AppleBusinessRegistry.Token (apple_business_registry v0.3.0)

Copy Markdown View Source

Apple Business Registry token generation and exchange.

Apple's flow has two steps:

  1. Sign an ES256 JWT with your Business Registry private key (.p8), identifying the Business key via the kid header and your Team ID via the iss claim.
  2. Exchange that JWT for a short-lived access token at POST /v1/token/oauth2. That access token is what every subsequent API call must send as its Authorization: Bearer credential.

generate_jwt/1 does step 1; access_token/1 does both.

Summary

Types

jwt()

Functions

access_token(opts \\ [])

Sign a JWT and exchange it for an Apple Business Registry access token.

access_token_with_expiry(opts \\ [])

Like access_token/1 but also returns the unix-epoch expiry time, for cache use.

generate_jwt(opts \\ [])

Build and sign the Apple Business Registry auth JWT (ES256).

Types

jwt()

@type jwt() :: String.t()

Functions

access_token(opts \\ [])

@spec access_token(keyword()) :: {:ok, String.t()} | {:error, term()}

Sign a JWT and exchange it for an Apple Business Registry access token.

access_token_with_expiry(opts \\ [])

@spec access_token_with_expiry(keyword()) ::
  {:ok, String.t(), integer()} | {:error, term()}

Like access_token/1 but also returns the unix-epoch expiry time, for cache use.

generate_jwt(opts \\ [])

@spec generate_jwt(keyword()) :: {:ok, jwt()} | {:error, term()}

Build and sign the Apple Business Registry auth JWT (ES256).