On this page

Credentials

Before you can use Bifrost to create Builds on your behalf for iOS and Android, you must provide various build credentials, especially if you want to distribute those builds to the app stores.

The process for creating credentials is different for each platform, but thanks to Bifrost and NativePHP, we've made it as straightforward as possible.

Simply follow our guided process to create the relevant files and upload the final assets to Bifrost.

What you need

  • Signing certificates
  • API credentials for the stores

Why you need signing certificates

When you build a mobile app, the operating system (iOS or Android) won’t let you install or distribute it unless it’s signed with a valid certificate. Signing certificates prove two things:

  • Identity – They verify the app really comes from you (or your company), not from someone impersonating you.
  • Integrity – They ensure the app’s code hasn’t been altered since you built it.

Without signing certificates:

  • iOS apps won’t install on a real device or be accepted by the App Store.
  • Android apps will show as “unverified” and may be blocked from Play Store publishing.

By creating signing certificates for Bifrost, you’re telling Apple/Google “this app is mine, and I have authorized Bifrost to create builds on my behalf.”

Store API Access

Bifrost uses app store APIs to securely submit signed builds into your Google Play Store and Apple App Store Connect accounts. To do so securely, you must provide us with the relevant credentials.

Without these API credentials, we can't submit builds (and more) to the app stores on your behalf.

App ID

Your app's App ID is defined when creating its credentials. The App ID uniquely identifies it in each app store.

A common practice to help make these unique is to use a "reverse-DNS-style" identified, e.g. com.nativephp.bifrost.

Your App ID must be unique across all apps distributed on a given store, as it's the store's way to differentiate one app from another and the way each operating system knows whether or not your app is already installed on a user's device.

This means you can have a different App ID between the Google Play Store and Apple App Store, and Bifrost supports this setup.

Important Stuff

Signing certificates - and the files used to generate them - must be kept secure. You don't want someone building apps on your behalf impersonating you or your business.

You should not store these files in git. But you should save them securely so that you can access them again later.

We've taken extra steps to ensure the credentials you provide to us are stored securely. They're encrypted at rest, isolated from the rest of our infrastructure, and only used through single-use, temporary credentials that grant our system access to them only when you trigger builds.

Once builds complete, the temporary credentials we use to access your build credentials are forgotten and are unable to be used again.

Previous
Projects: Overview
Next
For iOS Builds