Hey there, We've been using App Store Connect API to manage (create/update) Advanced App Clip Experiences via App Store Connect API. Everything has worked fine, we've been able to successfully manage hundreds of app clips but all of a sudden starting on December 15th the API started returning the following error: "id" => "1e15b36b-5347-4af0-9bab-7f6626ffec65" "status" => "409" "code" => "ENTITY_ERROR.INCLUDED.INVALID_ID" "title" => "The provided entity id is invalid" "detail" => "The provided included entity id 'EN' has invalid format" "source" => array:1 [▼ "pointer" => "/included/0/id" ] It does seem to be an API bug considering it has always worked fine and we didn't change anything on our side, the /included/0/id value has always been EN and never changed. Moreover, EN still seems to be a valid value according to the API docs and there are no changes reported of that field in the API release notes. Here's the request ID: 1e15b36b-5347-4af0-9bab-7f6626ffec65 I've tried using different values through trial and error (en, EN, EN-US, ...) and none of them worked.

Hello Apple Developer Support, I am facing an issue when attempting to use the App Store Connect API with my API key. While basic access (e.g., /v1/apps) works correctly, any requests related to Certificates, Identifiers & Profiles (CIP) are failing with a 403 Forbidden error. Here are the details of the request and validation results: JWT Details: { "header": { "alg": "ES256", "kid": "2XLW343BLM", "typ": "JWT" }, "payload": { "iss": "9cf6159c-e038-4703-b542-7652242a6dbf", "iat": 1757515277, "exp": 1757516357, "aud": "appstoreconnect-v1" } } Test Results: ✅ /v1/apps?limit=1 → Status: 200 (working) ❌ /v1/bundleIds?limit=1 → Status: 403 Error: Unable to find a team with the given Content Provider ID 9cf6159c-e038-4703-b542-7652242a6dbf to which you belong. ❌ /v1/certificates?limit=1 → Status: 403 Error: This request is forbidden for security reasons. ❌ /v1/profiles?limit=1 → Status: 403 Error: Unable to find a team with the given Content Provider ID. I have already confirmed that: All API keys were generated correctly. All required roles and permissions have been assigned in App Store Connect. It seems that while public access endpoints are functioning, the CIP endpoints are blocked for my account/key. Could you please advise: Why the given Content Provider ID is not being recognized? Whether additional permissions, roles, or configuration are required to enable access to Certificates, Identifiers, and Profiles through the API? If it is possible to reset or refresh my membership/team configuration so that I can successfully access the App Store Connect API endpoints for CIP. Thank you for your support and guidance. Best regards

Hi there, Recently, a change was made to the App Store Connect API, which removed the unofficially supported templateName parameter when creating provisioning profiles. This broke fastlane as it was using the templateName parameter. Could that change be reverted or official support added for templateName? I believe this change was first rolled out around March 18th and then reverted shortly after, before being rolled out again around May 6th. The fastlane issue can be seen here: https://github.com/fastlane/fastlane/issues/29498 Official AppStoreConnect API docs for the endpoint are here: https://developer.apple.com/documentation/appstoreconnectapi/profilecreaterequest/data-data.dictionary/attributes-data.dictionary

I am following the Downloading Analytics Reports guide which consists of five steps: request the ONGOING report generation for the app once list all analytics report requests for the app list all analytics reports based on the analytics report request id :x: list all analytics report instances based on the analytics report id list all segments of the analytics report instance to get the download url I can only complete the third step which returns a list of all available reports. However when I continue with step four, the request for the analytics report instances returns with a response code 200 but the data array is always empty: I am using the Home Screen Widget Installs report but this is also happening for other reports Also changing or omitting the filter doesn't change anything { "data": [], "links": { "self": "https://api.appstoreconnect.apple.com/v1/analyticsReports/{reportId}/instances?filter%5Bgranularity%5D=DAILY" }, "meta": { "paging": { "total": 0, "limit": 50 } } } What could be the reason that the data array is empty and how can I fix it because there is no error message?

