Skip to main content

Managing iOS code signing files

This guide describes how to manage your iOS code signing files with the Bitrise API. If you’d like to learn more about how to do the same on the UI, please check out iOS code signing.

You can upload, update, list, and delete iOS code signing files with the API. In this guide we show you how and in what order to use those code signing endpoints.

EndpointsFunctionRequired role on the app's team
POST/apps/{app-slug}/provisioning-profilesCreate a provisioning fileOwner or Admin
POST/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug}/uploadedConfirm the upload processOwner or Admin
PATCH/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug}Update an uploaded provisioning fileOwner or Admin
GET/apps/{app-slug}/provisioning-profilesGet a list of the uploaded provisioning filesOwner or Admin
GET/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug}Retrieve data of a specific provisioning fileOwner or Admin
DELETE/apps/{app-slug}/provisioning-profiles/{provisioning-profile-slug}Delete an uploaded provisioning fileOwner or Admin
EndpointsFunctionRequired role on the app's team
POST/apps/{app-slug}/build-certificatesCreate a build certificateOwner or Admin
POST/apps/{app-slug}/build-certificates/{build-certificate-slug}/uploadedConfirm the upload processOwner or Admin
PATCH/apps/{app-slug}/build-certificates/{build-certificate-slug}Update an uploaded build certificateOwner or Admin
GET/apps/{app-slug}/build-certificatesGet a list of the uploaded build certificateOwner or Admin
GET/apps/{app-slug}/build-certificates/{build-certificate-slug}Retrieve data of a specific build certificateOwner or Admin
DELETE/apps/{app-slug}/build-certificates/{build-certificate-slug}Delete an uploaded build certificateOwner or Admin

Uploading an iOS code signing fileClick to copy link

Required role

You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.

For a complete list of user roles and role cheatsheets, check Roles and permissions for Bitrise CI.

You can upload an iOS code signing file (either a .p12 certificate or a provisioning profile) to a Bitrise app of your choice. This process does NOT create a new code signing file: it uploads an existing file (created and downloaded from the Apple Developer Portal) to an AWS URL. It is functionally the same as uploading your code signing files on the Bitrise website: Managing iOS code signing files - manual provisioning.

To upload an iOS code signing file file via the API:

  1. Call the POST method of the provisioning-profiles or build-certificates endpoint to create a temporary pre-signed upload URL that expires in ten minutes.

    The call requires an existing code signing file (certificate or provisioning profile) and two parameters:

    • upload_file_name: The filepath to the existing code signing file. For example, /path/to/sample.p12.
    • upload_file_size: The size of the file in bytes.
    // Calling the endpoint to create the temporary upload URL
    curl -X POST -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles' -d '{"upload_file_name":"sample.provisionprofile","upload_file_size":2047}'
    // The successful response: you will need the "upload_url" and the "slug".
    {
      "data":{
        "upload_file_name":"sample.provisionprofile",
        "upload_file_size":2047,
        "slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W",
        "processed":false,
        "is_expose":true,
        "is_protected":false,
        "upload_url":"https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/build_certificates/uploads/30067/original/certs.p12?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180216%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180216T124240Z&X-Amz-Expires=600&X-Amz-SignedHeaders=content-length%3Bhost&X-Amz-Signature=2bf42176650f00405abfd7b7757635c9be16b43e98013abb7f750d3c658be28e"
      }
    }

  2. The response to the first call contains an upload_url parameter. You need to use this and the upload_file_name parameter to upload the file to AWS with a curl call.

    curl -T sample.provisionprofile 'https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/build_certificates/uploads/30067/original/certs.p12?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180216%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180216T124240Z&X-Amz-Expires=600&X-Amz-SignedHeaders=content-length%3Bhost&X-Amz-Signature=2bf42176650f00405abfd7b7757635c9be16b43e98013abb7f750d3c658be28e'

  3. Confirm the file upload with a POST call of the uploaded endpoint: use the slug from the response to the first POST call.

