Downloading and exporting apps (API)

Step five: Downloading an app

Once the app is uploaded and you have obtained the IDs for the policies and profiles, you can secure the app by calling POST app-market/policy. Use the policyIds[] parameter to pass the per-app policy GUIDs for each policy that you want to apply.

Example

curl -b c.txt -c c.txt -X GET https://bc.qwe.com/mocana-app-control/rest/app-market/
0a22067f-d523-4864-8973-3a80f054d884/apk -o AppName.apk

Exporting for external code signing

After you have secured an app with SIGN_EXTERNALLY to be signed outside the policy console, download a zip file that includes:

• A copy of the secured app 
• All information required to sign the app
• A simple script (sign.sh) to run on a signing server

The SIGN_EXTERNALLY option requires a signing profile to include with the secured app. Applying the signing profile when you secure requires the policy console to validate the signing parameters for use with your app, even though it does not sign the app.

curl -L -b c.txt -c c.txt \
 -X POST https://bc.qwe.com:443/mocana-app-control/rest/app-market/export-for-codesigning
 -F appId=94c37df7-g996-5fd8-9598-b4ec62f35545 \
 -o exported-app.zip

Using the exported zip file

Exporting for code-signing allows you to download a zip file (exported-com.qwe.myapp.zip). To sign the app using the contents of the zip file:

• On your signing server, extract the contents of the zip file. (Sign iOS apps on a Mac with Xcode and your code signing identity. Sign Android apps on a server with jarsigner and zipalign installed.)

• In the directory with the extracted files, make sign.sh executable:

  cd exported-com.qwe.myapp 

• Run the script:

  sh sign.sh

Optionally, you can specify the output filename, for iOS:

sh sign.sh output_filename.ipa

For Android:

sh sign.sh output_filename.apk

Note: Do  not  specify the input filename.