I think there's been a recent change to the App Store Connect API; I claim that it's a bug. When querying App Store Connect API endpoints that return arrays, like https://api.appstoreconnect.apple.com/v1/apps, the response includes a links property, of type PagedDocumentLinks. https://developer.apple.com/documentation/appstoreconnectapi/pageddocumentlinks links should include a next link only if there's more data to provide, and, indeed, this is how it works for the /v1/apps endpoint. But when querying inAppPurchasesV2, I find that starting very recently (this week?) the API always returns a next link, even if there's no more data to show. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=APo&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw' }, meta: { paging: { total: 223, nextCursor: 'ASw', limit: 50 } } } If I request the next link, it will generate me another response with empty data and with a new cursor. { data: [], links: { self: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=ASw&limit=50', first: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?limit=50', next: 'https://api.appstoreconnect.apple.com/v1/apps/1363309257/inAppPurchasesV2?cursor=AV4' }, meta: { paging: { total: 223, nextCursor: 'AV4', limit: 50 } } } Code I've written against this API (including my open-source library https://github.com/dfabulich/node-app-store-connect-api) assumes that if there's another links.next link, we should follow it; as a result, my code is looping infinitely, requesting empty data until eventually I have to give up. This issue doesn't affect other endpoints, like /v1/apps, just this inAppPurchasesV2 endpoint. Was this an intentional change? It seems to be a bug.

Hi, I can't generate new key in the App Store connect dashboard. I'm receiving this as error. { "errors" : [ { "id" : "59e466f3-70aa-4798-b183-8a4903a7c2cc", "status" : "403", "code" : "FORBIDDEN_ERROR.PLA_NOT_VALID", "title" : "Operation is forbidden because of PLA status.", "detail" : "" } ] } I'm the account owner and I accepted all the policy agreements in both apple developper dashboard and app connect dashboard. what's goin on?

We have been using this API call to set the In-App Provisioning capability for 2+ years and it just recently started returning errors. To set the In-App Provisioning capability we had been using the App Store Connect API directly: curl "https://api.appstoreconnect.apple.com/v1/bundleIdCapabilities" -X POST --header "Authorization: Bearer #{appleApiToken}" --header "Content-Type: application/json" -d '{"data": {"type": "bundleIdCapabilities", "attributes": {"capabilityType": " IN_APP_PASS_PROVISIONING"}, "relationships": {"bundleId": {"data": {"id": "#{appStoreBundleIdentifier}", "type": "bundleIds"}}}}}' The IN_APP_PASS_PROVISIONING capability type is shown, by getting the bundle ID capabilities, when In-App Provisioning is set on a bundle ID: curl "https://api.appstoreconnect.apple.com/v1/bundleIds/#{appStoreBundleIdentifier}/bundleIdCapabilities" --header "Authorization: Bearer #{appleApiToken}" After manually setting the In-App Provisioning capability via the Apple Developer portal you will see the new capabilityType: {     "type" : "bundleIdCapabilities",     "id" : "##########_IN_APP_PASS_PROVISIONING",     "attributes" : {       "settings" : null,       "capabilityType" : "IN_APP_PASS_PROVISIONING"     },     "relationships" : {       "bundleId" : {         "links" : {           "self" : "https://api.appstoreconnect.apple.com/v1/bundleIdCapabilities/##########_IN_APP_PASS_PROVISIONING/relationships/bundleId",           "related" : "https://api.appstoreconnect.apple.com/v1/bundleIdCapabilities/##########_IN_APP_PASS_PROVISIONING/bundleId"         }       }     },     "links" : {       "self" : "https://api.appstoreconnect.apple.com/v1/bundleIdCapabilities/##########_IN_APP_PASS_PROVISIONING"     }   } The problem now is Apple has recently (within the last week) removed support for setting the IN_APP_PASS_PROVISIONING capability type via the bundleIdCapabilities API endpoint. {   "errors" : [ {     "id" : "c6644913-d1c5-4eda-9faa-7766adf25c39",     "status" : "409",     "code" : "ENTITY_ERROR.ATTRIBUTE.TYPE",     "title" : "An attribute in the provided entity has the wrong type",     "detail" : "'IN_APP_PASS_PROVISIONING' is not a valid value for the attribute 'capabilityType'. Expected one of: 'ICLOUD', 'IN_APP_PURCHASE', 'GAME_CENTER', 'PUSH_NOTIFICATIONS', 'WALLET', 'INTER_APP_AUDIO', 'MAPS', 'ASSOCIATED_DOMAINS', 'PERSONAL_VPN', 'APP_GROUPS', 'HEALTHKIT', 'HOMEKIT', 'WIRELESS_ACCESSORY_CONFIGURATION', 'APPLE_PAY', 'DATA_PROTECTION', 'SIRIKIT', 'NETWORK_EXTENSIONS', 'MULTIPATH', 'HOT_SPOT', 'NFC_TAG_READING', 'CLASSKIT', 'AUTOFILL_CREDENTIAL_PROVIDER', 'ACCESS_WIFI_INFORMATION', 'NETWORK_CUSTOM_PROTOCOL', 'COREMEDIA_HLS_LOW_LATENCY', 'SYSTEM_EXTENSION_INSTALL', 'USER_MANAGEMENT', 'APPLE_ID_AUTH'",     "source" : {       "pointer" : "/data/attributes/capabilityType"     }   } ] } How do we set the In-App Provisioning (IN_APP_PASS_PROVISIONING) capability type via the Apple API on bundle IDs that have been approved by Wallet Entitlements?

