Managing iOS code signing files
You can upload, update, list, and delete iOS code signing files with the Bitrise API: we have separate endpoints for certificates and provisioning profiles.
This guide describes how to manage your iOS code signing files with the Bitrise API. If you’d like to learn more about how to do the same on the UI, please check out iOS code signing
You can upload, update, list, and delete iOS code signing files with the API. In this guide we show you how and in what order to use those code signing endpoints.
|
Endpoints |
Function |
Required role on the app's team |
|---|---|---|
|
POST/apps/{app-slug}/provisioning-profiles |
Create a provisioning file |
Owner or Admin |
|
POST/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug}/uploaded |
Confirm the upload process |
Owner or Admin |
|
PATCH/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug} |
Update an uploaded provisioning file |
Owner or Admin |
|
GET/apps/{app-slug}/provisioning-profiles |
Get a list of the uploaded provisioning files |
Owner or Admin |
|
GET/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug} |
Retrieve data of a specific provisioning file |
Owner or Admin |
|
DELETE/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug} |
Delete an uploaded provisioning file |
Owner or Admin |
|
Endpoints |
Function |
Required role on the app's team |
|---|---|---|
|
POST/apps/{app-slug}/build-certificates |
Create a build certificate |
Owner or Admin |
|
POST/apps/{app-slug}/build-certificates/{build-certificate-slug}/uploaded |
Confirm the upload process |
Owner or Admin |
|
PATCH/apps/{app-slug}/build-certificates/{build-certificate-slug} |
Update an uploaded build certificate |
Owner or Admin |
|
GET/apps/{app-slug}/build-certificates |
Get a list of the uploaded build certificate |
Owner or Admin |
|
GET/apps/{app-slug}/build-certificates/{build-certificate-slug} |
Retrieve data of a specific build certificate |
Owner or Admin |
|
DELETE/apps/{app-slug}/build-certificates/{build-certificate-slug} |
Delete an uploaded build certificate |
Owner or Admin |
Creating and uploading an iOS code signing file
Required role
You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.
For a complete list of user roles and role cheatsheets, check User roles on app teams.
You can add a new iOS code signing file to a Bitrise app of your choice. You'll need to:
-
Call the POST method of the
provisioning-profilesorbuild-certificatesendpoint with theupload_file_nameandupload_file_sizeparameters.The
upload_file_nameparameter should specify the path to an existing provisioning profile. This call creates a temporary pre-signed upload URL. -
Upload the file to AWS using the
upload_urlparameter from the response. -
Confirm the file upload with a POST call of the
uploadedendpoint.This sets the
processedflag of the file totrue. This flag can't be changed again afterwards!
Creating the file:
curl -X POST -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles' -d '{"upload_file_name":"sample.provisionprofile","upload_file_size":2047}'
Response:
{
"data":{
"upload_file_name":"sample.provisionprofile",
"upload_file_size":2047,
"slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W",
"processed":false,
"is_expose":true,
"is_protected":false,
"upload_url":"https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/build_certificates/uploads/30067/original/certs.p12?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180216%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180216T124240Z&X-Amz-Expires=600&X-Amz-SignedHeaders=content-length%3Bhost&X-Amz-Signature=2bf42176650f00405abfd7b7757635c9be16b43e98013abb7f750d3c658be28e"
}
}
The file name, its size, slug, and a pre-signed upload URL are retrieved (along with some attributes that you can modify). This pre-signed upload URL is a temporary link which you will use to upload the iOS code signing file to its destination.
Uploading the file to AWS using the value of the upload_url parameter:
curl -T sample.provisionprofile 'https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/build_certificates/uploads/30067/original/certs.p12?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180216%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180216T124240Z&X-Amz-Expires=600&X-Amz-SignedHeaders=content-length%3Bhost&X-Amz-Signature=2bf42176650f00405abfd7b7757635c9be16b43e98013abb7f750d3c658be28e'
Confirming the upload:
curl -X POST -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/PROVISIONING-PROFILE-SLUG/uploaded'
Updating an uploaded iOS code signing file
You can perform minor updates to an uploaded iOS code signing file using the PATCH method. If you’ve uploaded your file to Bitrise, you can visually check any changes to it on the Code Signing
& Files tab.
Required role
You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.
For a complete list of user roles and role cheatsheets, check User roles on app teams.
For example, to make a provisioning profile protected, you can set the is_protected flag of your provisioning profiles to true.
curl -X PATCH -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/PROVISIONING-PROFILE-SLUG -d '{"is_protected":true}'
For a build certificate you can set the same attributes as above but you can modify the password too:
curl -X PATCH -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/build-certificates/BUILD-CERTIFICATE-SLUG -d '{"certificate_password":"s0m3-v3ry-s3cr3t-str1ng"}'
Be careful when setting attributes
You can set the is_protected, is_exposed and processed attributes of the files you've uploaded:
-
Once the
is_protectedflag is set totrue,it cannot be changed anymore. -
When the value of
is_protectedis true, then theis_exposeflag cannot be set to another value. -
Once the
processedflag is set to true, then its value cannot be changed anymore.
Getting a specific iOS code signing file's data
Required role
You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.
For a complete list of user roles and role cheatsheets, check User roles on app teams.
Retrieve a specific iOS code signing file’s data with the GET method of the provisioning-profiles and build-certificates endpoints. The returned data includes, among other things, the file's name, size, and download URL, as well as its current status.
The required parameters are:
-
app slug
-
file slug
Request:
curl -X GET -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/PROVISIONING-PROFILE-SLUG'
Response:
{
"data": {
"upload_file_name":"sample.provisionprofile",
"upload_file_size":2047,
"slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W",
"processed":false,
"is_expose":true,
"is_protected":false,
"download_url":"https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/prov_profile_documents/uploads/80144/original/sample.provisionprofile?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180322%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180322T091652Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host&X-Amz-Signature=6dd7bb3db72aafb2d434da7b1a8f80a82a3a7a0276e84620137ed64de5025ab2"
}
}
Availability of the download_url
Note that the download_url is generated only when the provisioning profile’s is_protected attribute is false.
Listing the iOS code signing files of an app
Required role
You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.
For a complete list of user roles and role cheatsheets, check User roles on app teams.
Wondering how many iOS code signing files belong to an app? Get a list of them using the GET method of the provisioning-profiles and build-certificates endpoints.
The required parameter is:
-
app slug
Optional parameters are:
-
next: slug of the first file in the response (as a string)
-
limit: max number of elements per page (as an integer) where the default is 50.
Request:
curl -X GET -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles'
Response:
{
"data": [
{
"upload_file_name":"sample.provisionprofile",
"upload_file_size":2047,
"slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W",
"processed":false,
"is_expose":true,
"is_protected":false
},
{
"upload_file_name":"sample2.provisionprofile",
"upload_file_size":2047,
"slug":"01C6FA6P6HRQT5PQ8RMMVVXE5T",
"processed":true,
"is_expose":true,
"is_protected":true
}
],
"paging": {
"page_item_limit": 50,
"total_item_count": 2
}
}
- Getting started with iOS apps
- Apple services connection
- Connecting to an Apple service with API key
- Connecting to an Apple service with Apple ID
- Connecting to an Apple Service with Step inputs
- Steps requiring Apple authentication
- Code signing
- iOS code signing
- Viewing Xcode test results in rich HTML format
- iOS deployment
- Deploying an iOS app for external testing
- Deploying an iOS app to App Store Connect