Apple has started to roll out the New App Store Connect API with documentation for the developers. With App Store Connect API, the developer can automate entire workflows without relying on any third party tools. App Store Connect API is standard RESTful API based on JWT (JSON Web Tokens) for authentication and can be accessed from all platforms. Apple is writing an official documentation for the App Store Connect API and Web Service here. Before that, there two great WWDC sessions on App Store Connect API that one should definitely watch on What’s New in App Store Connect and Automating App Store Connect
App Store Connect API
In our previous article, we have covered the basics of the App Store Connect API, you can re-visit this article to get better insight into the App Store Connect API. With App Store Connect API, we can automate almost everything related to App Store including
- Managing certificates, provisioning profiles, managing device ID and bundle ID
- Managing users, roles and App access of App Store Connect
- Managing TestFlight and Beta Testers and Public Links
- Downloading financial reports and Sales reports
The App Store Connect API has base URL api.appstoreconnect.apple.com and from that base, we can make requests to various endpoints. The API also has version numbers so that if Apple changes the versions of API then we can still use old endpoints without breaking our code.
Preparing for App Store Connect API
Before started to use App Store Connect API, we have to do some background setup. The steps include
- Create API Key from the App Store Connect Web Portal
- Create JWT JSON Token for Accessing API
Apple has official documentation for all these steps, you can read more about the creating API key for the App Store Connect API here but App Store Connect web interface to create API key isn’t available at the time of writing this post. There is a big chunk of information on the creating JWT tokens is here. However, we have created a tool to generate on-demand JWT token.
Generate JWT Token
The process of generating, JWT token requires following six details
- Issuer ID: The ID found on the top of App Store Connect
- Private Key ID: The ID associated with Private Key on App Store Connect
- Expiration Time: 20 min maximum, the token cannot be valid more than 20 min so that we have to make sure that, we will create new token before it expires.
- Audience: This is constant with API version value usually “applestoreconnect-v1”
- Algorithm: This is JWT algorithm required to generate token e.g ES256
Once we have all these details, we will be able to generate JWT token using your preferred scripting language. The JWT is almost available in all languages including Swift but it would be quicker to generate it using dynamic or interpreted languages like Ruby or Python. In WWDC demo, Apple has used Ruby script to generate JWT token. Don’t worry, XCTEQ has already written a tool to simply that process.
Enter XCToken for On-demand Token
Without a JWT token, you won’t be able to get the response from App Store Connect API. Also JWT token needs to be created after regular interval. As we know that App Store Connect has very sensitive information the API has to be very secure also we want to make sure that we have to access only our Apps, not of others. Apple used JWT also known as JSON Web Token standard to make a secure connection between App Store Connect and your machine and there is some official documentation on how to create a JWT token here but at XCTEQ we have created a tool to create an on-demand token for App Store API well in advance. Check out the XCTEQ-XCToken Project.
With the XCToken project, you can simply install the Rubygem and create tokens with the simple command
$ xctoken generate
Assuming that you have created environmental variables for the ISSUER_ID and KEY_ID as mentioned in this WWDC session or in Apple’s official documentation here. Read the documentation before you try the XCToken on the Github.
Now that, we have seen how to generate a token to access an App Store Connect API, we can use it by passing authorization header. e.g to get a list of all user we can use
$ curl https://api.appstoreconnect.apple.com/v1/users --Header "Authorization: Bearer lOOOOOOOOOOOONG_GENERATED_TOKEN"
This will list all the uses of App Store Connect. Remember that we have to use this token with every request we make and we have to create new token after every 20 minutes.
How To Use AppStore Connect API
Apple has started documenting this API with respect to various endpoints. At the time of the writing this post, Apple has documentation for the TestFlight, Users, Sales etc. You can find the details of the API here.
If we want to get a list of all the users we can make GET request to users endpoint like this
This will return all the users in the App Store connect but we can drill down information of the particular user using the user ID. To get the information about the one user we can pass the ID to the request
Creating a user on App Store Connect required the user to be invited by email. The user then accepts the invitation and join the Apple developer team. We can invite the user using App Store Connect API like this
$ > POST /v1/userInvitations
Note that we have the type of userInvitations in the request so that we will get the new users created on App Store Connect of all goes well. Similarly, we can change, delete users using the same API.
What To Expect
Now that, App Store API is rolling out, what you can expect a result? Yes there few things that you expect that will happen promptly
- As App Store Connect API is REST API, there will lot of third-party tools will be started to appear in the market. Don’t trust them too much, just go with the flow of what Apple has recommended to you.
- The third-party tools like Fastlane or Nomad-CLI or similar will try and chase with App Store Connect API. They may chase it and get the things working but this is a good opportunity to ditch all the third-party tools an write your own workflows that suits your development needs.
- The real power of developers comes in the picture when they get API end-points. Now Apple has officially provided you with the App Store Connect API and it’s up to the developers how they want to use it for their own workflows.
App Store Connect API has opened the possibility of automating entire App Store Connect. This will allow developers to write tools on top of App Store Connect API and use them efficiently. No wonder, there will be various new tools start to appear on GitHub to automate releases and CI/CD pipelines. Don’t waste your time, try App Store Connect API as soon as possible and stay ahead in the competition.