An App Store Connect API key is the credential Apple issues for non-interactive access to the App Store Connect API. It is the modern replacement for sharing an Apple ID password with build servers or third-party tools. The key comes in three parts that you need together: a Key ID (e.g. `ABC123DEFG`), an Issuer ID (a UUID), and a .p8 private key file that Apple lets you download exactly once.
Where you create one
- 1
App Store Connect > Users and Access > Integrations
Sign in as an Account Holder or Admin. Open the Integrations tab and pick App Store Connect API.
- 2
Generate a key with the right access
Team keys (visible to the whole team) and individual keys (scoped to one user) are separate flows. Pick an access level: Admin for full read-write, Developer for limited scopes, App Manager or Finance for narrower roles.
- 3
Download the .p8 immediately
Apple only shows the download once. Save it somewhere safe alongside the Key ID and Issuer ID, then hand all three to whatever tool needs API access.
How clients authenticate
The .p8 is an ECDSA private key. Clients build a JSON Web Token signed with that key, with the Key ID in the JWT header and the Issuer ID in the `iss` claim. The signed JWT has a 20-minute maximum lifetime and is sent as a Bearer token on every request to the App Store Connect API.
What it unlocks
- Reading and managing certificates, identifiers, profiles, and devices (the data HexSign needs to sync).
- Submitting and managing TestFlight builds.
- Creating App Store metadata, in-app purchases, and promo codes.
- Reading sales reports and finance data.