Dashboard My Files IPA Signer Certificates Developer
English
English
English
English

Notifications (0)

Make All as Read
No notifications found
View All
Login Register

API Documentation

Back to Developer Tools
Navigation
Introduction Plans & Limits Custom Signing Free Enterprise Certificate Checker P12 Password Changer Shared Enterprise Certs (REST API) Webhooks Certificate Import (URL)
Introduction

Welcome to the CocoCloud Signing API documentation. Our API allows you to programmatically sign IPA files using your own certificates or our enterprise certificates.


All API requests require authentication using your API Key.


Authentication Required: You need to be logged in to view your API Key.
Log In
Plans & Limits

The API has specific upload size limits based on your account plan. These limits apply specifically to the Signing APIs (Custom Signing & Free Enterprise). Please refer to the table below to understand the limits applicable to your account.

Plan Type Max Upload Size Signing Speed Requests Cert Downloads Description
Standard / Free 1.10 GB Full Speed 10,000 / Week Primary MP Only Default limit for all registered users.
Pro Member 5.00 GB Full Speed Unlimited All Files Enhanced limit for Pro members. Ideal for large games and applications.
Note: Files exceeding these limits will be rejected by the API. If you need to sign larger files, please upgrade to a Pro account.

Request Limits: Standard user request limits (10,000) are shared across Custom Signing and Free Enterprise Signing APIs. Limits reset automatically every Sunday at midnight.
Pro Feature: Mobileprovision Selection

The "Cert Downloads" restriction applies to both the Web UI and API:

  • Standard Users: Restricted to primary mobileprovision only (Web UI & API)
  • Pro Users: Can access all mobileprovision files and use the enterprise_mp_id parameter in the Free Enterprise Signing API
This allows Pro users to bypass blacklisted profiles by switching between different mobileprovisions.
Purchase Pro Plan
Programmatic Plan Detection

You can programmatically check your plan status and limits by inspecting the response headers of any API request:

  • X-Plan-Type: Returns Pro or Standard
  • X-Plan-Limit: Returns your upload limit (e.g., 5.00 GB)
Custom Signing API

Use this endpoint to sign IPA files with your own Certificate (.p12) and Provisioning Profile.

Note: This API comes with upload size limits based on your plan. Check Plans & Limits

Limit: Standard users are limited to 10,000 requests per week.
Privacy: We do not log or store your files. Your privacy is respected.
Endpoint
POST https://cococloud-signing.online/api/v2/customsign
Authentication

Include your API Key in the request header:

X-API-Key: YOUR_API_KEY
Parameters
  • ipa: The IPA file or direct download URL (Required)
  • cert: The Certificate file (Required)
  • provision: The Provisioning Profile (Required)
  • password: Certificate Password (Optional)
  • bundleId: New Bundle ID (Optional)
  • bundleName: New Bundle Name (Optional)
  • bypassapplerevokes: Set to 'true' or '1' to use our current apple bypass revoke feature (Optional)
Example Request (cURL)
curl -X POST https://cococloud-signing.online/api/v2/customsign \
  -H "X-API-Key: YOUR_API_KEY" \
  -F "[email protected]" \
  -F "[email protected]" \
  -F "[email protected]" \
  -F "password=secret"
Example Request with URL (cURL)
curl -X POST https://cococloud-signing.online/api/v2/customsign \
  -H "X-API-Key: YOUR_API_KEY" \
  -F "ipa=https://example.com/app.ipa" \
  -F "[email protected]" \
  -F "[email protected]" \
  -F "password=secret"
Example Response
{
  "success": true,
  "jobId": "dd34d4b5-7746-47fa-b5a4-ab1a7ed45f74",
  "message": "IPA signed successfully",
  "downloadUrl": "https://appstore-signer-api.nabzclan.vip/download/dd34d4b5...",
  "manifestUrl": "https://appstore-signer-api.nabzclan.vip/manifest/dd34d4b5...",
  "itmsServicesUrl": "itms-services://?action=download-manifest&url=...",
  "signingTime": "0.26s",
  "performance": "⚡ Lightning Fast",
  "appInfo": {
    "bundleId": "com.example.app",
    "bundleName": "Example App",
    "bundleVersion": "1.0.0"
  },
  "appSize": {
    "input": "14MB",
    "output": "26MB"
  }
}
Error Response
{
  "error": "File size exceeds your plan limit (1.10 GB). Please upgrade to Pro."
}
Certificate Checker API

Validate iOS certificates (.p12) and provisioning profiles (.mobileprovision) with real-time certificate status checking.

No Limits: This API has no usage limits. Enjoy unlimited requests!
Privacy: We do not log or store your files. Your privacy is respected.
Endpoint
POST https://cococloud-signing.online/api/v2/certcheckerstatus
Authentication

Include your API Key in the request header:

