A p8 API key (also called an App Store Connect API key) is a private key file that Apple generates for you in App Store Connect. It's used to authenticate requests to the App Store Connect API.
How to create one
- Go to App Store Connect → Users and Access → Keys
- Click the "+" button to create a new key
- Give it a name (e.g., "Yeethook Production")
- Select the App Manager or Admin role
- Download the .p8 file (you can only download it once)
- Note the Key ID and Issuer ID shown on the page
What Yeethook does with it
When you upload your p8 key to Yeethook:
- Encryption: Yeethook encrypts the key with AES-256-GCM before storing it
- Enrichment: Yeethook uses it to call the App Store Connect API and enrich webhook events
- Automatic setup: In Quick Start mode, Yeethook uses it to automatically configure webhooks
Security
- The key is encrypted at rest (AES-256-GCM)
- It's never exposed in the UI
- It's only decrypted server-side, in memory, when making API calls
- You can delete or replace it at any time
- Revoking it in App Store Connect immediately cuts off access
Without a p8 key
Yeethook still works without a p8 key — you just configure webhooks manually in App Store Connect and get basic formatted notifications. But with a p8 key, you unlock automatic webhook setup and enriched events with crash logs, tester details, and screenshots.