Model Context Protocol moderate risk

App Store Connect

This MCP server provides AI-powered tools to manage apps, beta testing, and analytics within App Store Connect using natural language commands.

Connections & Capabilities

Connects To

GitHub

Capabilities

readwrite

Quickstart

Install

npx @smithery/cli install appstore-connect-mcp-server --client claude

Config

{
  "mcpServers": {
    "app-store-connect": {
      "command": "npx",
      "args": [
        "-y",
        "appstore-connect-mcp-server"
      ],
      "env": {
        "APP_STORE_CONNECT_KEY_ID": "YOUR_KEY_ID",
        "APP_STORE_CONNECT_ISSUER_ID": "YOUR_ISSUER_ID",
        "APP_STORE_CONNECT_P8_PATH": "/path/to/your/auth-key.p8",
        "APP_STORE_CONNECT_VENDOR_NUMBER": "YOUR_VENDOR_NUMBER_OPTIONAL"
      }
    }
  }
}

Exposed MCP Tools (13)

safe

list_apps

Retrieves a list of apps from App Store Connect.

Read-only operation with no side effects.

safe

get_app_info

Gets detailed information about a specific app.

Read-only operation; retrieves existing data.

safe

list_beta_groups

Lists all beta testing groups.

Read-only operation; retrieves existing data.

safe

list_group_testers

Lists testers in a specific beta group.

Read-only operation; retrieves existing data.

moderate

add_tester_to_group

Adds a new tester to a beta group.

Adds data; potential for unintended exposure if group is misconfigured.

moderate

remove_tester_from_group

Removes a tester from a beta group.

Removes data; potential for accidental removal of valid testers.

moderate

create_app_store_version

Creates a new app store version for an app.

Creates a new resource; incorrect parameters could lead to submission issues.

safe

list_app_store_versions

Gets all app store versions for a specific app.

Read-only operation; retrieves existing data.

safe

list_app_store_version_localizations

Gets all localizations for a specific app store version.

Read-only operation; retrieves existing data.

safe

get_app_store_version_localization

Gets detailed information about a specific localization.

Read-only operation; retrieves existing data.

high

update_app_store_version_localization

Updates a specific field in an app store version localization.

Modifies app store metadata; incorrect updates can affect discoverability.

safe

list_beta_feedback_screenshots

List beta feedback screenshot submissions.

Read-only operation; retrieves existing data.

safe

get_beta_feedback_screenshot

Get detailed information about a specific beta feedback screenshot.

Read-only operation; retrieves existing data.

Safety Assessment

This server offers a mix of read and write capabilities, making it moderately risky. While it uses secure authentication, the ability to modify app metadata and manage beta testers introduces potential for unintended changes. It's safest when used for read-only operations and riskier when used for write operations, requiring careful configuration and usage.

Uses official App Store Connect API with JWT authentication.
Includes read-only tools for listing and retrieving app information.
Granular tool design limits the scope of individual operations.
Authentication relies on environment variables, reducing hardcoded secrets.

Includes tools for adding/removing beta testers and updating app metadata.
Requires API key with permissions to modify App Store Connect data.
Incorrect configuration of environment variables could lead to unauthorized access.
Some tools can create new resources (e.g., app store versions).
No explicit input validation or sanitization is mentioned.