HexSign talks to your Apple Developer account through Apple's own App Store Connect API. To connect an account you need three values: an Issuer ID, a Key ID, and a .p8 private key file. The whole setup takes about three minutes.

What HexSign needs

Issuer ID: A UUID that identifies your App Store Connect organization. Found at the top of the Users and Access → Integrations → App Store Connect API page.
Key ID: A short identifier (e.g. ABC1234DEF) for the specific API key. Visible in the keys table once you've created the key.
.p8 private key: The PEM-encoded private key Apple generates when you create the API key. Apple lets you download it once — store it somewhere safe before continuing.

Create the API key in App Store Connect

1
Open the integrations page
In App Store Connect, go to Users and Access, then the Integrations tab, and pick App Store Connect API.
2
Generate a team-scoped key
Click the + next to Team Keys, give the key a descriptive name (e.g. "HexSign — read/write"), and pick the Admin role. The Admin role is the one that lets HexSign create profiles, register devices, and manage certificates on your behalf.
3
Download the .p8 file
Apple will only let you download the .p8 once. Save it locally and don't commit it to git — HexSign will encrypt and store it in AWS Secrets Manager once you paste it in.
4
Note the Issuer ID and Key ID
Copy the Issuer ID from the top of the page and the Key ID from the keys table. You'll paste both into HexSign in the next step.

Add the key to HexSign

1
Open the Apple Accounts page
From the HexSign sidebar, click Apple Accounts, then "Connect account".
2
Paste the credentials
Paste the Issuer ID, Key ID, and the contents of the .p8 file (or upload the file). HexSign immediately performs a test request against the App Store Connect API to confirm the key works.
3
Trigger the first sync
If the test succeeds, HexSign queues the first sync. You'll be redirected to the dashboard and the sync status badge will show progress.

How HexSign stores the key

Your .p8 file lives in AWS Secrets Manager and is encrypted at rest with a dedicated KMS key. The key is only retrieved by the sync service when it needs to mint a JWT for an App Store Connect API call. It is never logged, never returned to the dashboard once saved, and never shared between organizations.

What HexSign needs

Issuer ID

A UUID that identifies your App Store Connect organization. Found at the top of the Users and Access → Integrations → App Store Connect API page.

Key ID

A short identifier (e.g. ABC1234DEF) for the specific API key. Visible in the keys table once you've created the key.

.p8 private key

The PEM-encoded private key Apple generates when you create the API key. Apple lets you download it once — store it somewhere safe before continuing.

Create the API key in App Store Connect

Open the integrations page

In App Store Connect, go to Users and Access, then the Integrations tab, and pick App Store Connect API.

Generate a team-scoped key

Click the + next to Team Keys, give the key a descriptive name (e.g. "HexSign — read/write"), and pick the Admin role. The Admin role is the one that lets HexSign create profiles, register devices, and manage certificates on your behalf.

Download the .p8 file

Apple will only let you download the .p8 once. Save it locally and don't commit it to git — HexSign will encrypt and store it in AWS Secrets Manager once you paste it in.

Note the Issuer ID and Key ID

Copy the Issuer ID from the top of the page and the Key ID from the keys table. You'll paste both into HexSign in the next step.

Add the key to HexSign

Open the Apple Accounts page

From the HexSign sidebar, click Apple Accounts, then "Connect account".

Paste the credentials

Paste the Issuer ID, Key ID, and the contents of the .p8 file (or upload the file). HexSign immediately performs a test request against the App Store Connect API to confirm the key works.

Trigger the first sync

If the test succeeds, HexSign queues the first sync. You'll be redirected to the dashboard and the sync status badge will show progress.

How HexSign stores the key

Connect an Apple Developer account with an App Store Connect API key

What HexSign needs

Create the API key in App Store Connect

Open the integrations page

Generate a team-scoped key

Download the .p8 file

Note the Issuer ID and Key ID

Add the key to HexSign

Open the Apple Accounts page

Paste the credentials

Trigger the first sync

How HexSign stores the key

Related articles

Your first sync and a tour of the dashboard

Create your HexSign account and start the trial

Fix a failed App Store Connect sync

Take control of your Apple Developer assets.

Connect an Apple Developer account with an App Store Connect API key

What HexSign needs

Create the API key in App Store Connect

Open the integrations page

Generate a team-scoped key

Download the .p8 file

Note the Issuer ID and Key ID

Add the key to HexSign

Open the Apple Accounts page

Paste the credentials

Trigger the first sync

How HexSign stores the key

Related articles

Your first sync and a tour of the dashboard

Create your HexSign account and start the trial

Fix a failed App Store Connect sync

Take control of your Apple Developer assets.