API access · Methodology · Public, citable
How AppMeta Pulse
talks to App Store Connect.
AppMeta Pulse authenticates to App Store Connect using Apple's official API with a key you generate in your own account. This page documents exactly which endpoints the app calls, which API key role is required for each, how the short-lived JWT tokens are signed and refreshed, where credentials live, and — equally important — what the app cannot do because of the scope it operates under. No marketing language. Verifiable against Apple's own documentation.
What you generate, what the app stores.
App Store Connect API keys are generated in your App Store Connect account, not by AppMeta Pulse. The app cannot generate or escalate a key; it can only use the one you give it.
In App Store Connect (you)
- Sign in to App Store Connect with an account that has permission to create API keys (Admin or Account Holder).
- Open Users and Access → Integrations → App Store Connect API.
- Generate a new key. Pick a role (Sales, Finance, Developer, App Manager, Admin, etc.). The role determines what AppMeta Pulse can read — see the endpoint table below for the minimum role per report.
- Download the
.p8private key file. Apple only lets you download it once — if you lose it, you regenerate. - Copy the Key ID (10-character string) and the Issuer ID (your team's UUID, shown above the keys list).
In AppMeta Pulse (the app)
- Paste or import the
.p8file, Key ID, and Issuer ID into AppMeta Pulse. - The three values are stored together in the system Keychain — the same secure storage iOS and macOS use for passwords and Wi-Fi credentials.
- Nothing is written to plain files, iCloud Drive, third-party servers, or analytics SDKs.
- Revoke the key any time in App Store Connect → Users and Access → Keys. Revocation takes effect at Apple's API immediately; the app cannot circumvent it.
How the request is actually signed.
Per Apple's documented requirements for API tokens, every request to the App Store Connect API must include a short-lived JSON Web Token signed with ES256 using your private key. AppMeta Pulse does this signing locally — the .p8 private key never leaves your device.
01
Token construction
Header:
alg: ES256, kid: <your Key ID>, typ: JWT. Payload: iss: <your Issuer ID>, iat: <now>, exp: <now + ≤20 min>, aud: appstoreconnect-v1. Apple's documentation specifies a maximum token lifetime of 20 minutes — tokens with longer expiry are rejected by the API.02
Signing
The token header + payload is signed locally with the ES256 algorithm using your .p8 private key. The signing happens on-device; the private key bytes never go to a network. Apple's API verifies the signature using the public key registered against your Key ID.
03
Request
The signed JWT is attached as an
Authorization: Bearer <token> header on each HTTPS request to https://api.appstoreconnect.apple.com. The request goes directly to Apple — no intermediate proxy, no Lagerland server, no third-party analytics endpoint.04
Refresh
When the JWT is close to expiry, AppMeta Pulse generates a new one from the same stored Key ID, Issuer ID, and .p8 — same construction, new
iat and exp. There is no refresh token in the OAuth sense; Apple's API uses self-signed short-lived JWTs only.Endpoints called, and the role required for each.
Per Apple's role permissions matrix, the role you pick when generating the key determines which reports the key can read. AppMeta Pulse exposes exactly the views the role allows — never more.
Sales and Trends reports
Endpoint:
Minimum role required: Sales, Finance, Admin, or Account Holder (per Apple's role permissions). App Manager and Developer roles do not have access to this endpoint — keys with those roles will see permission errors here.
This is the endpoint that drives the top-line revenue, downloads, and country breakdown views.
GET /v1/salesReports. Returns daily, weekly, monthly, or yearly aggregated proceeds, units, and refunds by app and territory.Minimum role required: Sales, Finance, Admin, or Account Holder (per Apple's role permissions). App Manager and Developer roles do not have access to this endpoint — keys with those roles will see permission errors here.
This is the endpoint that drives the top-line revenue, downloads, and country breakdown views.
Subscription reports
Endpoint:
Minimum role required: Sales, Finance, Admin, or Account Holder. Same access scope as Sales reports.
Drives the subscription health view — active subscribers, trial conversions, cancellations, refunds.
GET /v1/financeReports (subscription type) and the App Store Connect Subscription Status reports.Minimum role required: Sales, Finance, Admin, or Account Holder. Same access scope as Sales reports.
