--- title: Generating developer tokens framework: devicemanagement role: article role_heading: Article path: devicemanagement/generating-developer-tokens --- # Generating developer tokens Create a JSON Web Token to authorize your requests to the Apps and Books Metadata for Organizations API. ## Overview Overview The header of every Apps and Books Metadata for Organizations API request requires authorization in the form of a developer token. A developer token is a signed token that authenticates you as a trusted developer and member of the Apple Developer Program. Construct your developer token The Apps and Books Metadata for Organizations API supports the JSON Web Token (JWT) specification, so you can pass statements and metadata called claims. For more information, see the JWT specification and the available libraries for generating signed JWTs. Use your developer account to create a Services identifier and obtain a key ID and to locate your Team ID. Construct a developer token as a JSON object whose header contains: important: The Apps and Books Metadata for Organizations API supports only developer tokens signed with the ES256 algorithm. The Apps and Books Metadata for Organizations API rejects unsecured developer tokens or developer tokens signed with other algorithms. These rejections result in a 401 error code. In the claims payload of the token, include: A decoded developer token has the following format: { "alg": "ES256", "kid": "ABC123DEFG" } { "iss": "DEF123GHIJ", "iat": 1437179036, "exp": 1493298100 } After you create the token, sign it with your private key using the ES256 algorithm. note: ES256 is the JSON Web Algorithms (JWA) name for the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash. Authorize requests If you manage request authorization directly, in all requests, pass the Authorization: Bearer header set to the developer token. curl -v -H 'Authorization: Bearer [developer token]' "https://api.ent.apple.com/v1/test" For more information about requests, responses, and error handling, see Handling requests and responses. Limit request rate The Apps and Books Metadata for Organizations API limits the number of requests your app can make using a developer token within a specific period of time. If you exceed this limit, you temporarily receive 429 Too Many Requests error responses for requests that use the token. This error resolves itself shortly after the request rate reduces. ## See Also ### Getting started - [Common objects](devicemanagement/common-objects.md)