Hello, I’m encountering a consistent HTTP 400 – Bad Request error when attempting to retrieve daily sales reports via the App Store Connect API. The request format follows the official documentation: https://developer.apple.com/documentation/appstoreconnectapi/get-v1-salesreports. Here is an example of the request I’m making: curl --location --globoff \ ' https://api.appstoreconnect.apple.com/v1/salesReports?filter[frequency]=DAILY&filter[vendorNumber]=<REDACTED VENDOR NUMBER>&filter[reportDate]=2025-08-11&filter[reportType]=SALES&filter[reportSubType]=SUMMARY' \ --header 'Authorization: Bearer <REDACTED_JWT>' This request worked without issues until August 6, 2025 (Obviously using the previous day date), but from August 7 onward it returns a 400 error. Could you please confirm: Whether there have been any changes to the required query parameters (e.g., filter[version]). If there are any known issues with the SALES / SUMMARY / DAILY endpoint. Aside from the images attached, our buffer error also shows: new Uint8Array([60, 33, 100, 111, 99, 116, 121, 112, 101, 32, 104, 116, 109, 108, 62, 60, 104, 116, 109, 108, 32, 108, 97, 110, 103, 61, 34, 101, 110, 34, 62, 60, 104, 101, 97, 100, 62, 60, 116, 105, 116, 108, 101, 62, 72, 84, 84, 80, 32, 83, 116, 97, 116, 117, 115, 32, 52, 48, 48, 32, 226, 128, 147, 32, 66, 97, 100, 32, 82, 101, 113, 117, 101, 115, 116, 60, 47, 116, 105, 116, 108, 101, 62, 60, 115, 116, 121, 108, 101, 32, 116, 121, 112, 101, 61, 34, 116, 101, 120, 116, 47, 99, 115, 115, 34, 62, 98, 111, 100, 121, 32, 123, 102, 111, 110, 116, 45, 102, 97, 109, 105, 108, 121, 58, 84, 97, 104, 111, 109, 97, 44, 65, 114, 105, 97, 108, 44, 115, 97, 110, 115, 45, 115, 101, 114, 105, 102, 59, 125, 32, 104, 49, 44, 32, 104, 50, 44, 32, 104, 51, 44, 32, 98, 32, 123, 99, 111, 108, 111, 114, 58, 119, 104, 105, 116, 101, 59, 98, 97, 99, 107, 103, 114, 111, 117, 110, 100, 45, 99, 111, 108, 111, 114, 58, 35, 53, 50, 53, 68, 55, 54, 59, 125, 32, 104, 49, 32, 123, 102, 111, 110, 116, 45, 115, 105, 122, 101, 58, 50, 50, 112, 120, 59, 125, 32, 104, 50, 32, 123, 102, 111, 110, 116, 45, 115, 105, 122, 101, 58, 49, 54, 112, 120, 59, 125, 32, 104, 51, 32, 123, 102, 111, 110, 116, 45, 115, 105, 122, 101, 58, 49, 52, 112, 120, 59, 125, 32, 112, 32, 123, 102, 111, 110, 116, 45, 115, 105, 122, 101, 58, 49, 50, 112, 120, 59, 125, 32, 97, 32, 123, 99, 111, 108, 111, 114, 58, 98, 108, 97, 99, 107, 59, 125, 32, 46, 108, 105, 110, 101, 32, 123, 104, 101, 105, 103, 104, 116, 58, 49, 112, 120, 59, 98, 97, 99, 107, 103, 114, 111, 117, 110, 100, 45, 99, 111, 108, 111, 114, 58, 35, 53, 50, 53, 68, 55, 54, 59, 98, 111, 114, 100, 101, 114, 58, 110, 111, 110, 101, 59, 125, 60, 47, 115, 116, 121, 108, 101, 62, 60, 47, 104, 101, 97, 100, 62, 60, 98, 111, 100, 121, 62, 60, 104, 49, 62, 72, 84, 84, 80, 32, 83, 116, 97, 116, 117, 115, 32, 52, 48, 48, 32, 226, 128, 147, 32, 66, 97, 100, 32, 82, 101, 113, 117, 101, 115, 116, 60, 47, 104, 49, 62, 60, 47, 98, 111, 100, 121, 62, 60, 47, 104, 116, 109, 108, 62]) Thank you for your assistance.

