Labsco
forgeopslabs logo

AppStore MCP Server

from forgeopslabs

MCP server (Rust, rmcp) exposing the Apple App Store Connect API β€” apps, in-app purchases, subscriptions, pricing, versions/metadata, TestFlight, provisioning, and asset uploads, plus generic JSON:API tools.

πŸ”₯πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedPaid serviceAdvanced setup

appstore-mcp

An MCP server, written in Rust, that exposes the Apple App Store Connect API to AI agents. It covers the full product lifecycle β€” apps & metadata, in-app purchases, subscriptions and their offers, pricing & availability, App Store versions, App Review submission, TestFlight, provisioning & signing, asset uploads, promoted purchases, customer reviews, phased release, users & access, in-app events, Xcode Cloud, and analytics reports β€” across 113 tools, and can reach any other App Store Connect endpoint through two generic JSON:API tools.

Built on the official rmcp SDK over stdio.

πŸ“– Full tool reference β†’ docs/TOOLS.md β€” every tool's purpose and parameters.

Design: hybrid coverage

The App Store Connect API has hundreds of endpoints but is uniformly JSON:API. Rather than a tool per endpoint, this server is hybrid:

  • Curated tools (111) for the common, multi-step, or error-prone workflows β€” apps & metadata, IAPs, subscriptions & offers, versions, pricing, availability, App Review submission, TestFlight, provisioning, asset uploads, promoted purchases, customer reviews, phased release, users, in-app events, Xcode Cloud, analytics reports, and custom product pages.
  • Two generic escape-hatch tools β€” appstore_request and appstore_list β€” that can call any endpoint with raw JSON:API documents.

Tools

GroupTools
Genericappstore_request, appstore_list
Apps & metadatalist_apps, get_app, update_app, list_app_infos, update_app_info, set_age_rating, create_app_info_localization, update_app_info_localization
In-app purchases (v2)list_in_app_purchases, create_in_app_purchase, update_in_app_purchase, delete_in_app_purchase, create_iap_localization, set_iap_price_schedule, upload_iap_review_screenshot
Subscriptionslist_subscription_groups, create_subscription_group, create_subscription, update_subscription, create_subscription_localization, set_subscription_price
Versions & metadatalist_app_store_versions, create_app_store_version, create_version_localization, update_version_localization
App Review submissioncreate_review_submission, add_review_submission_item, submit_review_submission, list_review_submissions, submit_in_app_purchase, set_app_review_detail, create_app_encryption_declaration, assign_build_encryption_declaration
Pricinglist_territories, list_iap_price_points, list_subscription_price_points
Availabilityset_iap_availability, set_subscription_availability, set_app_availability
TestFlightlist_builds, list_beta_groups, create_beta_group, add_beta_tester, submit_build_for_beta_review, set_build_test_notes, set_build_beta_detail, set_beta_app_review_detail, expire_build, add_build_to_beta_group
Provisioning & signinglist_bundle_ids, create_bundle_id, enable_bundle_id_capability, disable_bundle_id_capability, list_certificates, create_certificate, list_devices, register_device, list_profiles, create_profile
Assetsupload_app_screenshot, upload_app_preview, create_screenshot_set, create_preview_set, delete_screenshot_set, delete_preview_set, reorder_screenshots
Subscription offerscreate_introductory_offer, create_promotional_offer, create_winback_offer, list_winback_offers
Offer codescreate_offer_code, generate_one_time_use_codes, create_custom_offer_code, list_offer_codes
Promoted purchasescreate_promoted_purchase, update_promoted_purchase, set_promoted_purchase_order, list_promoted_purchases
Customer reviewslist_customer_reviews, respond_to_review, delete_review_response
Phased releasestart_phased_release, update_phased_release
Users & accesslist_users, invite_user, update_user, remove_user
In-app eventscreate_app_event, create_app_event_localization, upload_app_event_screenshot
Xcode Cloudlist_ci_products, list_ci_workflows, start_ci_build, get_ci_build_run, list_ci_build_actions
Analytics reportsrequest_analytics_report, list_analytics_reports, list_analytics_report_instances, list_analytics_report_segments
Custom product pageslist_custom_product_pages, get_custom_product_page, create_custom_product_page, update_custom_product_page, delete_custom_product_page, list_custom_product_page_versions, create_custom_product_page_version, list_custom_product_page_localizations, create_custom_product_page_localization, update_custom_product_page_localization, create_cpp_screenshot_set, create_cpp_preview_set

See docs/TOOLS.md for each tool's description and parameters. Custom product page images are uploaded with the existing upload_app_screenshot / upload_app_preview tools.

Credentials

Generate a Team Key in App Store Connect β†’ Users and Access β†’ Integrations β†’ App Store Connect API, and download the .p8 file. Then set:

VariableRequiredDescription
ASC_ISSUER_IDβœ…Issuer UUID shown above the keys table.
ASC_KEY_IDβœ…The API key's Key ID.
ASC_PRIVATE_KEYone ofInline .p8 PEM contents.
ASC_PRIVATE_KEY_PATHone ofPath to the downloaded .p8 file.
ASC_BASE_URLoptionalOverride the API origin.
ASC_LOGoptionalLog filter (to stderr). Default info.

See .env.example. The server authenticates each request with a short-lived ES256 JWT signed by your key (cached and refreshed automatically).

The server starts even without credentials so a client can list its tools; tool calls then return an actionable configuration error until creds are set.

Build & run

cargo build --release
ASC_ISSUER_ID=... ASC_KEY_ID=... ASC_PRIVATE_KEY_PATH=/path/AuthKey_XXX.p8 \
  ./target/release/appstore-mcp

The server speaks MCP over stdio. Logs go to stderr; stdout is the protocol channel.

Use with an MCP client

Example client config (e.g. Claude Desktop's mcpServers):

{
  "mcpServers": {
    "appstore": {
      "command": "/absolute/path/to/appstore-mcp/target/release/appstore-mcp",
      "env": {
        "ASC_ISSUER_ID": "00000000-0000-0000-0000-000000000000",
        "ASC_KEY_ID": "ABCD123456",
        "ASC_PRIVATE_KEY_PATH": "/absolute/path/to/AuthKey_ABCD123456.p8"
      }
    }
  }
}

Inspect with the MCP Inspector

npx @modelcontextprotocol/inspector ./target/release/appstore-mcp

Limitations (enforced by Apple)

  • You cannot create an app via the API. The apps resource only allows GET and UPDATE β€” POST /v1/apps returns 403 FORBIDDEN_ERROR. Create the app record in the App Store Connect website (Apps β†’ βž• β†’ New App); you can pre-create its bundle ID with create_bundle_id. All other tools operate on an existing app.
  • A deleted in-app purchase's productId is permanently reserved by Apple and cannot be reused.

Development

cargo test                              # unit tests (JWT signing, MD5, body builders)
cargo clippy --all-targets -- -D warnings
cargo fmt --check

Regenerate the tool reference after adding/changing tools (needs the release binary; no credentials required):

cargo build --release && python3 scripts/gen_tools_doc.py   # rewrites docs/TOOLS.md

Live integration tests

scripts/integration_test.py drives the compiled server against the real API. Read-only by default; --write adds a self-cleaning IAP lifecycle.

cargo build --release
# Credentials via env (ASC_ISSUER_ID/ASC_KEY_ID/ASC_PRIVATE_KEY_PATH) or local
# appstore-connect.txt + AuthKey_*.p8 in the repo root (both gitignored).
python3 scripts/integration_test.py --app <APP_ID>          # read-only sweep
python3 scripts/integration_test.py --app <APP_ID> --write  # + write lifecycle