Post

App Store Connect API Now Supports Reading and Managing Customer Reviews

App Store Connect API 2.0+ has been fully updated to support management of In-app purchases, Subscriptions, and Customer Reviews.

Posted Updated
Preview Image
By ZhgChgLi
5 min read
App Store Connect API Now Supports Reading and Managing Customer Reviews

ℹ️ℹ️ℹ️ The following content is translated by OpenAI.

Click here to view the original Chinese version. | 點此查看本文中文版

App Store Connect API Now Supports Reading and Managing Customer Reviews

The App Store Connect API 2.0+ has been fully updated to support management of In-app purchases, Subscriptions, and Customer Reviews.

News from 2022/07/19

[Upcoming transition from the XML feed to the App Store Connect API](https://developer.apple.com/news/?id=yqf4kgwb){:target="_blank"}

Upcoming transition from the XML feed to the App Store Connect API

This morning, I received the latest news from Apple Developers that the App Store Connect API has added support for managing In-app purchases, Subscriptions, and Customer Reviews. This allows developers to integrate Apple’s development process more flexibly and efficiently with CI/CD or business backends!

While I haven’t worked with In-app purchases or Subscriptions, I’m particularly excited about Customer Reviews. I previously published an article titled “AppStore APP’s Reviews Slack Bot” discussing ways to integrate app reviews into workflows.

Slack Review Bot — [ZReviewsBot](https://github.com/ZhgChgLi/ZReviewsBot){:target="_blank"}

Slack Review Bot — ZReviewsBot

Before the App Store Connect API supported this feature, there were only two ways to obtain iOS app reviews:

First, by subscribing to the Public RSS, which is limited in flexibility, provides minimal information, has a quantity cap, and occasionally suffers from data inconsistencies, making it quite unstable.

Second, by using Fastlane SpaceShip to encapsulate complex web operations and session management, scraping review data from the App Store Connect backend (essentially simulating a web scraper).

  • The advantage is that the data is complete and stable; we have been using this integration for a year without encountering any data issues.
  • The downside is that the session expires every month, requiring manual re-login. Additionally, Apple IDs now require 2FA verification, which also needs to be done manually to generate a valid session. Moreover, if the session is generated from a different IP than the one used, it will expire immediately (making it difficult to deploy the bot on a network service with a dynamic IP).

[important-note-about-session-duration](https://docs.fastlane.tools/best-practices/continuous-integration/#important-note-about-session-duration){:target="_blank"} by Fastlane

important-note-about-session-duration by Fastlane

  • Sessions expire unpredictably each month, requiring constant updates, which can become quite tedious over time. Additionally, this “know-how” is not easy to pass on to other colleagues.

However, since there were no other options, we had to manage with this until I received the news this morning…

⚠️ Note: The official plan is to discontinue the original XML (RSS) access method in November 2022.

2022/08/10 Update

I have developed a new tool called “ZReviewTender — A Free Open Source App Reviews Monitoring Bot” based on the new App Store Connect API.

Exploring the App Store Connect API 2.0+ Customer Reviews

Creating an App Store Connect API Key

First, log in to the App Store Connect backend, navigate to “Users and Access” -> “Keys” -> “App Store Connect API”:

Click the “+” button, enter a name and permissions; for testing purposes, select “App Manager” to grant maximum permissions.

Click the “Download API Key” button on the right to download and save your “AuthKey_XXX.p8” key.

⚠️ Note: This key can only be downloaded once, so please keep it safe. If lost, you will need to revoke the existing one and create a new one. ⚠️

⚠️ Do not expose the .p8 Key File⚠️

Accessing the App Store Connect API

1

curl -v -H 'Authorization: Bearer [signed token]' "https://api.appstoreconnect.apple.com/v1/apps"

Generating a Signed Token (JWT, JSON Web Token)

Refer to the official documentation.

  • JWT Header:
1

{kid:"YOUR_KEY_ID", typ:"JWT", alg:"ES256"}

YOUR_KEY_ID: Refer to the image above.

  • JWT Payload:
1
2
3
4
5
6

{
  iss: 'YOUR_ISSUE_ID',
  iat: TOKEN creation time (UNIX TIMESTAMP e.g., 1658326020),
  exp: TOKEN expiration time (UNIX TIMESTAMP e.g., 1658327220),
  aud: 'appstoreconnect-v1'
}

YOUR_ISSUE_ID: Refer to the image above.

exp TOKEN expiration time: This varies based on different access functions or settings; some can be permanent, while others expire in less than 20 minutes and require regeneration. For details, refer to the official explanation.

Use JWT.IO or the Ruby example below to generate JWT

jwt.rb:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

require 'jwt'
require 'time'

keyFile = File.read('./AuthKey_XXXX.p8') # YOUR .p8 private key file path
privateKey = OpenSSL::PKey::EC.new(keyFile)

payload = {
            iss: 'YOUR_ISSUE_ID',
            iat: Time.now.to_i,
            exp: Time.now.to_i + 60*20,
            aud: 'appstoreconnect-v1'
          }

token = JWT.encode payload, privateKey, 'ES256', header_fields={kid:"YOUR_KEY_ID", typ:"JWT"}
puts token

decoded_token = JWT.decode token, privateKey, true, { algorithm: 'ES256' }
puts decoded_token

You will ultimately get a JWT result similar to the following:

1

4oxjoi8j69rHQ58KqPtrFABBWHX2QH7iGFyjkc5q6AJZrKA3AcZcCFoFMTMHpM.pojTEWQufMTvfZUW1nKz66p3emsy2v5QseJX5UJmfRjpxfjgELUGJraEVtX7tVg6aicmJT96q0snP034MhfgoZAB46MGdtC6kv2Vj6VeL2geuXG87Ys6ADijhT7mfHUcbmLPJPNZNuMttcc.fuFAJZNijRHnCA2BRqq7RZEJBB7TLsm1n4WM1cW0yo67KZp-Bnwx9y45cmH82QPAgKcG-y1UhRUrxybi5b9iNN

Ready to try it out?

With the token, we can now access the App Store Connect API!

1

curl -H 'Authorization: Bearer JWT' "https://api.appstoreconnect.apple.com/v1/apps/APPID/customerReviews"
  • APPID can be obtained from the App Store Connect backend:

Or from the App Store page:

  • Success! 🚀 We can now retrieve app reviews using this method, with complete data that can be fully automated without manual maintenance (while JWT may expire, the Private Key does not, allowing us to generate JWT for each request using the Private Key).
  • For other filtering parameters and operations, please refer to the official documentation.

⚠️ You can only access review data for apps you have permission to manage⚠️

Complete Ruby Test Project

I created a Ruby file that implements the above process, which you can clone and fill in your details to test.

First time setup:

1

bundle install

To start using:

1

bundle exec ruby jwt.rb

Next Steps

Similarly, we can access and manage via the API (API Overview):

If you have any questions or feedback, feel free to contact me.

This article was first published on Medium ➡️ Click Here

Automatically converted and synchronized using ZMediumToMarkdown and Medium-to-jekyll-starter.

Improve this page on Github.

Buy me a beer

1,800 Total Views
Last Statistics Date: 2025-03-09 | 1,649 Views on Medium.
ZRealm Dev.
ios-app-development app-store-connect api app-review integration
This post is licensed under CC BY 4.0 by the author.