Hi, I am currently using the App Store Connect API to retrieve metrics for my app. Specifically, I am trying to match the following metrics displayed in the App Store Connect UI under the Metrics section: *Usage -Installations -Deletions -Active Devices *App Store -Impressions (Unique Devices) -Page Views (Unique Devices) To compute these metrics, I have exported the following CSV files: app_sessions_standard.csv app_store_discovery_and_engagement_standard.csv app_store_installation_and_deletion_standard.csv However, when I try to compute the metrics from the CSV files, the values do not match those shown in the App Store Connect dashboard. Could you please clarify why there is a discrepancy between the UI metrics and the data available through the API or CSV exports? Are there any known delays, filters, or calculation differences that could explain this? Thank you for your assistance. Best regards,

We run an analytics query every day; this worked fine for the past 6 years or so. Two days ago this query has stopped working. It always returns a non-descript 400 Bad Request. Here's the exact query: curl \ -H 'Accept: application/a-gzip' \ -H 'Authorization: Bearer <TOKEN>' \ 'https://api.appstoreconnect.apple.com/v1/salesReports?filter[frequency]=DAILY&filter[reportType]=SALES&filter[reportSubType]=SUMMARY&filter[version]=1_0&filter[vendorNumber]=<VENDOR>' And the response: <!doctype html><html lang="en"><head><title>HTTP Status 400 – Bad Request</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 400 – Bad Request</h1></body></html> I have confirmed that the <TOKEN> is correct (with an incorrect token I get a specific error message). Same with missing or incorrect filter parameters: the API returns an exact error message. I have also confirmed that our vendor number is correct (from AppstoreConnect › Payments and Financial Reports, top left corner), though specifying an invalid vendor number yields the same non-descript 400 Bad Request. With seemingly valid filter parameters, (no matter the report type or frequency or specifying a date) I always get the generic 400 Bad Request. Has something changed in the API?

We fetch the App Store Analytics – App Installs & Deletions (Daily) report via the Analytics Reports API and land each delivery into S3. The rows we ingest contain fields like Date, Event, Download Type, Counts, and Unique Devices. We’re trying to compute for example Installations and First-time downloads so our warehouse totals match the App Store Connect UI exactly, but our counts are consistently higher when we aggregate (with filter conditions being the same). Questions: (1) Official dedupe/versioning approach: What's the recommended approach to avoid double counting across API deliveries and to match the UI exactly? If later deliveries can revise past dates, what field(s) or process should we rely on to decide which records to keep for a given Date? (2) Completeness window: For daily data, is the recommended approach to publish rolling values that may change for a few days, or waiting until dates are considered “complete” before reporting? Any best-practice guidance would be helpful. Thanks!

