Managing iOS code signing files
You can upload, update, list, and delete iOS code signing files with the Bitrise API: we have separate endpoints for certificates and provisioning profiles.
This guide describes how to manage your iOS code signing files with the Bitrise API. If you’d like to learn more about how to do the same on the UI, please check out iOS code signing
You can upload, update, list, and delete iOS code signing files with the API. In this guide we show you how and in what order to use those code signing endpoints.
|
Endpoints |
Function |
Required role on the app's team |
|---|---|---|
|
POST/apps/{app-slug}/provisioning-profiles |
Create a provisioning file |
Owner or Admin |
|
POST/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug}/uploaded |
Confirm the upload process |
Owner or Admin |
|
PATCH/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug} |
Update an uploaded provisioning file |
Owner or Admin |
|
GET/apps/{app-slug}/provisioning-profiles |
Get a list of the uploaded provisioning files |
Owner or Admin |
|
GET/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug} |
Retrieve data of a specific provisioning file |
Owner or Admin |
|
DELETE/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug} |
Delete an uploaded provisioning file |
Owner or Admin |
|
Endpoints |
Function |
Required role on the app's team |
|---|---|---|
|
POST/apps/{app-slug}/build-certificates |
Create a build certificate |
Owner or Admin |
|
POST/apps/{app-slug}/build-certificates/{build-certificate-slug}/uploaded |
Confirm the upload process |
Owner or Admin |
|
PATCH/apps/{app-slug}/build-certificates/{build-certificate-slug} |
Update an uploaded build certificate |
Owner or Admin |
|
GET/apps/{app-slug}/build-certificates |
Get a list of the uploaded build certificate |
Owner or Admin |
|
GET/apps/{app-slug}/build-certificates/{build-certificate-slug} |
Retrieve data of a specific build certificate |
Owner or Admin |
|
DELETE/apps/{app-slug}/build-certificates/{build-certificate-slug} |
Delete an uploaded build certificate |
Owner or Admin |
Uploading an iOS code signing file
Required role
You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.
For a complete list of user roles and role cheatsheets, check User roles on project teams.
You can upload an iOS code signing file (either a .p12 certificate or a provisioning profile) to a Bitrise app of your choice. This process does NOT create a new code signing file: it uploads an existing file (created and downloaded from the Apple Developer Portal) to an AWS URL. It is functionally the same as uploading your code signing files on the Bitrise website: iOS code signing with manual provisioning.
To upload an iOS code signing file file via the API:
-
Call the POST method of the
provisioning-profilesorbuild-certificatesendpoint to create a temporary pre-signed upload URL that expires in ten minutes.The call requires an existing code signing file (certificate or provisioning profile) and two parameters:
-
upload_file_name: The filepath to the existing code signing file. For example,/path/to/sample.p12. -
upload_file_size: The size of the file in bytes.
// Calling the endpoint to create the temporary upload URL curl -X POST -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles' -d '{"upload_file_name":"sample.provisionprofile","upload_file_size":2047}'// The successful response: you will need the "upload_url" and the "slug". { "data":{ "upload_file_name":"sample.provisionprofile", "upload_file_size":2047, "slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W", "processed":false, "is_expose":true, "is_protected":false, "upload_url":"https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/build_certificates/uploads/30067/original/certs.p12?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180216%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180216T124240Z&X-Amz-Expires=600&X-Amz-SignedHeaders=content-length%3Bhost&X-Amz-Signature=2bf42176650f00405abfd7b7757635c9be16b43e98013abb7f750d3c658be28e" } } -
-
The response to the first call contains an
upload_urlparameter. You need to use this and theupload_file_nameparameter to upload the file to AWS with acurlcall.curl -T sample.provisionprofile 'https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/build_certificates/uploads/30067/original/certs.p12?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180216%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180216T124240Z&X-Amz-Expires=600&X-Amz-SignedHeaders=content-length%3Bhost&X-Amz-Signature=2bf42176650f00405abfd7b7757635c9be16b43e98013abb7f750d3c658be28e'
-
Confirm the file upload with a POST call of the
uploadedendpoint: use theslugfrom the response to the first POST call.This sets the
processedflag of the file totrue. This flag can't be changed again afterwards!curl -X POST -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/FILE-SLUG/uploaded'
Updating an uploaded iOS code signing file
You can perform minor updates to an uploaded iOS code signing file using the PATCH method. If you’ve uploaded your file to Bitrise, you can visually check any changes to it on the Code Signing
& Files tab.
