Skip to main content
Skip table of contents

Downloading and exporting apps (API)

Step five: Downloading an app

Once the app is uploaded and you have obtained the IDs for the policies and profiles, you can secure the app by calling POST app-market/policy. Use the policyIds[] parameter to pass the per-app policy GUIDs for each policy that you want to apply.

Signing methodDownload or exportWhat you get

GET app-market/{GUID}/apk

An apk or ipa file, secured and signed.

POST app-market/export-for-codesigning

A zip file containing the secured apk or ipa file, validated signing information, and a signing script. See Exporting for external code signing.
SKIP_CODESIGNGET app-market/{GUID}/apk

An apk or ipa file, secured and unsigned.



curl -b c.txt -c c.txt -X GET
0a22067f-d523-4864-8973-3a80f054d884/apk -o AppName.apk

Exporting for external code signing

After you have secured an app with SIGN_EXTERNALLY to be signed outside the policy console, download a zip file that includes:

  • A copy of the secured app 
  • All information required to sign the app
  • A simple script ( to run on a signing server

The SIGN_EXTERNALLY option requires a signing profile to include with the secured app. Applying the signing profile when you secure requires the policy console to validate the signing parameters for use with your app, even though it does not sign the app.


curl -L -b c.txt -c c.txt \
 -F appId=94c37df7-g996-5fd8-9598-b4ec62f35545 \

Using the exported zip file

Exporting for code-signing allows you to download a zip file ( To sign the app using the contents of the zip file:

  • On your signing server, extract the contents of the zip file. (Sign iOS apps on a Mac with Xcode and your code signing identity. Sign Android apps on a server with jarsigner and zipalign installed.)

  • In the directory with the extracted files, make executable:

    cd exported-com.qwe.myapp 
  • Run the script:


Optionally, you can specify the output filename, for iOS:

sh output_filename.ipa

For Android:

sh output_filename.apk

Note: Do  not  specify the input filename.

Securing an app involves these steps:

Uploading an app

Creating profiles for the policies you want to apply (Defining security policies (API))

Choosing a code signing type and signing profile (Code signing (API))

Securing the app with those policies and profiles, optionally code signing in the policy console (Wrapping an app (API))

Downloading or exporting the app, optionally code signing outside the console

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.