Connecting to an Apple service with API key
Connect to an Apple service with API key to manage iOS code signing and deployment. The API key authentication is the recommended way when connecting Bitrise to Apple Services.
Connecting to an Apple service (such as the App Store Connect or the Apple Developer Portal) with the API key requires generating an API key, adding the authentication data on Bitrise, and assigning the key to the app.
The API key authentication is the recommended way when connecting Bitrise to Apple Services. You can have 50 API keys added to the Apple Services connection page but your app can use only one.
No Step input modifications needed
With this method, all Step inputs related to authenticating with an Apple API key are automatically populated once the connection is set up. You don't have to manually modify those Step input fields at all.
Adding API key authentication data on Bitrise
There are two ways to add API key authentication data to Bitrise:
-
On your Account settings page.
-
On the Integrations page of the Project settings page.
Account settings page
Project settings page
-
On App Store Connect, generate a new API key with Admin access under Users and Access.
You will need the name of the key, the key ID and the issuer ID on Bitrise.
Admin access
You must use the Admin role for the new App Store Connect API key! The Step and your build will fail if you set a different role.
-
Log in to Bitrise, and select Bitrise CI from the left navigation menu.
-
In the upper right corner, click the profile image to open the dropdown menu.
-
Select the option.
-
On the left, select Apple Service connection.
-
Click .
-
Fill out all required fields:
-
Name: Your generated API key's name.
-
Issuer ID: To get your issuer ID, log in to App Store Connect and select Users and Access, then select the API Keys tab.The issuer ID appears near the top of the page. To copy the issuer ID, click Copy next to the ID.
-
Key ID: When you successfully generate a new API key, App Store Connect shows you the key ID.
-
-
Upload the
.p8file: either drag and drop it to the upload field, or click it and select the file from your computer. -
Click .
-
On App Store Connect, generate a new API key with Admin access under Users and Access.
You will need the name of the key, the key ID and the issuer ID on Bitrise.
Admin access
You must use the Admin role for the new App Store Connect API key! The Step and your build will fail if you set a different role.
-
Open your project on Bitrise with a user that has the Admin role on the project.
-
On the main page of the project, click on the Project settings button.
-
On the left, select Integrations.
-
Select the Stores tab.
-
Find the App Store Connect section.
-
Find the API key authentication (recommended) option.
-
Click .
-
Fill out all required fields:
-
Name: Your generated API key's name.
-
Issuer ID: To get your issuer ID, log in to App Store Connect and select Users and Access, then select the API Keys tab.The issuer ID appears near the top of the page. To copy the issuer ID, click Copy next to the ID.
-
Key ID: When you successfully generate a new API key, App Store Connect shows you the key ID.
-
-
Upload the
.p8file: either drag and drop it to the upload field, or click it and select the file from your computer. -
Click .
Once done, you can now assign this API key to any app that you have access to on this account. From then, the app will use that API connection to access App Store Connect.
Assigning API key authentication to your project
To use API key authentication for Apple services for your project, you must:
-
Add an API key on Bitrise: You can add multiple API keys to the same account.
-
Assign an API key to your project: Each project can only have one API key assigned to it.
To assign the API key to the project:
-
Open your project on Bitrise with a user that has the Admin role on the project.
-
On the main page of the project, click on the Project settings button.
-
On the left, select Integrations.
-
Select the Stores tab.
-
Find the App Store Connect section.
-
Find the API key authentication (recommended) option.
-
Click .
Multiple projects with the same API key
With the button, you can add a new App Store Connect API key to your Bitrise account. Other projects you have access to can use this API key, too.
-
If your API key is an Apple Enterprise API key, check This API key is used for the Apple Enterprise Program API.
The Step is now able to connect to the App Store Connect or the Apple Developer Portal during your build.
API key authentication for Apple Enterprise users
Apple accounts that are part of the Enterprise developer program can also use API key-based authentication.
If your Enterprise account still uses Apple ID authentication, we strongly recommend switching to API key authentication because:
-
It's more reliable and secure.
-
It doesn't have to be re-authorized every 30 days.
-
The Apple ID authentication method will be deprecated at some point.
To change your authentication method:
-
Assign API key authentication for your project(s) on Bitrise. Make sure to check the This API key is used for the Apple Enterprise Program API option for your API key during the process!
Keep the Apple ID connection
We strongly recommend not to remove your Apple ID connection. If there are any issues with the API key connection, you can safely roll back to Apple ID-based authentication.
-
Adjust all Step inputs that use Apple ID authentication to access Apple services. The following Steps are affected:
-
Xcode Archive & Export for iOS: version 5.3.0 and above. The
automatic_code_signinginput should be set toautoorapi-key. -
Xcode Build for Testing: version 3.1.0 and above. The
automatic_code_signinginput should be set toautoorapi-key. -
Manage iOS Code Signing: version 2.1.0 and above. The
apple_service_connectioninput should be set toautoorapi-key. -
Export iOS and tvOS Xcode archive: version 4.6.0 and above. The
automatic_code_signinginput should be set toautoorapi-key.
-
Multiple API keys for the same project
You can only set up one API connection for each project on the Bitrise website. That means the project can handle the code signing files of only one Apple developer team: API keys only give authorization to a single developer team.
If your Bitrise project needs to handle the code signing of multiple developer teams, you can pass additional API keys as Step inputs. Doing so overrides the Bitrise-managed API connection. The following inputs are available to all Steps that can access Apple services:
-
api_key_path: This can be a local file path or a download URL. You can use the Bitrise project’s file storage (Project settings/Files) to store and get a download URL for the API Keys. -
api_key_id: Private key ID. You can find the key ID for each API key on App Store Connect. -
api_key_issuer_id. The private key issuer ID. You can find the issuer ID for each API key on App Store Connect. -
api_key_enterprise_account: Use it to indicate whether the API key belongs to an account that is part of the Apple Enterprise developer program. Takes two values:yesandno.
Inputs on the GUI
On the graphical UI of the Bitrise Workflow Editor, you can find these inputs under the App Store Connect connection override input group on the Configuration tab of each Step that can access Apple services.