
A fast, lightweight, and scriptable CLI for the App Store Connect API. Automate iOS, macOS, tvOS, and visionOS release workflows from your terminal, IDE, or CI/CD pipeline.
Agent Skills for automating asc workflows including builds, TestFlight, metadata sync, submissions, and signing:
https://github.com/rorkai/app-store-connect-cli-skills
Install them globally so they are available across projects:
asc install-skills
Direct install:
npx skills add rorkai/app-store-connect-cli-skills --global --agent codex
If you want to confirm the binary works before configuring authentication:
asc version
asc --help
# Homebrew (recommended)
brew install asc
# Install script (macOS/Linux)
curl -fsSL https://asccli.sh/install | bash
# Windows (WinGet, once the package is accepted)
winget install asc
# Exact fallback when scripting
winget install --id Rorkai.ASC --exact
The WinGet package is tracked in
GitHub Discussion #1552.
Until it appears in winget search asc, Windows users can download the signed
release binaries directly from the
GitHub releases page.
For source builds and contributor setup, see CONTRIBUTING.md.
asc auth login \
--name "MyApp" \
--key-id "ABC123" \
--issuer-id "DEF456" \
--private-key /path/to/AuthKey.p8 \
--network
Generate API keys at: https://appstoreconnect.apple.com/access/integrations/api
If you are running in CI, a headless shell, or a machine where keychain access is not available, use config-backed auth instead:
asc auth login \
--bypass-keychain \
--name "MyCIKey" \
--key-id "ABC123" \
--issuer-id "DEF456" \
--private-key /path/to/AuthKey.p8
asc auth status --validate
asc auth doctor
asc apps list --output table
asc apps list --output json --pretty
asc chooses a default --output based on where stdout is connected:
tablejsonYou can still set a global preference:
export ASC_DEFAULT_OUTPUT=markdown
And explicit flags always win:
asc apps list --output json
asc uses visible lifecycle labels so you can judge support expectations before
depending on a command in CI or scripts:
[experimental]: useful, but still evolving; expect sharper edges and faster iterationDEPRECATED: or deprecation warnings: compatibility path kept during migration, but not the long-term homebrew update && brew upgrade ascwhich ascasc versionhttps://asccli.sh/installwinget source updatewinget install ascwinget install --id Rorkai.ASC --exactGet-Command asc and asc versionasc auth status --validateasc auth doctorASC_BYPASS_KEYCHAIN=1 or re-run asc auth login --bypass-keychainasc auth login --local --bypass-keychain ... when you want repo-local credentials in ./.asc/config.jsonasc defaults to table in an interactive terminal and json in pipes, files, and CI--output json, --output table, or --output markdown--pretty with JSON when you want readable output in terminals or bug reportsASC_DEFAULT_OUTPUT, but remember --output always winsasc sends pseudonymous command-level usage telemetry by default to help
maintainers understand which commands are used and where reliability work is
needed. Local events include a random installation ID, which lets events from
one installation be grouped over time; it is not derived from an Apple account
or machine identifier.
Telemetry includes the CLI version, operating system and architecture, registered command path, duration and exit outcome, runtime context, invocation source, low-cardinality invocation shape and failure classifications, and random event and session IDs. It does not include raw arguments, stderr, error messages, or flag values, credentials, private keys, Apple account, team, or issuer IDs, app or bundle IDs, API responses, usernames, hostnames, repository names, or file paths.
Review or change telemetry at any time:
asc telemetry status
asc telemetry disable
asc telemetry reset-id
ASC_TELEMETRY_DISABLED=1 and DO_NOT_TRACK=1 also disable telemetry. See the
telemetry reference for the exact event payload,
runtime handling, collector endpoint, and all controls.
ASC_BYPASS_KEYCHAIN=1; if it is safe to do so, include redacted output from ASC_DEBUG=api asc ... or asc --api-debug ...Want to add yours?
asc apps wall submit --app "1234567890" --confirm
The command uses your authenticated gh session to fork the repo and open a pull request that updates docs/wall-of-apps.json.
It resolves the public App Store name, URL, and icon from the app ID automatically. For manual entries that are not on the public App Store yet, use --link with --name.
Use asc apps wall submit --dry-run to preview the fork, branch, and PR plan before creating anything.
asc testflight feedback list --app "123456789" --paginate
asc testflight crashes list --app "123456789" --sort -createdDate --limit 10
asc testflight crashes log --submission-id "SUBMISSION_ID"
asc builds upload --app "123456789" --ipa "/path/to/MyApp.ipa"
asc builds list --app "123456789" --output table
asc testflight groups list --app "123456789" --output table
For macOS TestFlight distribution, upload the exported .pkg first, then add
the processed build to a beta group:
asc builds upload --app "123456789" --pkg "./build/MyMacApp.pkg" --version "1.2.3" --build-number "42" --wait --output json
asc builds add-groups --app "123456789" --build-number "42" --version "1.2.3" --platform MAC_OS --group "Internal Testers"
--app is the App Store Connect app ID. If you use local Xcode build flags such
as --archive-path, also pass exactly one of --workspace or --project plus
--scheme; otherwise use a pre-exported .ipa or .pkg upload. Add
--submit --confirm to asc builds add-groups when distributing to an external
TestFlight group that needs beta app review submission.
