Generating JWT Tokens for App Store Connect API

Apple’s brand new App Store Connect API will be game changer for the automating all the things related to distribution of apps. App Store Connect API can now interact with almost all the part of Apple Developer portal including, certificates, profiles and devices. App Store connect API will also touch almost all section of iTunes Connect which is remaned as App Store Connect including manging users and builds. However, one of the tedious thing to do before getting response from server is generating JWT tokens. Without a token, you won’t be able to get the response from App Store Connect API. As we know that App Store Connect has very sensitive information the API has to be very secure also we want to make sure that we have to access only our Apps, not of others. Apple used JWT also known as JSON Web Token standard to make a secure connection between App Store Connect and your machine. In this short post, we will focus on how to generate JWT token to access information using App Store Connect API.

New App Store Connect

Apple has launched new GUI based features in the App Store Connect in order to make App Store Connect API more secure and reliabe. This will allow you to genearte the API and Private key fo the perticular Apple developer account. This new GUI isn’t available at the time of writing this post so one should definitely watch the WWDC session on What’s New in App Store Connect and Automating App Store Connect

Basically using App Store Connect API requires few steps steup

  • Genarate API Key from App Store Connect GUI
  • Download Private key in the p8 format
  • Genarate JWT token
  • Use Genarated Token within 20 minutes

Now we will explore each step in brief.

Generate API Key

In order to generate API key, we have to log in to App Store Connect web interface and click on API Key tab to create New API key. We can create API key for a specific purpose or admin API key which can access all the App Store Connect API.

Download Private Key

Once API key is generated we will get an ISSUER_ID and option to download API key or Private Key. There are a couple of things which are important to keep in mind whilst dealing with the private key.

  • The private key can be downloaded only once from App Store Connect. We have to make sure we have to keep it secure once downloaded.
  • The private key never expires and used to work as long as it’s valid even it’s compromised so if you think that your private key is compromised, revoke it from App Store Connect as soon as possible.

The private key usually in the .p8  format

Generate JWT Token

As mentioned earlier,  JWT is used to generate the token that has been used by App Store Connect API. The process of generating token requires following six details

  • Issuer ID: The ID found on the top of App Store Connect
  • Private Key ID: The ID associated with Private Key on App Store Connect
  • Expiration Time: 20 min maximum, the token cannot be valid more than 20 min so that we have to make sure that, we will create new token before it expires.
  • Audience: This is constant with API version  value usually “applestoreconnect-v1”
  • Algorithm: This is JWT algorithm required to generate token e.g ES256

Once we have all these details, we will be able to generate JWT token using your preferred scripting language. The JWT is almost available in all languages including Swift but it would be quicker to generate it using dynamic or interpreted languages like Ruby or Python. Here is a Ruby script that has been used in WWDC demo.

We can save this file as jtw.rb  somewhere. You need to have JWT ruby gem installed for this script to run properly. Just replace the value of ISSUER_ID  and KEY_ID  and you will be good to go. This script can be run using

This will return a long token that we can use to access an App Store Connect API, we also need to create another token if we want to continue using API after 20 minutes.

Use Token

Now that, we have seen how to generate a token to access an App Store Connect API, we can use it by passing authorization header. e.g to get a list of all user we can use

This will list all the uses of App Store Connect. Remember that we have to use this token with every request we make and we have to create new token after every 20 minutes.

Conclusion

Now that, we have seen the basic process of generating the token required to access App Store Connect API.  Above example is in the Ruby language but this can be achived by using other programming language as well. Using this technique, we can automate the process of generating tokens to save time as we need to regenerate token after every 20 minute. I will post hands on demo once this App Store Connect API become available for public. Let me know if you think the better way of automating token generation process for App Store Connect. Waive in the coment below