Required role
You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.
For a complete list of user roles and role cheatsheets, check User roles on project teams.
For example, to make a provisioning profile protected, you can set the is_protected flag of your provisioning profiles to true.
curl -X PATCH -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/PROVISIONING-PROFILE-SLUG -d '{"is_protected":true}'
For a build certificate you can set the same attributes as above but you can modify the password too:
curl -X PATCH -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/build-certificates/BUILD-CERTIFICATE-SLUG -d '{"certificate_password":"s0m3-v3ry-s3cr3t-str1ng"}'
Be careful when setting attributes
You can set the is_protected, is_exposed and processed attributes of the files you've uploaded:
-
Once the
is_protectedflag is set totrue,it cannot be changed anymore. -
When the value of
is_protectedis true, then theis_exposeflag cannot be set to another value. -
Once the
processedflag is set to true, then its value cannot be changed anymore.
Getting a specific iOS code signing file's data
Required role
You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.
For a complete list of user roles and role cheatsheets, check User roles on project teams.
Retrieve a specific iOS code signing file’s data with the GET method of the provisioning-profiles and build-certificates endpoints. The returned data includes, among other things, the file's name, size, and download URL, as well as its current status.
The required parameters are:
-
app slug
-
file slug
Request:
curl -X GET -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/PROVISIONING-PROFILE-SLUG'
Response:
{
"data": {
"upload_file_name":"sample.provisionprofile",
"upload_file_size":2047,
"slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W",
"processed":false,
"is_expose":true,
"is_protected":false,
"download_url":"https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/prov_profile_documents/uploads/80144/original/sample.provisionprofile?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180322%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180322T091652Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host&X-Amz-Signature=6dd7bb3db72aafb2d434da7b1a8f80a82a3a7a0276e84620137ed64de5025ab2"
}
}
Availability of the download_url
Note that the download_url is generated only when the provisioning profile’s is_protected attribute is false.
Listing the iOS code signing files of an app
Required role
You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.
For a complete list of user roles and role cheatsheets, check User roles on project teams.
Wondering how many iOS code signing files belong to an app? Get a list of them using the GET method of the provisioning-profiles and build-certificates endpoints.
The required parameter is:
-
app slug
Optional parameters are:
-
next: slug of the first file in the response (as a string)
-
limit: max number of elements per page (as an integer) where the default is 50.
Request:
curl -X GET -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles'
Response:
{
"data": [
{
"upload_file_name":"sample.provisionprofile",
"upload_file_size":2047,
"slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W",
"processed":false,
"is_expose":true,
"is_protected":false
},
{
"upload_file_name":"sample2.provisionprofile",
"upload_file_size":2047,
"slug":"01C6FA6P6HRQT5PQ8RMMVVXE5T",
"processed":true,
"is_expose":true,
"is_protected":true
}
],
"paging": {
"page_item_limit": 50,
"total_item_count": 2
}
}
- Getting started with iOS projects
- Apple services connection
- Connecting to an Apple service with API key
- Connecting to an Apple service with Apple ID
- Connecting to an Apple Service with Step inputs
- Steps requiring Apple authentication
- Code signing
- iOS code signing
- Viewing Xcode test results in rich HTML format
- iOS deployment
- Deploying an iOS app for external testing
- Deploying an iOS app to App Store Connect