Upload iOS application for clients on their iTunes Connect account.

gistfile1.md

Obviously, the simplest solution would be for the client to share their account details or add us as ‘team admin’, but that is not what this is about.

On https://developer.apple.com

1. Add us to your iOS Developer Program as ‘team member’.
2. Create a ‘Distribution Certificate’, if you haven’t got one already.
3. Create a ‘App Store Distribution Provisioning Profile’.
4. Export the ‘Distribution Certificate’ assets and send the export and password to us. (For security sake, it’s a good idea to send us the password via other means than the exported certificate. E.g. by phone/SMS.)

On https://itunesconnect.apple.com

5. Ensure all relevant contracts have been signed.
6. Create the application record in iTunes Connect. Ensure that the app record status in iTunes Connect is ‘Waiting for Upload’.

This is my summary of what I think the client should do, but I would love to hear from you if I’m wrong and/or if you know a complete and good tutorial that we can send to our client?

PS: If you’re going to share this, here’s a pwetty version: http://gist.io/4952606

Might want to also ensure that they've agreed to all the latest T's & C's, particularly if the app is paid or has IAP. Getting blocked later in the process because they're missing is frustrating.

@markwilcox Added, thanks!

1. Be explicit that you will need Distribution certificate in .p12 file format.
2. As far as my knowledge goes, you will need agent credentials to upload the binary from XCode. Otherwise customer has to upload himself using Application Loader. Admin/Developer can not upload the binary.

@manishmalani Thanks!

Be explicit that you will need Distribution certificate in .p12 file format.

I have only ever done this process manually from Keychain.app, but it is my understanding that doing this from the Xcode Organizer (as linked to) doesn’t give you any options.

As far as my knowledge goes, you will need agent credentials to upload the binary from XCode. Otherwise customer has to upload himself using Application Loader. Admin/Developer can not upload the binary.

Ok, I will have to investigate this then.

We upload a lot of apps for clients and even setting up the app record in iTunes Connect is too much. I suggest asking them for the specific assets and marketing information required and entering that yourself.

I believe @manishmalani is correct on the second point as well.

The easiest thing from the client's perspective is to ask for their agent credentials and do everything for them, and that's what I would suggest, unless they have a strong preference to upload the IPA themselves.

Yes, AFAIK only the agent can upload the binary. This is in my opinion very annoying as most clients I've worked for, do not have the technical skills needed. It's always "solved" by using the clients credentials and handling it for them ... but I really dislike it. I'd love to hear if there's a better solution to this.

One way to avoid getting their iTunes connect credentials would be to make them add you to their iTunes connect as a developer. Since Apple has a strange restriction that Apple ID can be added to only one iTunes Connect account, you have to use new email every time customer adds you to their iTunes Connect. For convenience we use a trick with gmail accounts and "+" sign. For example, my email is andrew@marpasoft.com, so I send my customer "andrew+organization_name@marpasoft.com", where organizaton_name is any unique identifier for your customer's organization. This way Apple thinks that this is a new email, and Gmail still sends all the emails to my primary account, so I don't need to create a new mailbox. The only downside is that when apple sends a new marketing email, I receive one for each account :-)

Please ignore this post… there are several mistakes in it. I need to review it… Sorry about that.

I totally agree with @jstr on two points:

• Asking a customer to create the Prov' part is usually too much (app ID… but I do think that it is usually better to let them handle the iTunes Connect (iTC) part (a lot of marketing stuff), once the App ID has been created. Just provide your client with the App ID he should use and the app version.
• You need an iTC credential to upload the app. There can be more than one account linked to an iTC team. But, as @zen4ever mentioned, you have to have one specific email address per iTC team you belong to. :-/

Additionally, you need to be the Team Agent, not just a Team Admin, (there can be only one per team, btw your client cannot add you as a Team Agent) to create and use a Distribution Prov' Prof' to sign an app. And you also need its private key (big warning here if there are several people uploading apps for your client, they will need to share this private key, i.e. the key used to sign the Distribution Certificate).

For all those reasons, I would recommend the following process:

To be done before the development starts:

The developer:

• Create a new email address (forwarding to your team) for your client's iTC team. Let's call it my.new.itc.account@.

The client:

• Buy a Developer Program.
• Wait for Apple validation…
• Send the Team Agent credentials of this developer program (so that the developer can handle the security stuff).
• Add an account for the email my.new.itc.account@ to your iTC. This account must have Admin or Technical role (so that the developer can upload the binary).

The developer:

• Sign in developer.apple.com as the client Team Agent, go to the Prov' Portal.
• If a Distribution Certificate exists, ask the client for the related private key.
• Else, create the Distribution Certificate using a new private key (from the Keychain app). Upload this new certificate. Export the new private key to keep it safe and secure and to send it to the client (along with the password of the resulting P12 archive).
• Create an App ID.

Once the app is ready to upload:

The developer:

• Provide the client with the app version to be released (Xcode needs to match iTC).

The client:

• Ensure all relevant contracts have been signed.
• Create the app record under Manage your Applications in iTC.
• Ensure you used the version number provided by the developer as the app version.
• Ensure that the app record status in iTunes Connect is ‘Waiting for Upload’.

The developer:

• Create the Distribution Prov' Prof' from the portal.
• Build, sign, archive and submit the app to the iTC using the my.new.itc.account@ account.
• … there's no step 42!

PS: maybe the version could be given by the client and just retrieved from the iTC, by the developer.

Question (forgive me if this is what you already meant, but just for clarity): Is this how you have the client receive all payments for paid apps and your account to show up as the link for the "More by Developer"?

I do know someone who has a developer account but gets other developers to create and upload the apps for him. He says that he doesn't need to give them "Agent" access but just adds them to his "Admin" member area in order to upload the app to iTunes. I know that the apps get uploaded and are now available on iTunes because I have seen it. He has even given me access to his developer account to see for myself. But I thought only "Agent" access is allowed to upload the app to iTunes as detailed in https://developer.apple.com/programs/roles/
I have looked and searched high and low and I still don't know how can an "Admin" upload to iTunes when clearly only an "Agent" status can do this. Is there a work around to allow an "Admin" to upload to iTunes because that would be good so that clients wouldn't have to feel nervous about developers having a look at their account details etc...