociated with the created session) doesn't fire. Meanwhile if the merchant scanned the QR code and the UI of the popup changed, then cancel the popup manually (using close (X) button), it fires the session.oncancel event handler. Here is applied setup: const { ApplePaySession } = window; if (!(ApplePaySession && ApplePaySession.canMakePayments())) { return new Error('Apple Pay Session is not available'); } const paymentCapabilities = await ApplePaySession.applePayCapabilities( applePaymentOptionsMetaData.merchantIdentifier, ); if (paymentCapabilities.paymentCredentialStatus === 'applePayUnsupported') { console.error('ApplePaySession is not supported.'); return; } const request = { "countryCode": "KW", "currencyCode": "KWD", "merchantCapabilities": [ "supports3DS" ], "supportedNetworks": [ "VISA", "MASTERCARD" ], "billingContact": { "phoneNumber": "201000000000", "emailAddress": "example@test.com", "givenName": "Ahmed", "familyName": "Sharkawy" }, "total": { "amount": "3.085", "label": "Merchant Testing" } } const session = new ApplePaySession(5, request); session.onvalidatemerchant = async event => { if (debug) { console.info('Creating merchant session and validating merchant session'); console.info('onvalidatemerchant event', event); } try { // Validation Merchant Request session.completeMerchantValidation(data); } catch (error: any) { session.completePayment({ status: ApplePaySession.STATUS_FAILURE }); } }; session.onpaymentauthorized = async (event) => { session.completePayment({ status: ApplePaySession.STATUS_SUCCESS }); }; // This doesn't fire session.oncancel = () => { console.info('EVENT: oncancel'); }; session.begin();

I have an iOS app that installs a Content Filter in order to block certain types of content at the network/socket level. The Family Controls framework stipulates that this can only be done successfully on a FamilyControlsMember.child account type (or on a supervised device). Our initial release has been really successful, but I would say that perhaps 75% of our users are .individual (probably over 18). Perhaps a topic for another forum post is to discuss how Apple's policy here doesn't seem to be meeting a real need here for non-minors, but I'll leave that alone for now. The problem we're facing is that as far as I can tell, the only way to determine if someone has the right account type is to initiate an authorization request using AuthorizationCenter.shared.requestAuthorization(for:) and then inspect the error. I think it could really help the usability of the app if we could detect the account type and preemptively show a helpful message if the authorization could not succeed, and recommend some alternatives. But I've looked so far in vain for some way to do this. Is there any api in Family Controls (or elsewhere) that can query the system for this information? Any pointers would be greatly appreciated!

I have been using the hourly weather forecast API, for some reason sometimes the API fails with 400 Bad Request, but on retrying just a minute later the call successfully returns data. The start and end time are 2 days apart so I don't think it's an issue with the time frame. The failed calls also don't return any reason so not sure what is the exact failure. Has anyone encountered this issue or knows why this might be happening?? Thanks!!

Hi, I'm not too good with terminal stuff, but when I looked at activity monitor, my corespotlightd was using too much of my cpu. I decided to look up solutions on google and stumbled upon this: https://forums.developer.apple.com/forums/thread/675482. I tried some of the commands, and I closed the terminal while sudo was still running because I was getting impatient. Somehow, before I even realized it, I was logged out of my Apple ID and my desktop and downloads files were completely gone. For some reason, my applications are still the same, which makes me wonder if some of the files or folders I had before can still be recoverable. I checked time machine, and I wasn't able to recover anything. How cooked am I? I've lost all of my university work and some other pictures and stuff that I thought would never be damaged if I had it locally. Would appreciate any type of help. Thanks.

I am having issues loading in a mapkit snapshot. I get an error saying that https://domain.com and they're expecting domain.com. I have no idea what could be going wrong here. I set the domains properly in the mapkit tokens. When I click on the link it opens a new tab and loads what the data properly, but somehow in the application on production this error comes up.

I have a video, after recording there is no sound, after a few seconds there is only audio sound that I recorded.