# Optional: preview the staging plan before submission
asc release stage --app "123456789" --version "1.2.3" --build "BUILD_ID" --copy-metadata-from "1.2.2" --dry-run
# Canonical upload + attach + submit command
asc publish appstore --app "123456789" --ipa "/path/to/MyApp.ipa" --version "1.2.3" --submit --confirm
# Monitor status after submission
asc status --app "123456789" --watch
Lower-level submission lifecycle commands (for debugging or partial workflows):
# Canonical readiness check
asc validate --app "123456789" --version "1.2.3"
asc submit status --version-id "VERSION_ID"
asc submit cancel --version-id "VERSION_ID" --confirm
asc review status --app "123456789"
asc review doctor --app "123456789"
asc localizations list --app "123456789" --type app-info
asc metadata init --dir "./metadata" --version "1.2.3" --locale "en-US"
asc metadata apply --app "123456789" --version "1.2.3" --dir "./metadata" --dry-run
asc metadata keywords audit --app "123456789" --version "1.2.3" --blocked-terms-file "./blocked-terms.txt"
asc apps info view --app "123456789" --output json --pretty
Use asc metadata keywords audit before sync or apply when you want an ASO-focused
review of live keyword metadata across locales. It reports duplicate phrases, repeated
terms across locales, overlap with localized app name or subtitle, byte-budget usage,
and optional blocked terms from repeated --blocked-term flags or a text file.
asc screenshots plan --app "123456789" --version "1.2.3" --review-output-dir "./screenshots/review"
asc screenshots apply --app "123456789" --version "1.2.3" --review-output-dir "./screenshots/review" --confirm
asc screenshots list --version-localization "VERSION_LOCALIZATION_ID"
asc video-previews list --app "123456789"
Uploading screenshots for a single locale:
asc apps list
asc versions list --app "APP_ID"
asc localizations list --version "VERSION_ID" --output json --locale "en-US" | jsonpp
asc screenshots upload --version-localization "VERSION_LOCALIZATION_ID" --path "./screenshots/en-US" --device-type "IPHONE_65" --replace --max-screenshots 10
VERSION_LOCALIZATION_ID is the App Store version localization resource ID
from data[].id, not the locale code from attributes.locale.
asc certificates list
asc profiles list
asc bundle-ids list
asc workflow validate
asc workflow run --dry-run testflight_beta VERSION:1.2.3
See docs/WORKFLOWS.md for a copyable .asc/deployment.json,
.asc/workflow.json, and ExportOptions.plist that use asc builds next-build-number,
asc xcode inject, asc xcode archive, asc xcode export --timeout 10m, and
asc publish testflight --group ... --wait. Add --submit --confirm when
distributing to an external TestFlight group that needs beta app review submission.
asc workflow validate
asc xcode inject --manifest .asc/deployment.json --set version=1.2.3 --set build_number=42 --dry-run --output json
asc workflow run --dry-run testflight_beta VERSION:1.2.3
asc workflow run testflight_beta VERSION:1.2.3
# Trigger from a pull request
asc xcode-cloud run --workflow-id "WORKFLOW_ID" --pull-request-id "PR_ID"
# Rerun from an existing build run with a clean build
asc xcode-cloud run --source-run-id "BUILD_RUN_ID" --clean
# Fetch a single build run by ID
asc xcode-cloud build-runs get --id "BUILD_RUN_ID"
Apple Ads uses separate OAuth credentials from App Store Connect:
asc ads auth login --name "Marketing" --client-id "SEARCHADS_CLIENT_ID" --team-id "SEARCHADS_TEAM_ID" --key-id "KEY_ID" --private-key ./ads-key.pem --org "123456"
asc ads auth discover --output json
asc ads campaigns --org "123456" --limit 100 --output json
asc ads reports campaigns --org "123456" --file reporting-request.json --output json
See guides/apple-ads-playbooks.mdx for operator playbooks covering credential safety, org inspection, read-only smoke tests, reporting, raw API usage, and guarded mutations.
Retention Messaging uses a dedicated In-App Purchase API key, separate from App Store Connect API credentials:
asc storekit auth login --name Production --key-id "KEY_ID" --issuer-id "ISSUER_ID" --private-key ./SubscriptionKey.p8 --bundle-id com.example.app
asc storekit auth doctor --environment sandbox --network
asc storekit retention-messaging messages list --environment sandbox --output json
asc storekit retention-messaging endpoint view --environment production
See [d
$ claude mcp add App-Store-Connect-CLI \
-- python -m otcore.mcp_server <graph>