Automation API
The Automation API is the purpose-built API for protecting app binaries from CI/CD systems, release scripts, or internal build tooling. Use it when your workflow needs a focused upload, status, and download path without taking on the broader Management API surface.
It is the right choice when AppTego protection is one step in a larger mobile release pipeline. The API accepts app metadata, returns a signed upload URL for the binary, tracks the resulting build job, and returns a signed download URL for the protected output.
Direct Automation API requests support Android .apk and .aab artifacts and iOS .ipa artifacts. The first-party GitHub Actions and CircleCI integrations use the same API but currently validate Android inputs as .apk; call the Automation API directly for Android App Bundle workflows.
| Guide | What it covers |
|---|---|
| Automation API Reference | Authentication, upload URL creation, multipart upload helpers, status checks, signed downloads, errors, and workflow examples. |
| GitHub Actions | A managed GitHub workflow integration built on the Automation API. |
| CircleCI | A managed CircleCI orb built on the Automation API. |
Use Automation API When
- Your CI provider is not covered by a first-party AppTego integration.
- You need custom artifact storage, approval gates, or release orchestration.
- You want a lightweight upload, status, and download flow without using broader Management API endpoints.
- You are building an internal release service that protects apps from multiple repositories.
- You need to keep AppTego protection behind your own deployment controls.
For broader portal administration, use the Management API.
Typical Workflow
- Build the mobile app in your normal pipeline.
- Request an upload URL from
POST /automate/uploadusing the app filename, platform, configuration version, and file size. - Upload the APK, AAB, or IPA to the returned signed URL. Large files use the multipart URLs returned by the same upload request.
- Wait for the AppTego build job to report
completedfromGET /automate/status/{jobId}. - Request a signed download URL from
GET /automate/download/{jobId}and download the protected artifact. - Store the protected artifact, AppTego job ID, configuration version, commit SHA, source artifact name, and release metadata together.
- Run QA or automated tests against the protected artifact before release.
Credential Handling
Automation keys are intended for build pipelines and require a Team or Enterprise plan. Each tenant can have up to 10 automation keys. Store the full key_id:key_secret value in your CI secret manager, scope access to release workflows, rotate keys regularly, disable unused keys, and never print keys in logs. The key secret is shown only when the key is created, so store it immediately.