App Store Connect API: Manage Customer Reviews and Subscriptions Efficiently
Developers seeking streamlined control over Customer Reviews and Subscriptions can leverage App Store Connect API 2.0+ to automate management and enhance app performance with precise in-app purchase handling.
点击这里查看本文章简体中文版本。
點擊這裡查看本文章正體中文版本。
This post was translated with AI assistance — let me know if anything sounds off!
App Store Connect API Now Supports Reading and Managing Customer Reviews
App Store Connect API 2.0+ Complete Update, Supporting In-app Purchases, Subscriptions, and Customer Reviews Management
2022/07/19 News
{:target="_blank"}](/assets/f1365e51902c/1*hHJ66r9BgJQsGnRYqbB_8g.webp)
Upcoming transition from the XML feed to the App Store Connect API
This morning, I received the latest news from Apple Developer. The App Store Connect API now supports managing In-app Purchases, Subscriptions, and Customer Reviews. This allows developers to integrate Apple’s development process more flexibly and efficiently with CI/CD or business backends!
In-app purchases and Subscriptions I haven’t touched, but Customer Reviews excite me greatly. I previously published an article titled “AppStore APP’s Reviews Slack Bot 那些事” exploring the integration of app reviews with workflow.
{:target="_blank"}](/assets/f1365e51902c/1*igukM7FTLxaX2hpVtFPMjQ.webp)
Slack Review Bot — ZReviewsBot
Before the App Store Connect API was supported, there were only two ways to get iOS App reviews:
1. Obtained through subscribing to Public RSS, but this RSS lacks flexible filtering, provides limited information, has quantity limits, and we occasionally encounter data inconsistencies, making it unstable.
2. Using Fastlane — SpaceShip to handle complex web operations and session management for us, fetching review data from the App Store Connect backend (essentially acting as a web emulator crawler to scrape data from the backend).
The advantage is complete and stable data; we have integrated it for a year without any data issues.
The downside is that the session expires every month and requires manual re-login. Also, Apple ID now universally requires 2FA verification, so this step must be done manually to generate a valid session. Additionally, if the IP used to create the session differs from the IP used later, the session will expire immediately (making it difficult to run the bot on networks with dynamic IPs).
{:target="_blank"} by Fastlane](/assets/f1365e51902c/0*iMQRza9LN3ljy2k1.webp)
important-note-about-session-duration by Fastlane
- It expires irregularly every month, so you need to update it from time to time, which becomes really annoying over time; moreover, this “Know How” is actually hard to hand over to other colleagues.
But since there was no other way, it had to be this way until I received news this morning….
⚠️ Note: The official XML (RSS) access method is planned to be discontinued in November 2022.
2022/08/10 Update
I have developed a new “ZReviewTender — Free Open Source App Reviews Monitoring Bot” based on the new App Store Connect API.
App Store Connect API 2.0+ Customer Reviews Trial Play
Create App Store Connect API Key
First, log in to the App Store Connect backend, go to “Users and Access” -> “Keys” -> “App Store Connect API”:
Click the “+” button, enter the name and permissions; for detailed permission rules, refer to the official website. To minimize testing issues, select “App Manager” here to grant the highest level of permissions.
Click “Download API Key” on the right to download and save your “AuthKey_XXX.p8” key.
⚠️ Note: This key can only be downloaded once, so please keep it safe. If lost, you can only revoke the existing one and create a new one. ⚠️
⚠️ Do Not Leak the .p8 Key File ⚠️
App Store Connect API Access Methods
1
curl -v -H 'Authorization: Bearer [signed token]' "https://api.appstoreconnect.apple.com/v1/apps"
Signed Token (JWT, JSON Web Token) Generation Method
Refer to the official documentation.
- JWT Header:
1
{kid:"YOUR_KEY_ID", typ:"JWT", alg:"ES256"}
YOUR_KEY_ID: Refer to the image above.
- JWT Payload:
1
2
3
4
5
6
{
iss: 'YOUR_ISSUE_ID',
iat: TOKEN creation time (UNIX TIMESTAMP e.g 1658326020),
exp: TOKEN expiration time (UNIX TIMESTAMP e.g 1658327220),
aud: 'appstoreconnect-v1'
}
YOUR_ISSUE_ID: Refer to the image above.
exp TOKEN expiration time: The expiration time varies depending on the access function or setting. Some can be permanent, while others expire after more than 20 minutes and require regeneration. For details, please refer to the official documentation.
Use JWT.IO or the Ruby example below to generate a JWT
jwt.rb:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
require 'jwt'
require 'time'
keyFile = File.read('./AuthKey_XXXX.p8') # YOUR .p8 private key file path
privateKey = OpenSSL::PKey::EC.new(keyFile)
payload = {
iss: 'YOUR_ISSUE_ID',
iat: Time.now.to_i,
exp: Time.now.to_i + 60*20,
aud: 'appstoreconnect-v1'
}
token = JWT.encode payload, privateKey, 'ES256', header_fields={kid:"YOUR_KEY_ID", typ:"JWT"}
puts token
decoded_token = JWT.decode token, privateKey, true, { algorithm: 'ES256' }
puts decoded_token
- Ruby JWT tool is here: https://github.com/jwt/ruby-jwt
The final result will be a JWT similar to the following:
1
4oxjoi8j69rHQ58KqPtrFABBWHX2QH7iGFyjkc5q6AJZrKA3AcZcCFoFMTMHpM.pojTEWQufMTvfZUW1nKz66p3emsy2v5QseJX5UJmfRjpxfjgELUGJraEVtX7tVg6aicmJT96q0snP034MhfgoZAB46MGdtC6kv2Vj6VeL2geuXG87Ys6ADijhT7mfHUcbmLPJPNZNuMttcc.fuFAJZNijRHnCA2BRqq7RZEJBB7TLsm1n4WM1cW0yo67KZp-Bnwx9y45cmH82QPAgKcG-y1UhRUrxybi5b9iNN
Try it out?
With the token, we can now try using the App Store Connect API!
1
curl -H 'Authorization: Bearer JWT' "https://api.appstoreconnect.apple.com/v1/apps/APPID/customerReviews"
APPIDcan be obtained from the App Store Connect backend:
Or the App Store page:
APPID =
557252416
Success! 🚀 We can now fetch App reviews using this method. The data is complete and can be fully handled by the machine without manual routine maintenance (although the JWT expires, the Private Key does not, so we can generate a JWT signed with the Private Key for each request to access the data).
For other filter parameters and operation methods, please refer to the official documentation.
⚠️ You can only access app review data for which you have permission ⚠️
Complete Ruby Test Project
Using a Ruby file, the above process is implemented. You can directly clone it and fill in the data for testing.
First Open:
1
bundle install
Getting Started:
1
bundle exec ruby jwt.rb
Next
Similarly, we can access and manage through the API ( API Overview ):
[New] Customer reviews
[New] Subscriptions
[New] In-App Purchases
[Updated] Improving your App’s Performance
If you have any questions or feedback, feel free to contact me.
This post was originally published on Medium (View original post), and automatically converted and synced by ZMediumToMarkdown.