Once an app has gone through the integration and signing steps, you have these options to download the app:

  • Original binary: Download the version before any integration has happened (APK or IPA file as uploaded) Use GET /apps/{app_uuid}.
  • Integrated app: Download the version that has been integrated, but no signing has happened (APK or IPA file with services, ready for you to take care of all the signing outside of the platform)
  • Integrated and signed app: Download the version that has been integrated and signed via the "sign" signing option. (APK file ready to install/deploy, not available for iOS apps) Use GET /apps/{app_uuid}/injected_apps.
  • Integrated app, ready to sign externally: Download the version that has been integrated and bundled with the signing parameters via the "export" signing option. (ZIP file including APK or IPA file along with a signing script and validated signing parameters)


Request: Download integrated app

curl -X GET "https://platform-api.bluecedar.com/v1/apps/bbc21678-76e4-4e09-be03-0e8e6b72e88e/injected_apps" \
     -H "accept: application/json" \
     -H "Authorization: Bearer 380d9c23-cca3-4618-b77a-15cdf934dba3"
BASH

Request: Download original app

curl -X GET "https://platform-api.bluecedar.com/v1/apps/066670a9-3c76-49c6-985b-bf6b70d2b262" \
     -H "accept: application/json" \
     -H "Authorization: Bearer 380d9c23-cca3-4618-b77a-15cdf934dba3"
BASH

Exporting for external code signing

After you have secured an app with "export" to be signed outside the policy console, download a zip file that includes:

  • A copy of the secured app 
  • All information required to sign the app
  • A simple script (sign.sh) to run on a signing server

The export option requires a signing profile to include with the secured app. Applying the signing profile when you integrate requires the platform to validate the signing parameters for use with your app, even though it does not sign the app. See Signing Blue Cedar secured apps for more details about signing options.

Using the exported zip file

Exporting for code-signing allows you to download a zip file (exported-com.qwe.myapp.zip). To sign the app using the contents of the zip file:

  • On your signing server, extract the contents of the zip file. (Sign iOS apps on a Mac with Xcode and your code signing identity. Sign Android apps on a server with jarsigner and zipalign installed.)

  • In the directory with the extracted files, make sign.sh executable:

    cd exported-com.qwe.myapp 
  • Run the script:

    sh sign.sh

Optionally, you can specify the output filename, for iOS:

sh sign.sh output_filename.ipa

For Android:

sh sign.sh output_filename.apk

Note: Do  not  specify the input filename.