Home App Store Connect API Now Supports Reading and Managing Customer Reviews
Post
Cancel

App Store Connect API Now Supports Reading and Managing Customer Reviews

App Store Connect API Now Supports Reading and Managing Customer Reviews

App Store Connect API 2.0+ comprehensive update, supports In-app purchases, Subscriptions, Customer Reviews management

2022/07/19 News

[Upcoming transition from the XML feed to the App Store Connect API](https://developer.apple.com/news/?id=yqf4kgwb){:target="_blank"}

Upcoming transition from the XML feed to the App Store Connect API

This morning, I received the latest news from Apple developers, announcing that the App Store Connect API now supports three new features: In-app purchases, Subscriptions, and Customer Reviews management. This allows developers to more flexibly integrate Apple’s development process with CI/CD or business backends more closely and efficiently!

I haven’t touched In-app purchases or Subscriptions, but Customer Reviews excites me. I previously published an article titled “AppStore APP’s Reviews Slack Bot” discussing ways to integrate App reviews with workflow.

Slack Review Bot — [ZReviewsBot](https://github.com/ZhgChgLi/ZReviewsBot){:target="_blank"}

Slack Review Bot — ZReviewsBot

Before the App Store Connect API supported this, there were only two ways to get iOS App reviews:

First was to subscribe to Public RSS, but this RSS feed couldn’t be flexibly filtered, provided limited information, had a quantity limit, and we occasionally encountered data corruption issues, making it very unstable.

Second was through Fastlane SpaceShip, which encapsulated complex web operations and session management to fetch review data from the App Store Connection backend (essentially running a web simulator crawler to fetch data from the backend).

  • The advantage was that the data was complete and stable; we integrated it for a year without any data issues.
  • The downside was that the session expired every month, requiring manual re-login, and since Apple ID now requires 2FA verification, this also had to be done manually to produce a valid session. Additionally, if the session was generated and used from different IPs, it would expire immediately (making it difficult to host the bot on a network service with a non-fixed IP).

[important-note-about-session-duration](https://docs.fastlane.tools/best-practices/continuous-integration/#important-note-about-session-duration){:target="_blank"} by Fastlane

important-note-about-session-duration by Fastlane

  • Expire irregularly every month, need to update from time to time, it becomes really annoying over time; and this “ Know How “ is actually difficult to hand over to other colleagues.

But because there is no other way, we can only do this until we received the news this morning…

⚠️ Note: The official plan is to cancel the original XML (RSS) access method in 2022/11.

2022/08/10 Update

I have developed a new “ ZReviewTender — Free and Open Source App Reviews Monitoring Bot “ based on the new App Store Connect API.

App Store Connect API 2.0+ Customer Reviews Trial

Create App Store Connect API Key

First, we need to log in to the App Store Connect backend, go to “Users and Access” -> “Keys” -> “ App Store Connect API “:

Click “+”, enter the name and permissions; for detailed permissions, refer to the official website instructions. To reduce testing issues, select “App Manager” to grant maximum permissions.

Click “Download API Key” on the right to download and save your “AuthKey_XXX.p8” Key.

⚠️ Note: This Key can only be downloaded once, please keep it safe. If lost, you can only Revoke the existing one & create a new one. ⚠️

⚠️ Do not leak the .p8 Key File ⚠️

App Store Connect API Access Method

1
curl -v -H 'Authorization: Bearer [signed token]' "https://api.appstoreconnect.apple.com/v1/apps"

Signed Token (JWT, JSON Web Token) Generation Method

Refer to official documentation.

  • JWT Header:
1
{kid:"YOUR_KEY_ID", typ:"JWT", alg:"ES256"}

YOUR_KEY_ID: Refer to the image above.

  • JWT Payload:
1
2
3
4
5
6
{
  iss: 'YOUR_ISSUE_ID',
  iat: TOKEN creation time (UNIX TIMESTAMP e.g 1658326020),
  exp: TOKEN expiration time (UNIX TIMESTAMP e.g 1658327220),
  aud: 'appstoreconnect-v1'
}

YOUR_ISSUE_ID: Refer to the image above.

exp TOKEN expiration time: It varies depending on different access functions or settings, some can be permanent, some expire after more than 20 minutes and need to be regenerated. For details, refer to official instructions.

Use JWT.IO or the Ruby example provided below to generate JWT

jwt.rb:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
require 'jwt'
require 'time'

keyFile = File.read('./AuthKey_XXXX.p8') # YOUR .p8 private key file path
privateKey = OpenSSL::PKey::EC.new(keyFile)

payload = {
            iss: 'YOUR_ISSUE_ID',
            iat: Time.now.to_i,
            exp: Time.now.to_i + 60*20,
            aud: 'appstoreconnect-v1'
          }

token = JWT.encode payload, privateKey, 'ES256', header_fields={kid:"YOUR_KEY_ID", typ:"JWT"}
puts token


decoded_token = JWT.decode token, privateKey, true, { algorithm: 'ES256' }
puts decoded_token

The final JWT result will look something like this:

1
4oxjoi8j69rHQ58KqPtrFABBWHX2QH7iGFyjkc5q6AJZrKA3AcZcCFoFMTMHpM.pojTEWQufMTvfZUW1nKz66p3emsy2v5QseJX5UJmfRjpxfjgELUGJraEVtX7tVg6aicmJT96q0snP034MhfgoZAB46MGdtC6kv2Vj6VeL2geuXG87Ys6ADijhT7mfHUcbmLPJPNZNuMttcc.fuFAJZNijRHnCA2BRqq7RZEJBB7TLsm1n4WM1cW0yo67KZp-Bnwx9y45cmH82QPAgKcG-y1UhRUrxybi5b9iNN

Try it out?

With the token, we can try out the App Store Connect API!

1
curl -H 'Authorization: Bearer JWT' "https://api.appstoreconnect.apple.com/v1/apps/APPID/customerReviews"
  • APPID can be obtained from the App Store Connect backend:

Or from the App Store page:

  • Success! 🚀 We can now use this method to fetch App reviews. The data is complete and can be fully automated without manual routine maintenance (JWT will expire, but the Private Key will not. We can generate a JWT for each request using the Private Key).
  • For other filtering parameters and operation methods, please refer to the official documentation.

⚠️ You can only access the App review data for which you have permission ⚠️

Complete Ruby Test Project

A Ruby file that performs the above process. You can clone it, fill in the details, and test it directly.

First time opening:

1
bundle install

Getting Started:

1
bundle exec ruby jwt.rb

Next

Similarly, we can access management through the API ( API Overview ):

If you have any questions or feedback, feel free to contact me.

===

本文中文版本

===

This article was first published in Traditional Chinese on Medium ➡️ View Here



This post is licensed under CC BY 4.0 by the author.

Painless Migration from Medium to Self-Hosted Website

ZReviewTender — Free Open Source App Reviews Monitoring Bot