Apple Application Loader altool issue when using api key

Asked 2/9, 2020 at 6:48 Answered 6/8, 2022 at 2:19

I am currently trying to use ALTool to upload my application IPA to App Store Connect as part of a build script. These are the commands I am using:

xcrun altool --validate-app -f my-ipa-file.ipa -t ios --apiKey "MYAPIKEY" --apiIssuer "MYISSUERID"
xcrun altool --upload-app -f my-ipa-file.ipa -t ios --apiKey "MYAPIKEY" --apiIssuer "MYISSUERID"

My private key (p8) is located at

./private_keys/AuthKey_MYAPIKEY.p8

According to the altool --help command the tool will look in the following directories (in order) for a p8 file named AuthKey_<apikey>.p8:

 ./private_keys
 ~/private_keys
 ~/.private_keys
 ~/.appstoreconnect/private_keys

Considering the p8 file is in the first folder of that list, this should work. And for the --validate-app call, it does actually work. The calls to App Store Connect are made, the app validates and if there are any errors from App Store Connect they return as expected.

However, for some reason the --upload-app command always returns with the same error:

2020-09-01 14:24:40.934 altool[28265:119010] * Error: Error uploading 'my-ipa-file.ipa'.
2020-09-01 14:24:40.934 altool[28265:119010] * Error: code -18000 (Could not locate the private key file: AuthKey_MYAPIKEY.p8)

For some reason it seems --upload-app doesn't properly load the p8 file in ./private_keys/ while --validate-app does.

Placing the p8 file in one of the other 3 folders (~/private_keys etc.) does work for both validate and upload as a temporary workaround. But I prefer to use ./private_keys due to how my build scripts injects files into the build process.

Is this a bug in altool or is there something I'm missing?

Edmanda answered 2/9, 2020 at 6:48 Comment(0)

In GitHub actions I just put the api key into $RUNNER_TEMP. And then when running the xcrun altool I am doing it like so:

API_PRIVATE_KEYS_DIR=$RUNNER_TEMP xcrun altool

Illation answered 6/8, 2022 at 2:19 Comment(1)

Hey how exactly do you bind this path to xcrun altool --validate-app -f my-ipa-file.ipa -t ios --apiKey "MYAPIKEY" --apiIssuer "MYISSUERID" – Frost 10/7, 2023 at 2:40

This is probably a bug.

When uploading an app, altool seems to invoke iTMSTransporter under the hood to do the actual uploading. The latter changes current directory before running, so when it looks for ./private_keys/AuthKey_MYAPIKEY.p8 in current directory, it checks the wrong location.

See cd in /Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/itms/bin/iTMSTransporter.

I guess altool doesn't invoke iTMSTransporter when validating apps.

Livvie answered 11/9, 2020 at 19:18 Comment(5)

I've managed to confirm with Apple Support that this is a bug. For now it's recommended by Apple to use the other 3 documented folders. – Edmanda 7/12, 2020 at 8:46

This has now been fixed in XCode 13.1! – Edmanda 29/10, 2021 at 15:1

@LeonLucardie I'm just now starting to get errors after updating to XCode 13.1. I'm using a GitHub Action to run Altool, any ideas why I'm suddenly seeing this error? – Nikolos 29/11, 2021 at 7:22

@Nikolos Did you manage to get to the bottom of your XCode 13.1 issue with Github Actions ? I'm also having troubles with it and can't seem to find documentation anywhere about it – Calton 7/3, 2022 at 14:33

@Calton as far as I remember, I decided to run the command directly in my Action in stead of using another Action, which would fail. Once I executed altool directly in my Action it worked – Nikolos 9/3, 2022 at 12:56

Recommended topics

Hot tags