asc iris — App Store Connect Private API

Access App Store Connect private API (iris) endpoints using cookie-based authentication. The iris API powers the ASC web UI and exposes capabilities not available through the public REST API, such as app creation.

Authentication

Iris uses browser cookies, not JWT API keys. Two resolution methods:

1. Browser auto-extraction (default) — log in to appstoreconnect.apple.com in Chrome/Safari/Firefox. Cookies are extracted automatically via SweetCookieKit.
2. Environment variable — set ASC_IRIS_COOKIES for CI/CD:

   export ASC_IRIS_COOKIES="myacinfo=DAWT...; itctx=eyJ..."
   

The essential cookie is myacinfo (set on .apple.com). Additional cookies (itctx, dqsid, wosid) are collected from appstoreconnect.apple.com.

How to Navigate (CAEOAS Affordances)

Every JSON response contains an "affordances" field with ready-to-run commands: