Blog Logo

12 Jan 2024 ~ 2 min read

Create App Store Sever API Key Using Python

Intro

App Store Connect requires you to create API Key by signing a JWT API Token with mixed credentials and identities. This tutorial will guide you through the process of creating one.

Make sure you have all the required data

  • keyId: Key ID will be displayed when you generate new private key in Users And Access / Keys section.
  • issuerID: ID associated with you in the Users And Access / Keys section.
  • bundleId: Your app bundle ID
  • privateKey: The private key file you download from App Store Connect.

Code Sample

You would use a JWT library available for Python such as PyJWT or python-jose. Below is the example using python-jose:

First, make sure to install the python-jose library:

pip install python-jose[cryptography]
from jose import jwt, jwk
from jose.utils import base64url_encode
import time
from cryptography.hazmat.primitives import serialization


async def generate_jwt(header, payload, private_key):
    key = serialization.load_pem_private_key(
        private_key.encode('utf-8'),
        password=None,
    )
    jwk_key = jwk.construct(key, algorithm='ES256')

    token = jwt.encode(
        claims=payload,
        key=jwk_key,
        algorithm='ES256',
        headers={
            'kid': header['kid'],
            'typ': header['typ']
        }
    )

    return token


async def gen_token(kid, iss, bundle_id, private_key):
    header = {
        'alg': 'ES256',
        'kid': kid,
        'typ': 'JWT'
    }

    payload = {
        'iss': iss,
        'iat': int(time.time()),
        'exp': int(time.time()) + 30 * 60,  # 30 minutes
        'aud': 'appstoreconnect-v1',
        'bid': bundle_id
    }

    token = await generate_jwt(header, payload, private_key)

    return token


# replace keyId, issuerID, bundleId, privateKey with your actual values
# keyId = '...'
# issuerID = '...'
# bundleId = '...'
# privateKey = '---BEGIN PRIVATE KEY--- ... ---END PRIVATE KEY---'

# example usage:
# import asyncio
# tkn = asyncio.run(gen_token(keyId, issuerID, bundleId, privateKey))

Ensure that private_key is the correct PEM-formatted private key as a string in Python, similar to how it’s represented in JavaScript.

Since I’ve added asyncio.run in the usage example, it means you need Python 3.7 or higher. If you’re running an older version of Python, you might need to adjust the code for the correct event loop handling. If you do not need asynchronous execution, simply call gen_token without asyncio.run.

Alternative tool

Or if you just want to play around with the API, use our complete free Chrome Extension to generate key “locally” with complete privacy.

Extension Screenshot

Headshot of John

Hi, I'm John. Editor at ToolboxForWeb. Trying to make the internet a useful and friendly place for every person.