MISSING_AUTH REST response?

I haven't gotten any hits searching for this, so I decided to open a new thread. The Tech Note that was mentioned in an earlier 2024 thread doesn't mention this error. I've been trying different ways to get a token, and finally found this article that seems to be in the correct format. https://dev.to/hasone/generate-jwt-token-for-apple-store-connect-api-using-python-3j5h The Apple App Store Server Swift Library was supposed to have a createJWT() method, but it's gone now. curl -v -H 'Authorization: Bearer [token]' "https://weatherkit.apple.com/api/v1/availability/37.323/122.032?country=US"

  • Host weatherkit.apple.com:443 was resolved.
  • IPv6: (none)
  • IPv4: 23.66.3.87, 23.66.3.70, 23.66.3.74, 23.66.3.72, 23.66.3.81, 23.66.3.75, 23.66.3.91, 23.66.3.71, 23.66.3.73
  • Trying 23.66.3.87:443...
  • Connected to weatherkit.apple.com (23.66.3.87) port 443
  • ALPN: curl offers h2,http/1.1
  • (304) (OUT), TLS handshake, Client hello (1):
  • CAfile: /etc/ssl/cert.pem
  • CApath: none
  • (304) (IN), TLS handshake, Server hello (2):
  • (304) (IN), TLS handshake, Unknown (8):
  • (304) (IN), TLS handshake, Certificate (11):
  • (304) (IN), TLS handshake, CERT verify (15):
  • (304) (IN), TLS handshake, Finished (20):
  • (304) (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 / [blank] / UNDEF
  • ALPN: server accepted http/1.1
  • Server certificate:
  • subject: C=US; ST=California; O=Apple Inc.; CN=weather-data.apple.com
  • start date: Oct 9 21:14:44 2024 GMT
  • expire date: Jan 7 20:21:03 2025 GMT
  • subjectAltName: host "weatherkit.apple.com" matched cert's "weatherkit.apple.com"
  • issuer: C=US; O=Apple Inc.; CN=Apple Public Server ECC CA 1 - G1
  • SSL certificate verify ok.
  • using HTTP/1.x

GET /api/v1/availability/37.323/122.032?country=US HTTP/1.1 Host: weatherkit.apple.com User-Agent: curl/8.7.1 Accept: / Authorization: Bearer [token]

  • Request completely sent off

< HTTP/1.1 401 Unauthorized < Server: Apple < Content-Type: application/json < Content-Length: 26 < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=31536000; includeSubdomains < X-XSS-Protection: 1; mode=block < Access-Control-Allow-Origin: * < X-Content-Type-Options: nosniff < Content-Security-Policy: default-src 'self'; < X-REQUEST-ID: 320cab08-acba-0127-fe19-4893dacf059c < X-Apple-Origin: 3c6511d9-6be2-32cb-8412-efd1b1efa576 < Content-Disposition: inline;filename=f.txt < Date: Tue, 15 Oct 2024 10:40:01 GMT < X-Cache: TCP_MISS from a23-220-165-87.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-30d892fcde524eb1bee7eeb45111707d) (-) < Connection: keep-alive <

  • Connection #0 to host weatherkit.apple.com left intact

{"reason": "MISSING_AUTH"}

MISSING_AUTH REST response?
 
 
Q