app-store-connect-mcp
Allows management of TestFlight beta testers for apps on App Store Connect via Apple's API, including listing apps and beta groups, adding and removing testers by email.
Integrates with App Store Connect to manage TestFlight beta groups and testers, providing tools to list apps, beta groups, and testers, as well as add or remove testers.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@app-store-connect-mcpadd tester jane@example.com to the beta group for my app"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
app-store-connect-mcp
A small, dependency-free local MCP server for App Store Connect / TestFlight. It lets an agent list your apps and beta groups and add / remove TestFlight beta testers by email, authenticating with an individual App Store Connect API key (a .p8) via an ES256 JWT.
Raw JSON-RPC over stdio, no npm dependencies (pure Node crypto + fetch), a .env for config, and plugin manifests for Cursor / Codex.
What it does
Tools:
Tool | Description |
| List apps (id, name, bundleId). Find your |
| List TestFlight beta groups for an app. |
| List beta testers, optionally filtered by group or email. |
| Add one tester (by email) to one or more beta groups. |
| Add many testers to a single group; per-email success/failure. |
| Remove a tester from a group by email. |
Adding a tester triggers Apple's TestFlight invite email.
Related MCP server: App Store Connect MCP Server
Setup
Generate an individual API key in App Store Connect: top-right username → Edit → Individual API Key → Generate Key. Download the
.p8once and store it safely (e.g.~/.appstoreconnect/AuthKey_XXXX.p8). Note the Key ID shown next to the key.Create
.env(copy from.env.example):APP_STORE_CONNECT_P8_PATH=~/.appstoreconnect/AuthKey_XXXXXXXXXX.p8 APP_STORE_CONNECT_KEY_ID=XXXXXXXXXX # optional, so you don't pass appId every call: # APP_STORE_CONNECT_APP_ID=1234567890Individual keys sign the JWT with
sub: "user"and no issuer id. Only setAPP_STORE_CONNECT_ISSUER_IDif you're using a team key instead.Register the server with your MCP client. For Cursor, point it at
mcp.json(stdio,command: ./bin/app-store-connect-mcp,envFile: .env).
Runtime
This server runs on Bun. The bin/app-store-connect-mcp launcher execs a
project-local vendor/bun if present, otherwise bun on your PATH. No npm install /
bun install needed — there are no dependencies (just Bun's built-in crypto + fetch).
Don't have Bun? Either install it from bun.sh or vendor a
copy into the repo with npm run install:bun (downloads Bun into vendor/bun/).
Test it
bun scripts/mcp-call.mjs tools/list '{}'
bun scripts/mcp-call.mjs list_apps '{}'
bun scripts/mcp-call.mjs list_beta_groups '{"appId":"1234567890"}'
bun scripts/mcp-call.mjs add_beta_tester '{"email":"tester@example.com","betaGroupIds":["<groupId>"]}'Security notes
The
.p8never leaves your machine; it's read locally only to sign the JWT sent to Apple..envand*.p8are gitignored.The only network destination is
https://api.appstoreconnect.apple.com.Individual keys can't touch provisioning, sales/finance, or
notaryTool— TestFlight management works fine.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/lilingxi01/app-store-connect-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server