Apple’s App Store Connect is where we upload software to get it into one of the distribution channels so it shows up on the App Store. This might be to upload apps directly to an App Store for review and publishing or it might be Test Flight once we’ve managed to get an app to “Archive” in Xcode. Manually moving apps has always been a pain and the keys that people need access to a bit much. We can now create workflows in Xcode that hook directly into other distribution technologies, like a Jenkins. Those will require an API key.
Apple allows the Account Owner (and only the owner) of an enterprise developer account to request access to the API. It’s a fairly instant approval, usually. To do so, open the App Store Connect portal and click on Users and Access. From there, click on the Keys tab. Click on Request Access (if it’s greyed out the account likely isn’t an admin).
From the Keys screen, once the ability to use the API has been granted, click on Generate API Key.
At the list of keys (which will initially be empty), click the plus sign to create a key. At the Generate API Key dialog, enter a name for the key and then choose which group of users in the developer organization can have access to the key.
At the list of keys, the person who runs the given workflow can then download the key, in the form of a .p8 file.
The API is described at https://developer.apple.com/documentation/appstoreconnectapi. The jwt tokens created with the keys are standard AES256 which use the key ID from the list of keys. Tokens can be scoped to have access to build software, use git, move products once built, work with providers, hook into repos, report on tests, and run workflows created for Xcode Cloud. The API is much more expansive than last time I looked with page versions, different build handlers, pricing management options, versioning options, the ability to add new developer devices, localization options, etc. This supports in-house workflows where developers can request various actions, like a self-service portal, rather than having to have an admin approve or do everything. Further, it supports from what I can tell so far, a continuous build and devops workflow. More on tinkerations later.