The asc-api skill uses the App Store Connect REST API with a local API key. This guide walks through generating the key, storing it safely, and verifying the setup.
You need Account Holder or Admin role in App Store Connect to create API keys.
To check: open App Store Connect → click your name in the top-right → Permissions. Your role is listed next to each app or at the top for team-wide roles.
If you only have Developer or Marketing role, ask your Account Holder to either upgrade your role or generate the key for you.
-
Sign in to App Store Connect.
-
Go to Users and Access → Integrations → App Store Connect API.
-
Click the + button next to Team Keys.
-
Enter a name (e.g.
asc-release-kit-local) and select the Admin access level.Minimum required permissions: Admin is recommended for the full workflow (metadata + screenshots). If you only need read access for discovery, Developer is sufficient.
-
Click Generate.
-
The new key appears in the table. Note these two values — you will need them in Step 4:
- Key ID — shown in the Key ID column (e.g.
ABC1234567) - Issuer ID — shown at the top of the page above the keys table (e.g.
12345678-1234-1234-1234-123456789012)
- Key ID — shown in the Key ID column (e.g.
Click Download API Key next to your new key.
⚠️ You can only download the.p8file once. If you close this dialog without downloading, you must revoke the key and create a new one.
The downloaded file is named AuthKey_XXXXXXXXXX.p8 where XXXXXXXXXX is your Key ID.
Move it to a safe location outside any project directory. The recommended location:
mkdir -p ~/.ssh
mv ~/Downloads/AuthKey_XXXXXXXXXX.p8 ~/.ssh/AuthKey_XXXXXXXXXX.p8
chmod 600 ~/.ssh/AuthKey_XXXXXXXXXX.p8Create the credential file in your home directory:
touch ~/.asc_secrets
chmod 600 ~/.asc_secretsOpen it in a text editor and add the three values from Steps 2 and 3:
ASC_KEY_ID=ABC1234567
ASC_ISSUER_ID=12345678-1234-1234-1234-123456789012
ASC_KEY_PATH=/Users/YOUR_USERNAME/.ssh/AuthKey_ABC1234567.p8
Replace each value with your own. Use your macOS username in ASC_KEY_PATH (run whoami in Terminal if unsure).
pip install -r skills/asc-api/scripts/requirements.txtOr manually:
pip3 install requests pyjwt cryptographyThe spec is not included in this repository. Run the download script once from the repo root:
bash scripts/download_openapi.shRun the safe list-apps command to confirm credentials and network access work:
python3 skills/asc-api/scripts/asc_client.py list-appsExpected output:
1234567890 | My App | com.example.myapp
If you see an error, check the section below.
The file does not exist or is in the wrong location. Run ls ~/.asc_secrets to confirm it exists.
One or more of ASC_KEY_ID, ASC_ISSUER_ID, or ASC_KEY_PATH is missing or misspelled. Open ~/.asc_secrets in a text editor and check each line.
The path in ASC_KEY_PATH does not match where you saved the file. Run ls ~/.ssh/ to see the actual filename.
- The key may have been revoked. Check in App Store Connect → Integrations → App Store Connect API.
- The Issuer ID may be wrong. It is shown at the top of the API keys page, not in the key row itself.
- The system clock on your Mac may be out of sync. JWTs are time-sensitive; run
dateto check.
Your key does not have sufficient permissions for the requested operation. Admin access is required for metadata updates.
- Never paste
ASC_KEY_ID,ASC_ISSUER_ID,.p8contents, or JWTs into a chat with any AI tool, including Claude Code or Codex. - Never commit
~/.asc_secretsor any.p8file to a repository. Both are listed in this repo's.gitignoreas a reminder. - If a key is compromised, revoke it immediately in App Store Connect → Integrations → App Store Connect API, then generate a new one.