Signing an App

This topic explains in detail the process of signing your app on Appdome.

For the Appdome Python library example refer to the snippet at the bottom.

Signing Apps by Using the Appdome REST API

Using the Appdome REST API, you have the following choices to sign your apps:

  • Automatic Signing (Android, iOS) – If you saved your signing credentials in the Fusion Set, you can use this command to sign the app automatically and receive a signed binary.
  • Private Signing (Android, iOS) – If you want to seal the app, download a non-signed binary and sign it locally.
  • Auto-DEV private Signing (Android, iOS) – The app is sealed and wrapped in a signing script, which you can run to automatically sign the app locally (without uploading the certificates to the platform).

The API requests for all the signing tasks are identical; only the action needs to be changed.

  • For Automatic Signing use sign
  • For Private Signing use seal
  • For Auto-DEV Private Signing use sign_script

After Building your app, you can add context with the pre-configured settings of your selected Fusion Set in the previous step.

Caveats

  • Remember to visit the platform to obtain your API key, team_id if you're working with a team. See Getting started section.
  • This action can be invoked only after you acquired a task_id from a build process, and also only when the build process is successfully finished.

This process consists of the following steps, which should be made in the order specified below:

  • POST request to Appdome to send the task_id obtained the the build process, action parameter with a value of sign/seal/sign_script, and optionally overrides json object detailed at the Sign an app API reference page.
  • GET request to check the task status, should be polled operation and wait until the request status is success before proceeding to the next action.

The process

The scripts use several variables used in the scripts, like API_KEY, SIGN_OVERRIDES, TEAM_ID and task_id. Ensure that you update these parameters accordingly.


NOTE: When signing iOS apps, always add the Form data -F [email protected]<path/to/file>


NOTE: When signing Android apps using Private Signing or Auto-DEV Signing, add the certificate SHA-1 fingerprint as an override: overrides={"signing_sha1_fingerprint":""}

  1. Provide the task_id you want to sign, and select the requested signing method, with optional overrides.
SIGN_OVERRIDES='{"signing_p12_password":"...","manual_entitlements_matching":"..."}'

curl -s --request POST \
    --url "https://fusion.appdome.com/api/v1/tasks" \
    --header "Authorization: $API_KEY" \
    --header 'accept: application/json' \
    --header 'content-type: multipart/form-data' \
    --form action=<seal|sign|sign_scirpt> \
    --form parent_task_id=$task_id \
    --form overrides="$SIGN_OVERRIDES" >/dev/null

  1. Declare a function that will perform the polling operation and notify when the task status is completed. Note that the task may fail with a status of error and a message property, which indicates the reason for failure and might help you resolve the issue before signing again.
statusWaiter() {
  task_id=$1
  team_id=$2
  status="progress"
  while [[ $status == "progress" ]]; do
    status=$(curl -s --request GET \
      --url "https://fusion.appdome.com/api/v1/tasks/$task_id/status?team_id=$team_id" \
      --header 'Content-Type: application/json' \
      --header "Authorization: $API_KEY" |
      jq -r '.status')
    sleep 0.5
  done
}

statusWaiter "$task_id" "$TEAM_ID"

At this point, if the status inside statusWaiter is completed, this means you have successfully signed your app.

From here, you may proceed to download your app.

Appdome python library example

python3 sign.py --task_id <task_id_value> --keystore <keystore file> --keystore_pass <keystore password> --keystore_alias <key alias> --key_pass <key password> --sign_overrides <overrides_json_file>