Written by Rudrank Riyam.
After you successfully build and test your app, you may want to upload the build to TestFlight or the App Store. Sometimes, you may face an unknown authentication error that makes it difficult for you to upload the iOS binary to App Store Connect. You may even face an authentication error after using a valid App Store API key. If you’ve faced this problem, you’re not alone. This article discusses how the App Store Connect API works, the recurring problem related to authentication, and a few potential solutions and workarounds.
So, let’s get started!
App Store publishing process
The process of publishing to the App Store can be divided into four parts:
- Creating an archive
- Validating the archive
- Authenticating with App Store Connect
- Uploading the archive
Creating an archive
An archive is a bundle that includes your product along with symbol information. You can build an archive to distribute an app for testing or validate and submit an app to App Store Connect. Archives appear in the Archives list of the Organizer window unless you disable this option in the scheme editor. Each archive is identified in the Archives Organizer with the date and time it was created.
Validating the archive
Before you send and upload your app to App Store Connect, Xcode validates the archive to determine whether it meets the minimum requirements set by the App Store and ensure that the app passes the App Store Connect checks. If the validation process fails for some reason, it presents you with an error message with suggestions to fix the error.
Authentication with App Store Connect
After the archive is validated successfully, a connection is established with App Store Connect to authorize uploading the archive. You have to sign in using your Apple ID with the developer license and ensure that the correct profiles are used.
Uploading the archive
There are three ways to upload the archive to App Store Connect:
- Using Xcode
- Using altool
- Using the Transporter app for macOS
Using Xcode
Generally, the simplest way to upload the archive is using Xcode. You can validate and archive the app and then distribute it to TestFlight or publish it to the App Store from Xcode itself through the Organizer.
Using altool
Apple includes a shim or a wrapper executable called xcrun
with Xcode. It allows you to run tools inside Xcode from the command line.
You can use xcrun
to invoke altool
, which lets you notarize and validate your app binary files and upload them to the App Store.
Using the Transporter app for macOS
A third alternative is Apple’s app for macOS called Transporter, which makes it easy and simple to upload an app to App Store Connect for distribution on the App Store.
While the primary use case of this app is uploading your build, you can also use it to upload your metadata packages and to view the app’s delivery progress and the history of app deliveries.
Now that you know how to authenticate and upload the binary, let’s look at how the App Store Connect API helps automate the process.
App Store Connect API and workflow configuration
The App Store Connect API is a REST API that enables you to automate the process and actions you usually perform manually in App Store Connect. All the major CI/CD service providers, including Codemagic, use it to automate the App Store publishing process.
You use the App Store Connect API Key (inside the .p8
file), the issuer ID, and the key ID for authorization. These can be created under Users and Access > *Keys. The generated API key allows you to configure, authenticate, and use Apple services.
When you work with Codemagic, you’ll need to add these values in the workflow configuration:
publishing:
app_store_connect:
key_id: $APP_STORE_CONNECT_KEY_IDENTIFIER
issuer_id: $APP_STORE_CONNECT_ISSUER_ID
api_key: $APP_STORE_CONNECT_PRIVATE_KEY
submit_to_app_store: true
release_type: SCHEDULED
earliest_release_date: 2021-12-29T14:00:00+00:00
copyright: 2021 Nevercode Ltd
Codemagic then uses the App Store Connect API to interact with App Store Connect and allows you to automatically publish your app to the App Store or TestFlight after successful authorization based on the API key, issuer ID, and key ID.
Issues with the App Store Connect API
Sometimes, you may face an issue where you cannot upload the iOS binary to App Store Connect in the post-processing action. You may see an error that says Unable to authenticate. with the error code 19209 when uploading the app to TestFlight or the App Store:
Failed to upload the archive, but this might be a temporary issue, retrying...
Attempt #2 to upload failed, retrying...
Attempt #3 to upload failed, retrying...
Attempt #4 to upload failed, retrying...
Attempt #5 to upload failed, retrying...
Attempt #6 to upload failed, retrying...
Attempt #7 to upload failed, retrying...
Attempt #8 to upload failed, retrying...
Attempt #9 to upload failed, retrying...
Attempt #10 to upload failed.
*** status code 401, auth issue.
{"tool-version":"4.059.1219","tool-path":"/Applications/Xcode-13.0.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework","os-version":"11.6.2","product-errors":[{"message":"Unable to authenticate.","userInfo":{"NSLocalizedDescription":"Unable to authenticate.","NSLocalizedFailureReason":"Unable to authenticate."},"code":-19209}]}
Failed to publish YourAppName.ipa to App Store Connect.
Build failed :|
Publishing failed :|
Failed to publish YourAppName.ipa to App Store Connect.
This error happens randomly, even if you have successfully uploaded your app using the same credentials as before. It may also work successfully if you try again after a few hours.
After researching and going through different forums, we’ve found out that many other providers also face this issue. It is difficult to pinpoint a specific reason for this issue, as this process works most of the time but fails randomly. The error message Unable to authenticate is generic and not of much help for debugging its root cause.
Unfortunately, you can’t really do much about this, as the problem does not seem to be on Codemagic’s side. Even if you use a valid App Store Connect API key (including one you used for a previous successful App Store connection), it may still fail. The frequency of this issue’s occurrence has risen after the release of Xcode 13. Still, there are some actions you can take that may help.
Potential solutions and workarounds
You are not alone in dealing with these issues, and we have identified potential solutions and workarounds to help you successfully publish your app to TestFlight or the App Store.
Here are a few tips:
1. Accept the license agreement
Apple updates the Apple Developer Program License Agreement quite often, and you have to accept it to update your existing apps, make new in-app purchases, and submit new apps to the App Store. Having an outdated agreement is one of the issues that may cause the problem described above.
Note that you must have at least the Legal or Admin role to review and accept the agreement.
If you have an outdated agreement, update it or ask your administrator to accept the agreement. Updating the agreement may enable the build to upload successfully.
2. Retry uploading
Even though Codemagic can automatically retry uploading to the App Store up to 10 times, it may still fail due to an unknown error related to authentication. You can retry again without changing anything. This may enable you to successfully upload your app to the App Store, like in the case of a developer who faced the same problem and was able to successfully upload their app after a few retries.
3. Use Transporter
If none of the solutions above work and you are still facing the same issue, you can download the .ipa from Codemagic if you have mentioned exporting the artifact in the workflow configuration.
Then, you can manually drag and drop the binary file into the Transporter app. You can download the Transporter app on the Mac App Store for free.
Conclusion
While the issue of apps failing to upload to App Store Connect for an unknown reason is not very frequent, it’s still annoying enough to cause a lot of displeasure. We hope that the workarounds we’ve described in this article — such as accepting the license agreement, using Transporter to publish the .ipa, or just retrying manually — can help you solve the problem.
If you know any other solutions to this problem or want to share your experience, please tell us about it in the Slack community or mention @codemagicio on Twitter!
.
Discussion about this post