Privacy Terms

Who We Are At Walk In The Cloud, we are committed to maintaining the trust and confidence of all visitors to our web site. In particular, we want you to know that Walk In The Cloud is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.  In this Privacy Policy, we’ve provided detailed information on when and why we collect personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep it secure.  We take your privacy seriously and take measures to provide all visitors and users of Walk In The Cloud with a safe and secure environment. Cookies  Walk In The Cloud may set and access Walk In The Cloud cookies on your computer.  Cookies are used to provide our system with the basic information to provide the services you are requesting.  Cookies can be cleared at any time from your internet browser settings.  Google Analytics When someone v...

[開發] Apple App Store Connect API PHP串接筆記

這次要串接Apple App Store Connect API,前置步驟要產生Token卡很久。

很多文章都有提到,如何在Connect網頁生成Role以取得kid, iss 但卻很少人提到JWT Token的生成需要注意的地方,嘗試了很久才成功取得不會被說「401 NOT_AUTHORIZED Authentication credentials are missing or invalid.」 的Token啊~~(淚)

依照官方文件,使用 php套件 JWT.io (https://jwt.io/) 出的encode套件,安裝方式官網有提到。如果有用composer只要

composer require lcobucci/jwt

由於Apple是要用ES256所以 composer require firebase/php-jwt 不適用。

接著,在程式碼部分,官方文件是提到用內建builder的方式,但是內建builder有個參數kid沒有塞入,而且也有多塞入不用塞入的東西都會影響結果。(JWT其實就只是一個加密方式,把給的header與payload壓成用 . 分割的三段字串)

後來去看JWT.io提供的builder function下,自行塞入文件提到的六樣參數,外加用Connect提供的private.key(私鑰),壓出Token!

use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Key;
use Lcobucci\JWT\Signer\Ecdsa\Sha256;

$signer = new Sha256(); //因為是Sha256所以要額外選擇編碼方式
$time = time();
$token = new Builder(); // 建立一個基本的builder
$token->setHeader('typ','JWT');  //把header塞入,但不用塞入 alg欄位,stackoverflow有人提到加了alg會錯於是我就把它移除了~
$token->setHeader('kid','[key ID]'); //後台提供[key ID],把[key ID]整個換自己的   

$token->set('iss','[Issuer ID]'); //後台提供[Issuer ID],把[Issuer ID]整個換自己的
$token->set('exp',time()+600); //Token有效期限,最長20分鐘,目前設為10分鐘
$token->set('aud','appstoreconnect-v1'); //固定


$token = $token->getToken($signer, new Key('[Private Key String]')); //由Coonect提供的private key這邊是直接把字串塞入,也可以用file include方式

echo $token; //印出取得的token就可以用Postman測試了!

接著,看了Connect文件(https://developer.apple.com/documentation/appstoreconnectapi/download_sales_and_trends_reports),死活看不懂query到底怎麼丟參數,怎麼丟怎麼不吃~(怒)

後來才發現,竟然是要連filter[]字樣也要丟上去網址做GET query...網站上都沒有範例啊啊啊~

這邊貼一個範例,以上面的sales report API為例:

https://api.appstoreconnect.apple.com/v1/salesReports?filter[frequency]=DAILY&filter[reportSubType]=SUMMARY&filter[vendorNumber]=86225164&filter[reportDate]=2019-10-01&filter[reportType]=SUBSCRIPTION&filter[version]=1_2

別忘了API header要加上 Authorization: Bearer [Token] 才能驗證過喔!

留言