Skip to content
ASO.dev ASO.dev

App Store Connect API Key Guide: Create, Manage & Revoking

The API key in App Store Connect is essential for secure app management and ASO optimization, allowing automated access to your app’s metadata, analytics, and more.

ASO.dev Security Manifest

There are two types of API keys available in App Store Connect:

Team API Keys:

  • Designed for team members who need access to multiple apps within an organization.
  • These keys allow broader permissions based on the assigned roles in App Store Connect.
  • Ideal for managing apps at a team level, including metadata updates, analytics, and financial reports.
API key: Access Level

Individual API Keys:

  • Intended for use with restricted access to specific apps.
  • Permissions can be customized to grant access only to certain features, such as metadata editing, app management, or financial data.
  • Useful for scenarios where access control needs to be more granular, ensuring users only interact with designated sections of App Store Connect.
  • Permissions match the privilege level of the account to which the key is linked.
API key: User roles

Here’s a quick guide to maximizing its benefits:

  • Expiration: API keys are permanent and do not expire.
  • Change API key: Once created, keys cannot be modified to add access to more services.
  • Revocation: API keys can be revoked at any time in App Store Connect, but once revoked, they cannot be reactivated.
  • Limitations: A maximum of 50 active keys is allowed per account.

Team API Keys

Team API Keys are designed for organizations and teams that manage multiple apps within App Store Connect.
These keys provide broader access and are typically used for collaborative workflows where multiple team members need to interact with various App Store features.

Key Features:

  • Organization-Wide Access: Enables team members to manage multiple apps within a single developer account.
  • Role-Based Permissions: Access levels are controlled based on assigned roles in App Store Connect (e.g., Admin, Developer, Finance, Marketing).
  • Comprehensive Functionality: Supports tasks such as app metadata updates, analytics retrieval, pricing adjustments, and financial reporting.
  • Used for Automation: Commonly integrated with CI/CD pipelines, ASO tools, and third-party services to streamline app management.

Best Use Cases:

  • Large teams where multiple members need API access to manage apps collectively.
  • Development agencies managing multiple client apps under a single App Store Connect account.
  • Enterprises needing automated processes for metadata updates, pricing, or analytics collection.
  • For indie-developers managing multiple apps under a single account.

Release a new API key on App Store Connect

On App Store Connect, create a new App Store Connect API key under Users and Access → Integrations → App Store Connect API:

Users and Access

Release the API key

We recommend creating a unique key for each application group.

The newly created key needs to have at least the access level App Manager:

Access Levels

API Key Access Levels

Core information about Team API key

Download the generated key. You will receive a .p8 key file.

API Key Data

Also take note of the Issuer ID (shown above the “Active” table).

The Issuer ID is a unique identifier provided by Apple for each App Store Connect account.
It is used to authenticate requests made through the API key and links the key back to the specific Apple Developer account.
This ID, along with the Key ID and private key file (.p8 file), is required to securely access and manage app data on App Store Connect.

When setting up API-based integrations (like in ASO.dev), you’ll need to input the Issuer ID, Key ID, and private key for the API key to authorize actions, such as editing metadata or viewing reviews.

API keys Advantage

Revoke an API key on App Store Connect

On App Store Connect, revoke an App Store Connect API key under Users and Access → Integrations → App Store Connect API:

Revoke API key

Revoking the key immediately disables access, ensuring enhanced security if a key is compromised or no longer needed.

Revoked API keys are permanently deleted and cannot be reactivated.

To restore access, you must create a new API key.

API key: Access Level

Individual API Keys

Individual API Keys are designed for personal use, providing restricted access to specific apps and features within App Store Connect.
These keys offer a more granular approach to permissions, allowing developers or team members to work with designated sections of an app without exposing the entire account.

Permissions match the privilege level of the account to which the key is linked.

Key Features:

  • App-Specific Access: Grants permissions only for selected apps rather than all apps in the account.
  • Granular Permissions: Can be configured to allow access to specific features, such as metadata editing, pricing updates, or app analytics, while restricting others (e.g., financial data).
  • Enhanced Security: Helps minimize unnecessary exposure of sensitive data by limiting access to only required functionalities.
  • Ideal for Contractors or Specialized Roles: Enables temporary employees, freelancers, or external specialists (e.g., ASO managers) to perform specific tasks without broader administrative access.

Best Use Cases:

  • Independent developers managing specified apps with API automation.
  • Companies enforcing strict access control by limiting access to sensitive data like financial reports.
  • External contractors or ASO specialists who need access only to metadata editing without full app management privileges.