Skip to main content
To homepage To homepage

Hi,

My client wants to connect to the App Store Connect API (https://developer.apple.com/documentation/appstoreconnectapi) but we are having trouble with getting the authorization to work.

Calls to the API require JSON Web Tokens (JWT) for authorization, specifically using the “ES256” signature algorithm. 

We tried using the CData Rest connector but found in the documentation that “...the JWT signature algorithm cannot be set directly. Only the RS256 algorithm is supported”  https://cdn.cdata.com/help/DWH/ado/pg_oauth.htm#jwt

Has anyone experience connecting to the App Store Connect API?

Hi @pontus.berglund ,

CData only supports RS256 (the most common algorithm) for JWT and not ES256

  • as an aside: ES256 is an interesting choice from Apple, it is faster to generate but slower to verify than for instance EdDSA. There have also been some issues in the past with bad implementations (PS3)

With time, support for more encryption algorithms will be required to support APIs, I believe ES256 and PS256 are more popular for things requiring more security than RS256. I guess this should be requested from CData.

Hi @pontus.berglund 

I will ask CData about this, but they may have their reasons for not supporting it.

Here is the response from CData: “We have opened a channel with our development team in order to add support for ES256 algorithm in our drivers. Currently, we are supporting RS256 algorithm for JWT. As soon as I get any updates from the team I will let you know.”

Hi @Christian Hauggaard and @Thomas Lind,

Thanks for taking this up with CData! Looking forward to hear about any updates. 

Update from Cdata: “As per the recent updates, the team is working on it and it will take some time to add the support for the ES256 algorithm. Generally for the enhancement request, it takes 4 to 6 weeks of time to complete it.”

Reply


Terms and ConditionsCookie settings