Credentials API

Securely store and manage your App Store Connect and Google Play Console credentials for automated metadata syncing.

Security Notice

Credentials are encrypted at rest and in transit. We never store your credentials in plain text. API keys and service account files are encrypted using AES-256.

Endpoints

Get a list of all stored credentials for your account. Sensitive values are redacted.

GET /api/v1/credentials

Authentication

Requires API key with Authorization: Bearer <api_key> header

URL Parameters

Name	Type	Required	Description
`store`	`string`	No	Filter by store type (default: `all`)

Response Example

{
  "success": true,
  "data": {
    "credentials": [
      {
        "id": "cred_abc123",
        "store": "appstore",
        "name": "Production App Store",
        "issuerId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "keyId": "XXXXXXXXXX",
        "status": "active",
        "lastUsed": "2024-01-20T14:30:00Z",
        "createdAt": "2024-01-15T10:00:00Z"
      },
      {
        "id": "cred_def456",
        "store": "playstore",
        "name": "Production Play Store",
        "serviceAccountEmail": "app@project.iam.gserviceaccount.com",
        "status": "active",
        "lastUsed": "2024-01-20T14:25:00Z",
        "createdAt": "2024-01-15T10:05:00Z"
      }
    ]
  }
}

Code Examples

curl -X GET https://api.appstorecopilot.com/v1/credentials \
  -H "Authorization: Bearer $ASC_API_KEY"

Add App Store Connect API credentials. Requires an API key from App Store Connect.

POST /api/v1/credentials/appstore

Authentication

Requires API key with Authorization: Bearer <api_key> header

Request Body

Name	Type	Required	Description
`name`	`string`	Yes	A friendly name for these credentials
`issuerId`	`string`	Yes	Your App Store Connect Issuer ID
`keyId`	`string`	Yes	Your App Store Connect API Key ID
`privateKey`	`string`	Yes	The private key (.p8 file contents)

Response Example

{
  "success": true,
  "data": {
    "credentialId": "cred_abc123",
    "store": "appstore",
    "name": "Production App Store",
    "status": "active"
  }
}

Code Examples

curl -X POST https://api.appstorecopilot.com/v1/credentials/appstore \
  -H "Authorization: Bearer $ASC_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production App Store",
    "issuerId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "keyId": "XXXXXXXXXX",
    "privateKey": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
  }'

Add Google Play Console credentials using a service account JSON file.

POST /api/v1/credentials/playstore

Authentication

Requires API key with Authorization: Bearer <api_key> header

Request Body

Name	Type	Required	Description
`name`	`string`	Yes	A friendly name for these credentials
`serviceAccountJson`	`string`	Yes	The service account JSON file contents

Response Example

{
  "success": true,
  "data": {
    "credentialId": "cred_def456",
    "store": "playstore",
    "name": "Production Play Store",
    "serviceAccountEmail": "app@project.iam.gserviceaccount.com",
    "status": "active"
  }
}

Code Examples

curl -X POST https://api.appstorecopilot.com/v1/credentials/playstore \
  -H "Authorization: Bearer $ASC_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Play Store",
    "serviceAccountJson": "{...}"
  }'

Permanently delete stored credentials. This action cannot be undone.

DELETE /api/v1/credentials/:credentialId

Authentication

Requires API key with Authorization: Bearer <api_key> header

URL Parameters

Name	Type	Required	Description
`credentialId`	`string`	Yes	The credential ID to delete

Response Example

{
  "success": true,
  "message": "Credentials deleted successfully"
}

Code Examples

curl -X DELETE https://api.appstorecopilot.com/v1/credentials/cred_abc123 \
  -H "Authorization: Bearer $ASC_API_KEY"