Manage service configurations

Account & Organizational Data Sharing

Configure Account & Organizational Data Sharing

  1. In Certificates, Identifiers & Profiles, click Services in the sidebar.
  2. Under Account & Organizational Data Sharing, click Configure.
  3. To add a new App ID, click the add button (+) on the top left, or edit an existing Account & Organizational Data Sharing configuration by holding the pointer over the configuration and clicking the Edit button when it appears.
  4. Under Organizational Data Sharing Scopes, select the applicable scopes for your apps and websites.
  5. Enter your return URLs.
  6. On the top right, click Continue.
  7. Review your configuration, then click Confirm.

You can also group your apps and websites by selecting their corresponding App IDs and Services IDs while configuring your primary app.

Enabling server-to-server notifications

Account & Organizational Data Sharing server-to-server notifications allow you to receive important updates about your users and their accounts. Notifications are sent for each app group when a user or organization revokes authorization. Each group of apps can have one URL, which must be absolute and include the scheme, host, and path. TLS 1.2 or higher is required to receive notifications.

To receive notifications:

  1. In Certificates, Identifiers & Profiles, click Services in the sidebar.
  2. Under Account & Organizational Data Sharing, click Configure.
  3. To create a new configuration, click the add button (+) on the top left, or edit an existing Account & Organizational Data Sharing configuration by holding the pointer over the configuration and clicking the Edit button when it appears.
  4. Under Server-to-Server Notification Endpoint, provide a server-to-server notification endpoint URL. You can provide one URL for each Account & Organizational Data Sharing grouping and key.
  5. On the top right, click Continue, then click Save.

Notes:

  • A server-to-server notification endpoint URL can only be registered on a primary App ID. The endpoint URL must be an absolute URL that includes the scheme, host, and path. Example: https://example.com/path/to/endpoint
  • TLS 1.2 is required in order to receive notifications at the specified endpoint.

Group apps for Account & Organizational Data Sharing

Users will need to give consent for their information to be shared with you. To ensure this is only done once for each of your related apps or websites, we recommend grouping related identifiers together.

Grouping apps

  1. In Certificates, Identifiers & Profiles, click Services in the sidebar.
  2. Under Account & Organizational Data Sharing, click Configure.
  3. To create a new configuration, click the add button (+) on the top left, or edit an existing Account & Organizational Data Sharing configuration by holding the pointer over the configuration and clicking the Edit button when it appears.
  4. If this is a new configuration, under the Organizational Data Sharing Scopes, select the applicable scopes for your apps and websites.
  5. Enter your return URLs.
  6. Select your secondary App IDs.
  7. On the top right, click Continue, then click Save.

Ungrouping apps

To ungroup an app from your primary App ID, you’ll need to update the configuration for your primary app.

  1. In Certificates, Identifiers & Profiles, click Services in the sidebar.
  2. Under Account & Organizational Data Sharing, click Configure.
  3. Hold the pointer over the existing configuration, then click the Edit button when it appears.
  4. Under Secondary App IDs deselect the secondary App IDs you’d like to ungroup.
  5. On the top right, click Continue, then click Save.

Note: Ungrouping apps will convert each grouped App ID to a primary App ID. Authentication will continue to function.

Grouping Services IDs

  1. In Certificates, Identifiers & Profiles, click Services in the sidebar.
  2. Under Account & Organizational Data Sharing, click Configure.
  3. To create a new configuration, click the add button (+) on the top left, or edit an existing Account & Organizational Data Sharing configuration by holding the pointer over the configuration and clicking the Edit button when it appears.
  4. Select a primary App ID.
  5. If this is a new configuration, under Organizational Data Sharing Scopes, select the applicable scopes for your apps and websites.
  6. Enter your return URLs.
  7. Select your Services ID.
  8. On the top right, click Continue, then click Save.

Ungrouping Services IDs

To ungroup Services IDs from your primary App ID, you’ll need to update the configuration for your primary App.

  1. In Certificates, Identifiers & Profiles, click Services in the sidebar.
  2. Under Account & Organizational Data Sharing, click Configure.
  3. Hold the pointer over the existing configuration, then click the Edit button.
  4. Under Services ID, deselect the Services ID you’d like to ungroup.
  5. On the top right, click Continue, then click Save.

Create an Account & Organizational Data Sharing private key

To communicate with the Account & Organizational Data Sharing service, you’ll use a private key to sign one or more developer tokens.

  1. Configure Account & Organizational Data Sharing on an iOS or macOS App ID and classify it as a primary App ID. Select applicable scopes for your App ID. You may also use the grouping feature to associate secondary apps and websites as part of your configuration.
  2. Create and download a private key with Account & Organizational Data Sharing enabled and associate it with a primary App ID. You can associate two keys with each primary App ID.
  3. Get the key identifier (kid) to create a JSON Web Token (JWT) that you’ll use to communicate with the capabilities you enabled. If you suspect a private key is compromised, first create a new private key associated with the primary App ID. After transitioning to the new key, revoke the old key.