Hello, I'm trying to upload an asset pack that has the same identifier as an asset pack that I've archived. I understand this isn't likely a common scenario, but I'd expect that uploading an archived Asset Pack to become un-archived. Reverting to the next newest version available for the Asset Pack. Further, this restriction is not clear that you won't be able to reuse the assetPackID on the archive asset pack alert Archive Asset Pack? Are you sure you want to archive "[NAME]" asset pack? All versions of this asset will no longer be accessible by your app. Errors: Failed to create a new background asset pack version for '[NAME]'. (-19243) operation not allowed (409) Cannot create version for an archived background asset. (ID: 2cc6499a-83fa-4bbb-bc1f-0bb67d2a873d) httpBody: { "errors" : [ { "id" : "2cc6499a-83fa-4bbb-bc1f-0bb67d2a873d", "status" : "409", "code" : "STATE_ERROR.ARCHIVED_BACKGROUND_ASSET", "title" : "operation not allowed", "detail" : "Cannot create version for an archived background asset." } ]

I need to get the app icon from the AppStore Connect API in order to display a list of my apps. However there seems to be no way. I See in the appstoreconnect.apple.com website that the icons are there and available, there is even a function where you can click on it and get the high res version: https://appstoreconnect.apple.com/apps/1504874998/distribution/ios/version/deliverable (this link is of course not available from the outside) I tried builds/{id}/icons which always returns nothing and found an iconAssetToken object in the builds array, but the link is weirdly formatted and leads to nothing. Hope someone can help, I'm fairly new to the API and the usage is quite odd for me so far. Best, Nils

We are currently pulling data via the API to look various metrics, including reviews and ratings. However, I noticed the ratings only come in with associated reviews - it doesn't appear there is public access to the API for pulling all historic ratings (without associated reviews). Is this correct? Does anyone know a workaround or way to access the ratings data via API or other method?

Hi All! Ever since the new PLA I have issues with adding my entitlements to my profiles. Previously when adding an entitlement I used the format [entitlementName] [AppId] [type] e.g. Apple Pay Pass Suppression [AppId] Development However ever since the new PLA I get an warning in my terminal that the template name is not supported by the App Store Connect API. Anyone that can help me out with the new format? I cant seem to find any helpful documentation online. Thanks! PS: the link in the screenshot points to this website: https://docs.fastlane.tools/actions/match/#managed-capabilities The naming strategy the use on the website doesnt work either: Apple Pay Pass Suppression Development

BASE_TERRITORY="USA" app_id = "*******" # your app id app_price_points_id = "eyJzIjoiNjc1MTMwOTAyNiIsInQiOiJVU0EiLCJwIjoiMTAwMTEifQ" # query and get manual_price_id = "manualPrice-0" update_app_price_url = "https://api.appstoreconnect.apple.com/v1/appPriceSchedules" update_app_price_payload = { "data": { "type": "appPriceSchedules", "relationships": { "app": { "data": {"type": "apps", "id": app_id} }, "baseTerritory": { "data": {"type": "territories", "id": BASE_TERRITORY} }, "manualPrices": { "data": [{"id": manual_price_id, "type": "appPrices"}] } } }, "included": [ { "type": "appPrices", "id": manual_price_id, "attributes": {"startDate": None}, "relationships": { "appPricePoint": { "data": {"type": "appPricePoints", "id": app_price_points_id} } } } ] } update_app_price_resp = requests.post(update_app_price_url, headers=headers, data=json.dumps(update_app_price_payload)) if update_app_price_resp.status_code == 201: update_app_price_id = update_app_price_resp.json()["data"]["id"] print(f"✅ Success : {update_app_price_id}") else: print(f"❌ Failed : {update_app_price_resp.status_code} {update_app_price_resp.text}") sys.exit(1) There was no problem a week ago, but now it reports an error ❌ Failed : 409 { "errors" : [ { "id" : "69a6e006-b99c-4d58-880c-0225c1eff581", "status" : "409", "code" : "ENTITY_ERROR.INCLUDED.INVALID_ID", "title" : "The provided entity id is invalid", "detail" : "The provided included entity id 'USA-1.0' has invalid format", "source" : { "pointer" : "/included/0/id" } } ] }

