Creating API Keys for App Store Connect API

Create API keys used to sign JWTs and authorize API requests.


The App Store Connect API requires a JSON Web Token (JWT) to authorize each request you make to the API. You generate JWTs using an API key downloaded from App Store Connect.

An API key has two parts: a public portion that Apple keeps, and a private key that you download. The private key enables you to sign tokens that authorize access to your data in App Store Connect and the Apple Developer website.

App Store Connect API keys are unique to the App Store Connect API and cannot be used for other Apple services.

Generate a Private Key and Assign It a Role

When you create an API key, assign it a role that determines the key's access to areas of the App Store Connect API and permissions for performing tasks. For example, keys with the Admin role have broad permissions and can do things like create new users and delete users. The roles that apply to keys are the same roles that apply to users on your team; for more information, see role permissions in App Store Connect Help. API keys can access all apps, regardless of their role.

To generate keys, you must have an Admin account in App Store Connect. You may generate multiple API keys with any roles you choose.

To generate an API key to use with the App Store Connect API, log in to App Store Connect.

  1. Select Users and Access, and then select the API Keys tab.

  2. Click Generate API Key or the Add (+) button.

  3. Enter a name for the key. The name is for your reference only and is not part of the key itself.

  4. Under Access, select the role for the key.

  5. Click Generate.

The new key's name, key ID, a download link, and other information appears on the page.

Download and Store the Private Key

Once you've generated your API key, you are given the opportunity to download the private half of the key. The private key is available for download a single time.

  1. Log in to App Store Connect.

  2. Select Users and Access, and then select the API Keys tab.

  3. Click "Download API Key" link next to the new API key.

The download link appears only if the private key has not yet been downloaded. Apple does not keep a copy of the private key.

Store your private key in a safe place.

If the key becomes lost or compromised, remember to revoke it immediately. See Revoking API Keys for more information.

See Also

First Steps

Generating Tokens for API Requests

Create JSON Web Tokens signed with your private key to authorize API requests.

Revoking API Keys

Revoke unused, lost, or compromised private keys.