Authentication

Learn how to authenticate with the AppStore Copilot API and set up store credentials.

API Keys

All API requests require authentication using an API key. You can create and manage API keys in the dashboard under Settings → API Keys.

Creating an API Key

Go to Settings → API Keys in your dashboard
Click "Create New Key"
Give your key a descriptive name (e.g., "Production API", "CI/CD")
Copy the key immediately - it won't be shown again

Keep Your Key Secret

Your API key grants full access to your account. Never commit it to version control or share it publicly. Use environment variables instead.

Using Your API Key

Include your API key in the Authorization header:

curl https://api.appstorecopilot.com/v1/projects \
  -H "Authorization: Bearer asc_live_xxxxxxxxxx"

CLI Authentication

The CLI stores your API key securely in your system keychain:

Terminalbash

# Interactive login
asc auth login

# Login with key directly
asc auth login --key asc_live_xxxxxxxxxx

# Check authentication status
asc auth status

# Logout (removes stored key)
asc auth logout

For CI/CD environments, use the ASC_API_KEY environment variable:

.github/workflows/release.ymlyaml

# GitHub Actions example
env:
  ASC_API_KEY: ${{ secrets.ASC_API_KEY }}

Store Credentials

To sync with App Store Connect and Google Play Console, you need to set up store-specific credentials. These are stored encrypted and never in plain text.

App Store Connect

You'll need an App Store Connect API key with the following details:

Issuer ID - Found in Users and Access → Keys
Key ID - The unique identifier for your API key
Private Key - The .p8 file contents

Creating an App Store Connect API Key

In App Store Connect, go to Users and Access → Keys → App Store Connect API. Click the + button to create a new key with "Admin" or "App Manager" role.

Add your credentials via the API:

Terminalbash

curl -X POST https://api.appstorecopilot.com/v1/credentials/appstore \
  -H "Authorization: Bearer $ASC_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "issuerId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "keyId": "XXXXXXXXXX",
    "privateKey": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"
  }'

Google Play Console

You'll need a Google Cloud service account with Play Console access:

Enable the Google Play Android Developer API in Google Cloud Console
Create a service account (no GCP roles needed)
Click the account → Keys tab → Add Key → Create new key → select JSON and download it
In Google Play Console → Users and permissions, invite the service account email with Admin access

Activation Delay

It can take up to 36 hours for new service account credentials to become active with the Google Play Developer API.

Add your credentials via the API:

Terminalbash

curl -X POST https://api.appstorecopilot.com/v1/credentials/playstore \
  -H "Authorization: Bearer $ASC_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "serviceAccountJson": "{\"type\": \"service_account\", ...}"
  }'

Security Best Practices

Never commit API keys - Use environment variables and secrets management
Rotate keys regularly - Create new keys and revoke old ones periodically
Use separate keys - Create different keys for development, staging, and production
Monitor usage - Check API key usage in the dashboard to detect anomalies

Encrypted Storage

All store credentials are encrypted at rest using AES-256 encryption and are never stored in plain text. Your private keys are safe with us.