Hello Apple Support Team, We are currently experiencing a critical business issue caused by a sudden performance degradation in the App Store Connect API. This problem is blocking key parts of our production systems at wappier Optimizing game performance - website: https://wappier.com/ Since October 15, requests to the following endpoint have been taking extremely long to complete when fetching more than approximately 200 in-app purchase items. In many cases, these requests never complete even after several hours, making it impossible for us to retrieve all required data. Endpoint: https://api.appstoreconnect.apple.com/v1/apps/1252850847/inAppPurchasesV2 Parameters: { "include": "appStoreReviewScreenshot,inAppPurchaseLocalizations", "cursor": "Jd6I", "limit": "200" } We confirm that: This behavior started suddenly on October 15. No changes were made on our end. We found no corresponding updates or API change announcements in your release notes. Requests for fewer than 200 in-app products continue to perform normally. This issue is blocking our operations, as our systems depend on timely responses from this endpoint for in-app purchase data synchronization. We kindly ask your team to investigate this issue urgently and provide us guidance, and if possible, revert any recent change introduced around October 15 that could have impacted this endpoint’s performance. Thank you very much for your prompt attention and support. wappier Dev Team

I have iOS 26.2. App is updated with declared age range capability and entitlement and is calling AgeRangeService.shared.requestAgeRange without any error. No popup alert for Age range sharing appears when app calls for requestAgeRange and there no Sandbox Testing under developer. I have signed in Sandbox test user as well.

Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-26000 Attempting to submit a new build continually failing and I suspect this is due to some issues on Apple's servers (Status code: 502, Bad Gateway) Anyone else seeing this issue? Apple's status page doesn't show any open incidents. [logs] Creating authorization token for App Store Connect API [logs] Ready to upload new build to TestFlight (App: 6746477612)... [logs] Going to upload updated app to App Store Connect [logs] This might take a few minutes. Please don't interrupt the script. [logs] [altool] 2025-12-10 12:04:00.993 *** Error: Unable to upload archive. Failed to authenticate for session: ( [logs] [altool] "Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-26000 \"The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\nStatus Code: 502 (bad gateway)\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <style>\n body {\n font-family: \"Helvetica Neue\", \"HelveticaNeue\", Helvetica, Arial, sans-serif;\n font-size: 15px;\n font-weight: 200;\n line-height: 20px;\n color: #4c4c4c;\n text-align: center;\n }\n\n .section {\n margin-top: 50px;\n }\n </style>\n</head>\n<body>\n<div class=\"section\">\n <h1>&#63743;</h1>\n\n <h3>Bad Gateway</h3>\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\n</div>\n</body>\n</html>\n\n\" UserInfo={NSLocalizedRecoverySuggestion=The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\nStatus Code: 502 (bad gateway)\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <style>\n body {\n font-family: \"Helvetica Neue\", \"HelveticaNeue\", Helvetica, Arial, sans-serif;\n font-size: 15px;\n font-weight: 200;\n line-height: 20px;\n color: #4c4c4c;\n text-align: center;\n }\n\n .section {\n margin-top: 50px;\n }\n </style>\n</head>\n<body>\n<div class=\"section\">\n <h1>&#63743;</h1>\n\n <h3>Bad Gateway</h3>\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\n</div>\n</body>\n</html>\n\n, NSLocalizedDescription=The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\nStatus Code: 502 (bad gateway)\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <style>\n body {\n font-family: \"Helvetica Neue\", \"HelveticaNeue\", Helvetica, Arial, sans-serif;\n font-size: 15px;\n font-weight: 200;\n line-height: 20px;\n color: #4c4c4c;\n text-align: center;\n }\n\n .section {\n margin-top: 50px;\n }\n </style>\n</head>\n<body>\n<div class=\"section\">\n <h1>&#63743;</h1>\n\n <h3>Bad Gateway</h3>\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\n</div>\n</body>\n</html>\n\n, NSLocalizedFailureReason=App Store operation failed.}" [logs] [logs] [altool] ) (-1011) [logs] [logs] [altool] { [logs] [logs] [altool] NSLocalizedDescription = "Unable to upload archive."; [logs] [altool] NSLocalizedFailureReason = "Failed to authenticate for session: (\n \"Error Domain=ITunesConnectionAuthenticationErrorDomain Code=-26000 \\\"The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\\nStatus Code: 502 (bad gateway)\\n\\n\\n<!DOCTYPE html>\\n<html lang=\\\"en\\\">\\n<head>\\n <style>\\n body {\\n font-family: \\\"Helvetica Neue\\\", \\\"HelveticaNeue\\\", Helvetica, Arial, sans-serif;\\n font-size: 15px;\\n font-weight: 200;\\n line-height: 20px;\\n color: #4c4c4c;\\n text-align: center;\\n }\\n\\n .section {\\n margin-top: 50px;\\n }\\n </style>\\n</head>\\n<body>\\n<div class=\\\"section\\\">\\n <h1>&#63743;</h1>\\n\\n <h3>Bad Gateway</h3>\\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\\n</div>\\n</body>\\n</html>\\n\\n\\\" UserInfo={NSLocalizedRecoverySuggestion=The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\\nStatus Code: 502 (bad gateway)\\n\\n\\n<!DOCTYPE html>\\n<html lang=\\\"en\\\">\\n<head>\\n <style>\\n body {\\n font-family: \\\"Helvetica Neue\\\", \\\"HelveticaNeue\\\", Helvetica, Arial, sans-serif;\\n font-size: 15px;\\n font-weight: 200;\\n line-height: 20px;\\n color: #4c4c4c;\\n text-align: center;\\n }\\n\\n .section {\\n margin-top: 50px;\\n }\\n </style>\\n</head>\\n<body>\\n<div class=\\\"section\\\">\\n <h1>&#63743;</h1>\\n\\n <h3>Bad Gateway</h3>\\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\\n</div>\\n</body>\\n</html>\\n\\n, NSLocalizedDescription=The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.\\nStatus Code: 502 (bad gateway)\\n\\n\\n<!DOCTYPE html>\\n<html lang=\\\"en\\\">\\n<head>\\n <style>\\n body {\\n font-family: \\\"Helvetica Neue\\\", \\\"HelveticaNeue\\\", Helvetica, Arial, sans-serif;\\n font-size: 15px;\\n font-weight: 200;\\n line-height: 20px;\\n color: #4c4c4c;\\n text-align: center;\\n }\\n\\n .section {\\n margin-top: 50px;\\n }\\n </style>\\n</head>\\n<body>\\n<div class=\\\"section\\\">\\n <h1>&#63743;</h1>\\n\\n <h3>Bad Gateway</h3>\\n <p>Correlation Key: TGHKWJKO2LITS2DSDATRZZJAPE</p>\\n</div>\\n</body>\\n</html>\\n\\n, NSLocalizedFailureReason=App Store operation failed.}\"\n)"; [logs] [logs] [altool] } [logs] Application Loader output above ^ [logs] The server returned an invalid MIME type: text/html [logs] Error uploading '/var/folders/m1/8_w9962s3b79dqm00nnlm85m0000gn/T/97c174a3-8844-4f85-8fd5-78df1906d170.ipa'. [logs] Unable to upload archive. Failed to authenticate for session: ( [logs] The call to the altool completed with a non-zero exit status: 1. This indicates a failure. [logs] Could not download/upload from App Store Connect! [logs] [!] Error uploading ipa file:

