TypeScript SDK and JWT auth for Apple's App Store Connect API, built on Web Crypto with zero runtime dependencies.
| Package | Description |
|---|---|
@bradford-tech/asc-sdk |
1055 auto-generated, tree-shakeable operations from Apple's OpenAPI spec |
@bradford-tech/asc-auth |
ES256 JWT signer with token caching, single-flight deduplication, and edge runtime support |
Both packages are published to npm and jsr.
npm install @bradford-tech/asc-sdk @bradford-tech/asc-authOr with Deno:
deno add jsr:@bradford-tech/asc-sdk jsr:@bradford-tech/asc-authimport { client, appsGetCollection } from "@bradford-tech/asc-sdk";
import { createASCAuth } from "@bradford-tech/asc-auth";
const auth = createASCAuth({
issuerId: "57246542-96fe-1a63-e053-0824d011072a",
keyId: "2X9R4HXF34",
privateKey: process.env.ASC_PRIVATE_KEY!,
});
client.setConfig({ auth });
const { data } = await appsGetCollection();
console.log(data?.data.map((app) => app.attributes?.name));
// => ["My App", "Another App"]See the asc-sdk README for full SDK details and the asc-auth README for auth configuration options.
The existing TypeScript SDKs for App Store Connect carry runtime dependencies that the auth layer doesn't need. One imports Node's fs at the top level, breaking edge-runtime bundlers before any feature is used. Another pulls in jose and zod -- adding weight for what is, at the auth layer, a single ES256 signature that crypto.subtle already provides.
@bradford-tech/asc-auth is a zero-dependency ES256 signer built directly on Web Crypto -- no jose, no fs, no shims. It runs on Node 20+, Deno, Bun, Cloudflare Workers, and Vercel Edge.
The two packages are split on purpose. asc-sdk accepts an auth: () => Promise<string> callback, so you can bring your own JWT source if you already have one. asc-auth is useful on its own for pre-signing tokens in CI with signASCToken(). They compose cleanly, but nothing couples them.
git clone https://github.com/bradford-tech/asc-sdk.git
cd asc-sdk
npm install
npm run buildnpm run type-check # tsc --noEmit across all packages
npm run lint # eslint (zero warnings tolerance)
npm run fix # prettier + eslint auto-fix
npm run generate # regenerate SDK from OpenAPI spec
npm test --workspace @bradford-tech/asc-auth # run auth testsThe SDK is generated by @hey-api/openapi-ts from Apple's OpenAPI spec (packages/asc-sdk/spec/openapi.oas.json). A daily GitHub Actions workflow downloads the latest spec from Apple and opens a PR if it changed.
Bug reports and pull requests are welcome on GitHub.