Open Radar

 
Summary:

With the announcement of the official [AppStore Connect API](https://developer.apple.com/videos/play/wwdc2018/303/), we as the fastlane team spent time looking into what API endpoints we currently make use of and how those would be mapped to the newly announced API. As the public API isn't available yet, we weren't able to verify our assumptions, however it should give everyone a good understanding of what API endpoints are used by iOS developers. Check out the attached [used_apis.md](https://github.com/fastlane/app-store-connect-api/blob/master/radars/api_overview/used_apis.md) file for the full list of API endpoints.

Right now, fastlane accesses a total of 134 API endpoints.

**Hybrid**

The newly announced API covers only a small subset of API endpoints fastlane needs. This requires us to implement a hybrid client that uses the official API when possible which then falls back to using the undocumented API when needed. However, this would force all fastlane users to authenticate with the new auth system and the current fastlane auth system which would add extra complexity to everyone's setup.

The beauty of the new API is that we could access the developer's data without getting their full credentials and not having to handle 2-step and 2-factor auth. However as the API doesn't implement all API endpoints yet, we'll have to always also auth the old API to support all current functionality. As a result, using the new API as well as the old one, every fastlane user would have to authenticate twice. 

As an alternative, fastlane could generate the auth tokens on behalf of the user (using the existing fastlane auth system) which would result in the user only having to provide their full Apple ID credentials.

Our alternative is not ideal as the point of the auth tokens is to prevent users from having to use their email and password. A better alternative would be if the new auth tokens would be backwards compatible with the undocumented API sessions allowing fastlane users to use both the new APIs and undocumented APIs with the new auth token system. This is a change that Apple wold have to make on their end.

**Our plans**

Long term, we plan on implementing the newly announced API within fastlane. We want to offer a configuration flag that would force fastlane to exclusively use official API and therefore disable the fallback to the undocumented one. 

For now, the API seems too limited to be useful for most our users. In particular the lack of managing App Store Connect data (metadata, screenshots, ...) as well as more advanced Apple Developer Portal data (push, creating apps & managing app details) seems like we'll have to wait before shipping something that can be used.

Steps to Reproduce:


Expected Results:


Actual Results: