spaceship exposes both the Apple Developer Center and the App Store Connect API. It’s super fast, well tested and supports all of the operations you can do via the browser. It powers parts of fastlane, and can be leveraged for more advanced fastlane features. Scripting your Developer Center workflow has never been easier!
Get in contact with the creators on Twitter: @FastlaneTools
fastlane: The easiest way to automate beta deployments and releases for your iOS and Android apps.spaceship is part of
spaceship uses a combination of 5 different API endpoints, used by the Apple Developer Portal and Xcode. As no API offers everything we need, spaceship combines all APIs for you. More details about the APIs.
- Blazing fast communication using only a HTTP client
- Object oriented access to all resources
- Resistant against front-end design changes of the of the Apple Developer Portal
- One central tool for the communication
- Automatic re-trying of requests in case a timeout occurs
- No web scraping
- 90%+ test coverage by stubbing server responses
More details about why spaceship is useful on spaceship.airforce.
No matter how many apps or certificates you have, spaceship can handle your scale.
Example spaceship code
Spaceship.login # Create a new app app = Spaceship.app.create!(bundle_id: "com.krausefx.app", name: "Spaceship App") # Use an existing certificate cert = Spaceship.certificate.production.all.first # Create a new provisioning profile profile = Spaceship.provisioning_profile.app_store.create!(bundle_id: app.bundle_id, certificate: cert) # Print the name and download the new profile puts("Created Profile " + profile.name) profile.download
Before spaceship, the fastlane tools used web scraping to interact with Apple's web services. With spaceship it is possible to directly access the underlying APIs using a simple HTTP client only.
Using spaceship, the execution time of sigh was reduced from over 1 minute to less than 5 seconds.
spaceship is part of fastlane:
sudo gem install fastlane
To try spaceship, just run
fastlane spaceship. It will automatically start the
spaceship playground. It makes it super easy to try spaceship
This requires you to install
sudo gem install pry.
pry is not installed by default, as most fastlane users won't need the
spaceship playground. You can add the
pry dependency to your
Apple Developer Portal API
DeveloperPortal.md for code samplesOpen
App Store Connect API
AppStoreConnect.md for code samplesOpen
2 Step Verification
When your Apple account has 2 factor verification enabled, you'll automatically be asked to verify your identity. If you have a trusted device configured for your account, then a code will appear on the device. If you don't have any devices configured, but have trusted a phone number, then a code will be sent to your phone. The resulting session will be stored in
~/.fastlane/spaceship/[email]/cookie. The session should be valid for about one month, however there is no way to test this without actually waiting for over a month.
Support for CI machines
To generate a web session for your CI machine, use
fastlane spaceauth -u firstname.lastname@example.org
This will authenticate you and provide a string that can be transferred to your CI system. Copy everything from
---\n to your CI server and provide it as environment variable named
FASTLANE_SESSION. For example:
export FASTLANE_SESSION='---\n- !ruby/object:HTTP::Cookie\n name: DES5c148586dfd451e55afbaaa5f62418f91\n value: HSARMTKNSRVTWFla1+yO4gVPowH17VaaaxPFnUdMUegQZxqy1Ie1c2v6bM1vSOzIbuOmrl/FNenlScsd/NbF7/Lw4cpnL15jsyg0TOJwP32tC/NguPiyOaaaU+jrj4tf4uKdIywVaaaFSRVT\n domain: idmsa.apple.com\n for_domain: true\n path: "/"\n secure: true\n httponly: true\n expires: 2016-04-27 23:55:56.000000000 Z\n max_age: \n created_at: 2016-03-28 16:55:57.032086000 -07:00\n accessed_at: 2016-03-28 19:11:17.828141000 -07:00\n'
Bypass trusted device and use SMS for verification
If you have a trusted device configured, Apple will not send a SMS code to your phone for your Apple account when you try to generate a web session with fastlane. Instead, a code will be displayed on one of your account's trusted devices. This can be problematic if you are trying to authenticate but don't have access to a trusted device. Take the following steps to circumvent the device and use SMS instead:
- Attempt to generate a web session with
fastlane spaceauth -u [email]and wait for security code prompt to appear
- Open a browser to appleid.apple.com or an address that requires you to login with your Apple ID, and logout of any previous session
- Login with your Apple ID and request a code be sent to the desired phone when prompted for a security code
- Use the code sent to phone with fastlane instead of with the browser
If you want to upload builds to TestFlight/App Store Connect from your CI, you have to generate and use an application specific password:
- Visit appleid.apple.com/account/manage
- Generate a new application specific password
- Provide the application specific password using an environment variable
Alternatively you can enter the application specific password when you're asked the first time fastlane uploads a build.
spaceship in use
All fastlane tools that communicate with Apple's web services in some way, use spaceship to do so.
Overview of the used API endpoints
https://idmsa.apple.com: Used to authenticate to get a valid session
- Get a list of all available provisioning profiles
- Register new devices
- List all devices, certificates, apps and app groups
- Create new certificates, provisioning profiles and apps
- Disable/enable services on apps and assign them to app groups
- Delete certificates and apps
- Repair provisioning profiles
- Download provisioning profiles
- Team selection
- Managing apps
- Managing beta testers
- Submitting updates to review
- Managing app metadata
- Upload icons, screenshots, trailers ...
spaceship uses all those API points to offer this seamless experience.
spaceship does a lot of magic to get everything working so neatly:
- Sensible Defaults: You only have to provide the mandatory information (e.g. new provisioning profiles contain all devices by default)
- Local Validation: When pushing changes back to the Apple Dev Portal spaceship will make sure only valid data is sent to Apple (e.g. automatic repairing of provisioning profiles)
- Various request/response types: When working with the different API endpoints, spaceship has to deal with
plistand sometimes even
HTMLresponses and requests.
- Automatic Pagination: Even if you have thousands of apps, profiles or certificates, spaceship can handle your scale. It was heavily tested by first using spaceship to create hundreds of profiles and then accessing them using spaceship.
- Session, Cookie and CSRF token: All the security aspects are handled by spaceship.
- Profile Magic: Create and upload code signing requests, all managed by spaceship
- Multiple Spaceship: You can launch multiple spaceships with different Apple accounts to do things like syncing the registered devices.
Code of Conduct
Help us keep fastlane open and inclusive. Please read and follow our Code of Conduct.
This project is licensed under the terms of the MIT license. See the LICENSE file.
This project and all fastlane tools are in no way affiliated with Apple Inc. This project is open source under the MIT license, which means you have full access to the source code and can modify it to fit your own needs. All fastlane tools run on your own computer or server, so your credentials or other sensitive information will never leave your own computer. You are responsible for how you use fastlane tools.