Drives the subscription health view — active subscribers, trial conversions, cancellations, refunds.
App Analytics (where available)
Endpoint: App Analytics report endpoints.
Minimum role required: Admin, Account Holder, App Manager, Developer, Marketing, or Sales — App Analytics has broader role access than Sales reports.
If your key has only one of the analytics-eligible roles (e.g. App Manager) but lacks Sales access, AppMeta Pulse will show analytics-derived counts but not paid-out proceeds. The app surfaces this state clearly rather than failing silently.
Minimum role required: Admin, Account Holder, App Manager, Developer, Marketing, or Sales — App Analytics has broader role access than Sales reports.
If your key has only one of the analytics-eligible roles (e.g. App Manager) but lacks Sales access, AppMeta Pulse will show analytics-derived counts but not paid-out proceeds. The app surfaces this state clearly rather than failing silently.
Endpoints AppMeta Pulse does NOT call
No write endpoints. No
POST, PATCH, or DELETE calls anywhere in the app. No build submission endpoints. No app metadata edit endpoints. No pricing endpoints. No TestFlight management endpoints. No review-reply endpoints. The app's network layer is built to read only; even a misbehaving feature could not write because the request methods are not wired up at the codebase level.What "read-only" actually means here.
Two layers of read-only enforcement — one in the app, one at Apple's API. The combination is what makes the guarantee meaningful.
At the app level
- The network layer only implements
GETrequests against the App Store Connect API. There is no code path forPOST,PATCH, orDELETE. - The UI has no "submit," "edit," "publish," "delete," or "reply" buttons against your App Store Connect data — because nothing in the app could action them even if they existed.
- Most accidental App Store Connect mistakes (pushing the wrong build, replying to the wrong review, hiking the wrong price) are impossible inside AppMeta Pulse by construction.
At Apple's API level
- The role you set on the API key determines what the key can do. A key with the Sales role cannot write to anything, even if a request tried.
- You can revoke the key in App Store Connect at any time; the next API call from AppMeta Pulse will fail with 401 and the app surfaces that state clearly.
- Apple's API enforces the role at the request level — not on trust of the calling app.
Data freshness — what to expect.
App Store Connect's own reporting cadence is the upper bound on freshness; no third-party dashboard can be faster than Apple's source data.
Sales and Trends
Apple updates Sales and Trends with next-day data — today's purchases appear tomorrow morning UTC. Same cadence as the App Store Connect web dashboard. AppMeta Pulse polls on-demand and on a refresh interval; the data shown is whatever Apple has currently published for your account.
Financial Reports
Apple publishes monthly Financial Reports on a delayed cadence — typically 30+ days after the fiscal month ends. These are the canonical reconciliation source for tax filing and accounting. AppMeta Pulse displays Sales and Trends figures (next-day) by default; for tax filing, reconcile against Apple's monthly downloadable Financial Reports.
What we deliberately do not promise.
Honest limits
- Numbers can never be fresher than Apple's reporting cadence. We cannot accelerate Apple's overnight ETL.
- Exchange rates and tax categories in Apple's Sales and Trends are rolling averages — they will not always match what hits your bank account.
- If you generated your API key with a role that lacks Sales access (e.g. App Manager only), the app will show what that role can read and clearly note what it cannot.
- App Store Connect API rate limits are managed by Apple. Heavy refresh during a sales spike may briefly throttle; the app backs off rather than retrying aggressively.
What is genuinely under our control
- Where the .p8 key lives (system Keychain — not iCloud Drive, not a plaintext file, not a third-party server).
- What the app does with your data after fetching it (nothing — App Store privacy label declares zero data collection, verifiable on the listing).
- Whether read-only stays read-only across future versions (yes — the network layer is structurally write-incapable).
- Honest disclosure when something changes (this page is dated and updated when the model changes).
About AppMeta Pulse
Use it
Open AppMeta Pulse.
App Store Connect on iPhone, iPad, and Mac. Read-only by construction, zero data collection on the privacy label, .p8 key in your Keychain, your data goes nowhere but Apple.