Create a private key to access a service

Private keys allow you to access and authenticate communication with some app services — such as Apple Push Notification service (APNs), DeviceCheck, MusicKit, and WeatherKit. You’ll use the private key in a JSON Web Token (JWT) in a request to that service.

Required role: Account Holder or Admin.

In Certificates, Identifiers & Profiles, click Keys in the sidebar, then click the add button (+) on the top left.
Under Key Name, enter a unique name for the key.
Select the checkbox next to the services you want to enable, then click Continue.
If the Media Services checkbox is disabled, you need to register a media identifier first.
- If you register more than one media identifier, click Configure next to the checkbox.
- On the next page, choose the media identifier you want to use from the pop-up menu, then click Continue.
To configure APNs keys:
- Click Configure next to “Apple Push Notification service.”
- On the next page, choose the environment configuration and type of key (Team Scoped or Topic Specific).
- For keys that are Topic Specific, select the list of topics that will be associated with the key.
- To create a related key for a key that’s Topic Specific, click Edit next to “Apple Push Notification service” on the View Key Details page.
- On the next page, click Create Related Key and choose the environment for the key.
Review the key configuration, then click Confirm.
Optionally, click Download to generate and download the key now.
If you download the key, it’s saved as a text file with a .p8 file extension in the Downloads folder.
Click Done.

WARNING: Save this file in a secure place because the key is not saved in your developer account and you won’t be able to download it again. If the Download button is disabled, you previously downloaded the key.