apple_devicecheck_api_jwt_auth_query_two_bits.py

1import time
2import jwt
3import requests
4import uuid
5
6# Configuration - Replace these with your Apple Developer account details
7KEY_ID = "YOUR_KEY_ID"         # The 10-character Key ID from your developer account
8TEAM_ID = "YOUR_TEAM_ID"       # Your 10-character Team ID
9PRIVATE_KEY = """-----BEGIN PRIVATE KEY-----
10YOUR_PRIVATE_KEY_CONTENT_HERE
11-----END PRIVATE KEY-----"""
12
13# Device-specific data
14DEVICE_TOKEN = "DEVICE_TOKEN_FROM_APP"  # Received from the iOS app via generateToken(completionHandler:)
15APPLE_URL = "https://api.devicecheck.apple.com/v1/query_two_bits" # Use 'update_two_bits' to set state
16
17def generate_auth_token():
18    """Generates the ES256 JWT required for Apple DeviceCheck API."""
19    headers = {
20        "alg": "ES256",
21        "kid": KEY_ID
22    }
23    payload = {
24        "iss": TEAM_ID,
25        "iat": int(time.time())
26    }
27    return jwt.encode(payload, PRIVATE_KEY, algorithm="ES256", headers=headers)
28
29def query_device_state():
30    """Queries the two bits of state and last updated timestamp for a device."""
31    auth_token = generate_auth_token()
32    
33    request_body = {
34        "device_token": DEVICE_TOKEN,
35        "transaction_id": str(uuid.uuid4()),
36        "timestamp": int(time.time() * 1000)
37    }
38    
39    headers = {
40        "Authorization": f"Bearer {auth_token}"
41    }
42    
43    response = requests.post(APPLE_URL, json=request_body, headers=headers)
44    
45    if response.status_code == 200:
46        print("Success:", response.json())
47    else:
48        print(f"Error {response.status_code}: {response.text}")
49
50if __name__ == "__main__":
51    # Note: Requires 'pyjwt' and 'cryptography' libraries: pip install pyjwt cryptography requests
52    query_device_state()