Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
appstoreconnect-BPHvZ
Readme
This is a fork of appstoreconnect : https://pypi.org/project/appstoreconnect/
This project removes some of the dependencies.
This is a Python wrapper around the Apple App Store Api : https://developer.apple.com/documentation/appstoreconnectapi
So far, it handles token generation / expiration, methods for listing resources and downloading reports.
The project is published on PyPI, install with:
pip install appstoreconnect
Please follow instructions on Apple documentation on how to generate an API key.
With your key ID, key file (you can either pass the path to the file or the content of it as a string) and issuer ID create a new API instance:
from appstoreconnect import Api, UserRole
api = Api(key_id, path_to_key_file, issuer_id)
# use a proxy
api = Api(key_id, path_to_key_file, issuer_id, proxy='http://1.2.3.4:3128')
# set a timeout (in seconds) for requests
api = Api(key_id, path_to_key_file, issuer_id, timeout=42)
Here are a few examples of API usage. For a complete list of available methods please see api.py.
# list all apps
apps = api.list_apps()
for app in apps:
print(app.name, app.sku)
# sort resources
apps = api.list_apps(sort='name')
# filter apps
apps = api.list_apps(filters={'sku': 'DINORUSH', 'name': 'Dino Rush'})
print("%d apps found" % len(apps))
# read app information
app = api.read_app_information('1308363336')
print(app.name, app.sku, app.bundleId)
# get a related resource
for group in app.betaGroups():
print(group.name)
# list bundle ids
for bundle_id in api.list_bundle_ids():
print(bundle_id.identifier)
# list certificates
for certificate in api.list_certificates():
print(certificate.name)
# modify a user
user = api.list_users(filters={'username': 'finance@nemoidstudio.com'})[0]
api.modify_user_account(user, roles=[UserRole.FINANCE, UserRole.ACCESS_TO_REPORTS])
# download sales report
api.download_sales_and_trends_reports(
filters={'vendorNumber': '123456789', 'frequency': 'WEEKLY', 'reportDate': '2019-06-09'}, save_to='report.csv')
# download finance report
api.download_finance_reports(filters={'vendorNumber': '123456789', 'reportDate': '2019-06'}, save_to='finance.csv')
Define a timeout (in seconds) after which an exception is raised if no response is received.
api = Api(key_id, path_to_key_file, issuer_id, timeout=30)
api.list_apps()
APIError: Read timeout after 30 seconds
Please note this is a work in progress, API is subject to change between versions.
Starting with version 0.8.0 this library anonymously collects its usage to help better improve its development. What we collect is:
You can review the source code
If you feel uncomfortable with it you can completely opt-out by initliazing the API with:
api = Api(key_id, path_to_key_file, issuer_id, submit_stats=False)
The is also an open issue about this topic where we would love to here your feedback and best practices.
Project development happens on Github
This project is developed by Ponytech
FAQs
A Python wrapper around Apple App Store Api
We found that appstoreconnect-BPHvZ demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.