Manage keys

Create a private key to access a service

Private keys allow you to access and authenticate communication with some app services — such as APNs, DeviceCheck, MusicKit, and WeatherKit. You’ll use the private key in a JSON Web Token (JWT) in a request to that service.

Required role: Account Holder or Admin.

  1. In Certificates, Identifiers & Profiles, click Keys in the sidebar, then click the add button (+) on the top left.

  2. Under Key Name, enter a unique name for the key.

  3. Select the checkbox next to the services you want to enable, then click Continue.

  4. If the Media Services checkbox is disabled, you need to register a media identifier first.

    • If you register more than one media identifier, click Configure next to the checkbox.

    • On the next page, choose the media identifier you want to use from the pop-up menu, then click Continue.

  5. Review the key configuration, then click Confirm.

  6. Optionally, click Download to generate and download the key now.

  7. If you download the key, it’s saved as a text file with a .p8 file extension in the Downloads folder.

  8. Click Done.

    WARNING: Save this file in a secure place because the key is not saved in your developer account and you won’t be able to download it again. If the Download button is disabled, you previously downloaded the key.