FunnelHound / Guides / API key setup
How to create an App Store Connect API key (step by step)
Go to App Store Connect → Users and Access → Integrations → App Store Connect API → Team Keys and click "+" to generate a key. You need the Admin role to create keys. Choose an access level, then download the .p8 private key file — it can be downloaded only once. Note the Key ID (per key) and Issuer ID (per team, shown at the top of the page).
Step-by-step: generating the key
- 1. Sign in to App Store Connect with an account that has the Admin role — other roles can't create team keys.
- 2. Open Users and Access, then the Integrations tab.
- 3. Select App Store Connect API → Team Keys.
- 4. Click the "+" button, give the key a descriptive name (e.g. "FunnelHound analytics"), and choose a role for the key.
- 5. Click Generate, then download the .p8 file immediately and store it safely.
- 6. Copy the Key ID from the key's row and the Issuer ID from the top of the page.
Which role should the key have?
Each API key carries a role that caps what it can do, and the right instinct is least privilege: grant the smallest role that covers the job. For reading analytics and sales reports — downloads, impressions, deletions, proceeds — a Sales/Finance-level key is enough; it can pull reports but can't touch builds, app metadata or users. An Admin-role key can do essentially everything the API exposes, including destructive operations, so handing one to a tool that only needs to read numbers is unnecessary exposure. If a tool genuinely requires more access later, you can always generate a second key with a broader role; keys are cheap, over-scoped keys are not.
The .p8 file: one download, ever
When you generate the key, Apple offers the .p8 private key file exactly once. Close the page without downloading it, or lose the file later, and there is no recovery — you revoke the key and create a new one. So download it immediately and store it like the credential it is: a password manager entry or an encrypted vault, not your Downloads folder, not a Slack message, not a git repository. Anyone holding the .p8 plus the public Key ID and Issuer ID can sign requests to Apple as you, up to the key's role. Treat it exactly like a password, because functionally it is one.
Key ID, Issuer ID and Vendor Number — where each lives
| Value | Scope | Where to find it |
|---|---|---|
| Key ID | Per key | The key's row on the Team Keys page |
| Issuer ID | Per team | Top of the Team Keys page |
| .p8 private key | Per key | One-time download at generation |
| Vendor Number | Per team | Payments and Financial Reports, or Sales and Trends |
The Vendor Number trips people up because it isn't on the API page at all — it identifies your team for sales and finance reports, and lives in Payments and Financial Reports (or Sales and Trends) in App Store Connect.
Using the key in FunnelHound
FunnelHound uses exactly these four values: enter the Key ID and Issuer ID, import the .p8 file, pick your app, and add the Vendor Number for sales data. The key is stored in the iOS Keychain on your device and is never sent anywhere except to sign requests directly to Apple — no third-party servers in the path. One timing note: the first-ever analytics report request for an app takes 24–48 hours before Apple generates data, so an empty screen on day one is Apple's queue, not a broken key. Once reports flow, you get the full funnel — see what you can check on iPhone and how impressions and page views fit together.
Key created? Point it at your funnel
FunnelHound turns that API key into Impressions → Installs → Purchases on your iPhone. The key stays in your Keychain; data goes Apple → you.
Get FunnelHoundData notes: paths and role requirements per Apple's App Store Connect API documentation as of 2026. Individual keys (per-user, under a personal account) also exist; this guide covers team keys, which most integrations expect. Apple generates first-time analytics reports within 24–48 hours of the initial request.