Hey everyone, I'm managing CI/CD pipelines for around 45 iOS apps across different Apple Developer accounts. One recurring pain point is blocked pipelines due to unsigned agreements. Things like the Paid Applications Agreement and the Apple Developer Program License Agreement. I built an internal dashboard to flag these before they block a release, but I'm hitting a wall with detection accuracy. Since there's no dedicated endpoint for agreement status, I'm running three probes per account and checking for 403 FORBIDDEN.REQUIRED_AGREEMENTS_MISSING_OR_EXPIRED: GET /v1/agreements GET /v1/bundleIds?filter[identifier]={bundleId}&filter[platform]=IOS GET /v1/certificates?limit=1 Case 1 : Works perfectly. Account has "Apple Developer Program License Agreement has been updated and needs to be reviewed" : All three endpoint return 403 (In this case, the step 1 is enough) # Step 1 /v1/agreements → HTTP 403 ⛔ BLOCKED # Step 2 /v1/bundleIds → HTTP 403 ⛔ BLOCKED # Step 3 /v1/certificates → HTTP 403 ⛔ BLOCKED # [Step 1 body] { "errors": [ { "id": "TXF6QUVS6OY66YVUNINVLKXZFA", "status": "403", "code": "FORBIDDEN.REQUIRED_AGREEMENTS_MISSING_OR_EXPIRED", "title": "A required agreement is missing or has expired.", "detail": "This request requires an in-effect agreement that has not been signed or has expired.", "links": { "see": "/business" } } ] } # [Step 2 body] { "errors": [ { "id": "MTDI5P37UTYQOOVJSMXCWUK42U", "status": "403", "code": "FORBIDDEN.REQUIRED_AGREEMENTS_MISSING_OR_EXPIRED", "title": "A required agreement is missing or has expired.", "detail": "This request requires an in-effect agreement that has not been signed or has expired.", "links": { "see": "/business" } } ] } # [Step 3 body] { "errors": [ { "id": "GI6EN2CMBFJIJJZM547LSW66KY", "status": "403", "code": "FORBIDDEN.REQUIRED_AGREEMENTS_MISSING_OR_EXPIRED", "title": "A required agreement is missing or has expired.", "detail": "This request requires an in-effect agreement that has not been signed or has expired.", "links": { "see": "/business" } } ] } Case 2 : Not detected. Different account, same message in App Store Connect UI. But v1/agreements endpoint return 404 while other 2 steps return 200 # Step 1 /v1/agreements → HTTP 404 ➖ 404 # Step 2 /v1/bundleIds → HTTP 200 ✅ OK # Step 3 /v1/certificates → HTTP 200 ✅ OK # [Step 1 body] { "errors": [ { "id": "37459578-8167-449c-ad22-e0ffa392df2d", "status": "404", "code": "NOT_FOUND", "title": "The specified resource does not exist", "detail": "The path provided does not match a defined resource type." } ] } # [Step 2 body] { "data": [ { "type": "bundleIds", "id": "xxx", "attributes": { "identifier": "xxx" }, "links": { "self": "https://api.appstoreconnect.apple.com/v1/bundleIds/[xxx]" } } ], "links": { "self": "https://api.appstoreconnect.apple.com/v1/bundleIds?fields%5BbundleIds%5D=identifier&filter%5Bplatform%5D=IOS&filter%5Bidentifier%5D=[xxx]&limit=1" }, "meta": { "paging": { "total": 1, "limit": 1 } } } # [Step 3 body] { "data": [ { "type": "certificates", "id": "xxx", "attributes": { "serialNumber": "xxx", "expirationDate": "2026-07-03T04:47:09.000+00:00", "certificateType": "DISTRIBUTION" }, "links": { "self": "https://api.appstoreconnect.apple.com/v1/certificates/[xxx]" } } ], "links": { "self": "https://api.appstoreconnect.apple.com/v1/certificates?fields%5Bcertificates%5D=serialNumber%2CcertificateType%2CexpirationDate&limit=1", "next": "https://api.appstoreconnect.apple.com/v1/certificates?fields%5Bcertificates%5D=serialNumber%2CcertificateType%2CexpirationDate&cursor=[xxx]&limit=1" }, "meta": { "paging": { "total": 4, "limit": 1 } } } Same agreement type, same UI warning, completely different API behaviour. My best guess is Apple enforces the agreement deadline progressively. The 403 gate only kicks in once the deadline is crossed or the account reaches a certain state, while the UI warning shows much earlier. What I'm looking for, Is there a supported API endpoint that reflects pending agreement status regardless of enforcement state? Or is the 403 gate genuinely the only signal available and some pending agreements just won't show up until Apple enforces them? Happy to hear "there's no API for this" if that's the reality. Just want to make sure I'm not missing something before I accept that limitation. Thanks.