API error when pulling the Sales and Trends report: This request is forbidden for security reasons: The API key in use does not allow this request

Hey all,

This morning when trying to use my API connection to pull my app stats as I always do, I received the following error:

This request is forbidden for security reasons: The API key in use does not allow this request

My API keys had both Sales and App Manager access like it always did.

What I tried already:

  • Creating an API Key on the "Users and Access > Integrations" page with admin access. That's also returning the same error
  • I'm checking the release notes and the documentation but nothing seems to have changed

Anyone else with the same problem? I checked with a different developer account and I'm getting exactly the same problem.

Up vote post of romulogomes Down vote post of romulogomes
870 views
Posted by
romulogomes
Reply
Add a Comment

Replies

I also checked for any pending agreements but it looks ok.

Posted by
romulogomes
Up vote reply of romulogomes Down vote reply of romulogomes
Add a Comment

Same here. Did you find anything new?

Posted by
danielnascimento-kinship
Up vote reply of danielnascimento-kinship Down vote reply of danielnascimento-kinship
Add a Comment

I also have this error with Financial Role. It was working as expected until feb 21th 2023 at 8 pm gmt -3. After that, I receive

b'{\n "errors" : [ {\n "id" : "xxxxxxx",\n "status" : "403",\n "code" : "FORBIDDEN_ERROR",\n "title" : "This request is forbidden for security reasons",\n "detail" : "The API key in use does not allow this request"\n } ]\n}'

the response header is something like this

{'Server': 'daiquiri/3.0.0', 'Date': 'Thu, 22 Feb 2024 20:41:42 GMT', 'Content-Type': 'application/json', 'Content-Length': '259', 'Connection': 'keep-alive', 'requestId': 'xxxxx', 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains', 'X-Frame-Options': 'SAMEORIGIN', 'X-Request-ID': 'xxxxxx', 'X-Rate-Limit': 'user-hour-lim:3600;user-hour-rem:3599;', 'X-Apple-Jingle-Correlation-Key': 'xxxxxx', 'x-daiquiri-instance': 'daiquiri:xxxxxxx:daiquiri-amp-all-shared-ext-001-pv'}

After creating a new api key also with Finance Role, same code with the new key, the error is different

b'{\n\t"errors": [{\n\t\t"status": "401",\n\t\t"code": "NOT_AUTHORIZED",\n\t\t"title": "Authentication credentials are missing or invalid.",\n\t\t"detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"\n\t}]\n}'

the report being retrieved is present (I have already downloaded it by web). Any ideas?

Posted by
ileites
Up vote reply of ileites Down vote reply of ileites

  • Yes, we tried that and also adding a scope to the request as they mention on their latest docs but that didn't work either. We're monitoring their release notes and API docs to see if there's any news about it.

    romulogomes
Add a Comment

Same here.

Posted by
ttttcatttt
Up vote reply of ttttcatttt Down vote reply of ttttcatttt
Add a Comment

Hello, I will be surprised as if it is not linked to this "App Store Connect update" https://developer.apple.com/news/releases/?id=02222024a

A workaround would be to use the Reporter https://help.apple.com/itc/appsreporterguide/ for now

Posted by
mwm_ludo
Up vote reply of mwm_ludo Down vote reply of mwm_ludo
Add a Comment

Apparently it's back! Same for you guys?

Posted by
romulogomes
Up vote reply of romulogomes Down vote reply of romulogomes
Add a Comment

It's back, lets undo all the "fixes"!

Posted by
ileites
Up vote reply of ileites Down vote reply of ileites
Add a Comment

Looks like it's happening again :/

Posted by
romulogomes
Post not yet marked as solved Up vote reply of romulogomes Down vote reply of romulogomes
Add a Comment