Credentials
Set up App Store Connect and Google Play credentials
Overview
MySigner needs API credentials to interact with App Store Connect and Google Play Console on your behalf. This guide walks you through setting up both.
App Store Connect Credentials
Create an API Key
- Go to App Store Connect
- Click Generate API Key (requires Admin or App Manager role)
- Give it a name like "MySigner"
- Select App Manager or Admin role
- Click Generate
- Download the
.p8file immediately - you can only download it once! - Note the Key ID and Issuer ID shown on the page
Store your.p8file securely. If you lose it, you'll need to generate a new key.
Add to MySigner
- In the MySigner dashboard, go to your organization
- Click Add App Store Connect Credential
- Enter:
- Name - A descriptive name (e.g., "Production API Key")
- Key ID - The 10-character identifier from ASC
- Issuer ID - The UUID from ASC (looks like
69a6de7e-...) - Private Key - Paste the entire contents of your
.p8file
- Click Save
Test the Connection
After saving, click Test to verify the credential works. MySigner will:
- Authenticate with App Store Connect
- Retrieve your Team ID
- List available apps
If successful, you'll see a green checkmark and your Team ID will be displayed.
Activate the Credential
If you have multiple credentials, click Activate to set one as the default for this organization.
Google Play Credentials
Create a Service Account
- Go to Google Cloud Console
- Select or create a project
- Click Create Service Account
- Enter:
- Name - "MySigner"
- ID - Auto-generated
- Description - "MySigner app deployment"
- Click Create and Continue
- Skip the role assignment (we'll do this in Play Console)
- Click Done
Generate a Key
- Click on the service account you just created
- Go to Keys tab
- Click Add Key → Create new key
- Select JSON format
- Click Create
- Save the downloaded JSON file securely
Grant Access in Play Console
- Go to Google Play Console
- Click Users and permissions → Invite new users
- Paste the service account email (ends in
@...iam.gserviceaccount.com) - Grant these permissions:
- Release apps to testing tracks
- Release to production, exclude devices, and use Play App Signing
- View app information and download bulk reports
- Click Invite user
- Click Apply on the app(s) you want to deploy
It may take a few minutes for permissions to propagate.
Add to MySigner
- In the MySigner dashboard, go to your organization
- Click Add Google Play Credential
- Enter:
- Name - A descriptive name
- Developer Account ID (optional) - Found in Play Console under Account details
- Service Account JSON - Paste the entire JSON file contents
- Click Save
Test the Connection
Click Test to verify. MySigner will:
- Authenticate with Google Play
- List available apps
- Verify write permissions
Multiple Credentials
You can add multiple credentials per organization, which is useful for:
- Separate teams - Different credentials for different apps
- Rotation - Add a new key before expiring the old one
- Testing - Use a read-only key for testing
Only one credential can be active at a time per provider (ASC or Google Play). The active credential is used by default for CLI commands.
Security Best Practices
- Minimal permissions - Only grant the permissions MySigner needs
- Rotate regularly - Generate new keys periodically
- Audit access - Review who has access to credentials. On Team plans, every credential add / activate / remove event is recorded in the Audit Log so you have a full history of who changed what and when.
- Revoke unused - Delete credentials you no longer need
- Never share - Don't send credentials via email or chat
Related
- Organizations - Create and manage organizations
- API Tokens - CLI authentication
- iOS Resources - Manage certificates and profiles
- Android Resources - Manage keystores and apps
- Audit Log - Track credential changes (Team)
- Notifications - Alerts for sync failures and revocations
- Getting Started - Initial setup