    This sets the processed flag of the file to true. This flag can't be changed again afterwards!

    curl -X POST -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/FILE-SLUG/uploaded'

Updating an uploaded iOS code signing fileClick to copy link

You can perform minor updates to an uploaded iOS code signing file using the PATCH method. If you’ve uploaded your file to Bitrise, you can visually check any changes to it on the Code Signing & Files tab.

Required role

You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.

For a complete list of user roles and role cheatsheets, check Roles and permissions for Bitrise CI.

For example, to make a provisioning profile protected, you can set the is_protected flag of your provisioning profiles to true.

curl -X PATCH -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/PROVISIONING-PROFILE-SLUG -d '{"is_protected":true}'

For a build certificate you can set the same attributes as above but you can modify the password too:

curl -X PATCH -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/build-certificates/BUILD-CERTIFICATE-SLUG -d '{"certificate_password":"s0m3-v3ry-s3cr3t-str1ng"}'
Be careful when setting attributes

You can set the is_protected, is_exposed and processed attributes of the files you've uploaded:

  • Once the is_protected flag is set to true, it cannot be changed anymore.
  • When the value of is_protected is true, then the is_expose flag cannot be set to another value.
  • Once the processed flag is set to true, then its value cannot be changed anymore.

Getting a specific iOS code signing file's dataClick to copy link

Required role

You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.

For a complete list of user roles and role cheatsheets, check Roles and permissions for Bitrise CI.

Retrieve a specific iOS code signing file’s data with the GET method of the provisioning-profiles and build-certificates endpoints. The returned data includes, among other things, the file's name, size, and download URL, as well as its current status.

The required parameters are:

  • app slug
  • file slug

Retrieving a provisioning profile's data

Request:

curl -X GET -H  'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles/PROVISIONING-PROFILE-SLUG'

Response:

{
  "data": {
    "upload_file_name":"sample.provisionprofile",
    "upload_file_size":2047,
    "slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W",
    "processed":false,
    "is_expose":true,
    "is_protected":false,
    "download_url":"https://concrete-userfiles-production.s3-us-west-2.amazonaws.com/prov_profile_documents/uploads/80144/original/sample.provisionprofile?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=AKIAIOC7N256G7J2W2TQ%2F20180322%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180322T091652Z&X-Amz-Expires=600&X-Amz-SignedHeaders=host&X-Amz-Signature=6dd7bb3db72aafb2d434da7b1a8f80a82a3a7a0276e84620137ed64de5025ab2"
  }
}
Availability of the download_url

Note that the download_url is generated only when the file’s is_protected attribute is false.

Listing the iOS code signing files of an appClick to copy link

Required role

You must have an admin or owner role on the app's team to manage iOS code signing files using the Bitrise API.

For a complete list of user roles and role cheatsheets, check Roles and permissions for Bitrise CI.

Wondering how many iOS code signing files belong to an app? Get a list of them using the GET method of the provisioning-profiles and build-certificates endpoints.

The required parameter is:

  • app slug

Optional parameters are:

  • next: slug of the first file in the response (as a string)
  • limit: max number of elements per page (as an integer) where the default is 50.

Getting all provisioning profiles of an app

Request:

curl -X GET -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/provisioning-profiles'

Response:

{
  "data": [
    {
      "upload_file_name":"sample.provisionprofile",
      "upload_file_size":2047,
      "slug":"01C6FA6P6HRQT5PQ8RMMVVXE6W",
      "processed":false,
      "is_expose":true,
      "is_protected":false
    },
    {
      "upload_file_name":"sample2.provisionprofile",
      "upload_file_size":2047,
      "slug":"01C6FA6P6HRQT5PQ8RMMVVXE5T",
      "processed":true,
      "is_expose":true,
      "is_protected":true
    }
  ],
  "paging": {
    "page_item_limit": 50,
    "total_item_count": 2
  }
}