X-API-Key: YOUR_API_KEY
Parameters
  • file: The certificate (.p12) or provisioning profile (.mobileprovision) file, or a direct download URL (Required)
  • password: Certificate password (Required for .p12 files, ignored for .mobileprovision)
Example Request - P12 Certificate (cURL)
curl -X POST https://cococloud-signing.online/api/v2/certcheckerstatus \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "[email protected]" \\
  -F "password=your_password"
Example Request - MobileProvision (cURL)
curl -X POST https://cococloud-signing.online/api/v2/certcheckerstatus \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "[email protected]"
Example Request - P12 from URL (cURL)
curl -X POST https://cococloud-signing.online/api/v2/certcheckerstatus \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "file=https://example.com/certificate.p12" \\
  -F "password=your_password"
Example Request - MobileProvision from URL (cURL)
curl -X POST https://cococloud-signing.online/api/v2/certcheckerstatus \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "file=https://example.com/profile.mobileprovision"
Example Response - P12 File
{
  "success": true,
  "data": {
    "certificate_info": {
      "subject": {
        "userID": "GDL9BC8Q4T",
        "commonName": "iPhone Distribution: Etisalat - Emirates...",
        "organizationalUnitName": "GDL9BC8Q4T",
        "organizationName": "Etisalat - Emirates Telecommunications Corporation",
        "countryName": "US"
      },
      "issuer": {
        "commonName": "Apple Worldwide Developer Relations Certification Authority",
        "organizationalUnitName": "G3",
        "organizationName": "Apple Inc.",
        "countryName": "US"
      },
      "serial_number": "47012812809789156286275042971829552436",
      "signature_algorithm": "sha256WithRSAEncryption",
      "validity_period": {
        "valid_from": "2023-02-08T11:07:10+00:00",
        "valid_to": "2026-02-07T11:07:09+00:00"
      },
      "public_key_size": 2048,
      "fingerprints": {
        "sha256": "8e27d9cbc616978c8517f4e62168668e169f42e707cfc358b4266799717095b5",
        "md5": "2e8f873667d2d4d183cbe98fc7af769a",
        "sha1": "105adeea1026d85d30cffee45278fc024f57d4d3"
      },
      "ocsp_url": "http://ocsp.apple.com/ocsp03-wwdrg301",
      "public_key_algorithm": "-----BEGIN CERTIFICATE-----\\n..."
    },
    "certificate_status": {
      "status": "Signed"
    },
    "entitlements": "Entitlements are not applicable for p12 files",
    "type": "N/A"
  },
  "message": "Certificate validated successfully"
}
Example Response - MobileProvision File
{
  "success": true,
  "message": "Certificate validated successfully",
  "data": {
    "certificate_info": {
      "subject": { ... },
      "issuer": { ... },
      "validity_period": { ... },
      "fingerprints": { ... }
    },
    "certificate_status": {
      "status": "Revoked",
      "reason": "cessationOfOperation (5)",
      "reason_details": "The certificate is no longer needed",
      "revocation_time": "2024-11-19T02:05:29Z"
    },
    "entitlements": {
      "Push Notifications": { "status": "active" },
      "App Groups": { "status": "active" },
      "Associated Domains": { "status": "active" }
    },
    "type": "Enterprise Certificate",
    "mobileprovision_info": {
      "Name": "iOS Team Inhouse Provisioning Profile",
      "UUID": "cc32b862-80f8-4aa3-bfca-54908f3533eb",
      "TeamName": "Example Team",
      "ExpirationDate": "2026-04-09T12:50:26"
    }
  }
}
Dual File Mode - NEW!

Check both P12 and mobileprovision files simultaneously by providing a mobileprovision parameter!

Parameters (Dual Mode)
  • file: P12 certificate file or URL (Required)
  • mobileprovision: Mobileprovision file or URL (Required for dual mode)
  • password: Password for P12 (Optional)
Example Request - Dual Mode (cURL)
curl -X POST https://cococloud-signing.online/api/v2/certcheckerstatus \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "[email protected]" \\
  -F "password=your_password" \\
  -F "[email protected]"
Example Response - Dual Mode
{
  "success": true,
  "message": "Both files validated successfully",
  "p12_certificate": {
    "certificate_info": { ... },
    "certificate_status": { "status": "Signed" },
    "entitlements": "Not applicable for p12",
    "type": "N/A"
  },
  "mobileprovision": {
    "certificate_info": { ... },
    "certificate_status": { "status": "Signed" },
    "entitlements": {
      "Push Notifications": { "status": "active" }
    },
    "type": "Enterprise Certificate",
    "mobileprovision_info": {
      "Name": "iOS Team Inhouse Provisioning Profile",
      "UUID": "cc32b862-80f8-4aa3-bfca-54908f3533eb"
    }
  }
}
Certificate Status Values
  • Signed: Certificate is valid and active
  • Revoked: Certificate has been revoked by Apple
  • Unknown: OCSP status could not be determined
Error Response
{
  "success": false,
  "message": "Error description"
}
P12 Password Changer API

Change the password of a P12 certificate file. Upload a certificate or provide a URL, and get back a new P12 file with the updated password.

No Limits: This API has no usage limits. Enjoy unlimited requests!
Privacy: We do not log or store your files. Your privacy is respected.
Endpoint
POST https://cococloud-signing.online/api/v2/p12passwordchanger
Authentication

Include your API Key in the request header:

X-API-Key: YOUR_API_KEY
Parameters
  • file: The P12 certificate file or direct download URL (Required)
  • old_password: Current/old password of the P12 file (Required, use empty string if no password)
  • new_password: New password to set (Required)
Example Request - File Upload (cURL)
curl -X POST https://cococloud-signing.online/api/v2/p12passwordchanger \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "[email protected]" \\
  -F "old_password=current_password" \\
  -F "new_password=new_secure_password" \\
  --output certificate_new_password.p12
Example Request - From URL (cURL)
curl -X POST https://cococloud-signing.online/api/v2/p12passwordchanger \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "file=https://example.com/certificate.p12" \\
  -F "old_password=current_password" \\
  -F "new_password=new_secure_password" \\
  --output certificate_new_password.p12
Response

On success, the API returns the new P12 file with the changed password as a binary download. The response includes custom headers:

  • Content-Type: application/x-pkcs12
  • Content-Disposition: attachment; filename="certificate_new_password.p12"
  • X-Success: true
  • X-Message: Password changed successfully
Error Response
{
  "success": false,
  "message": "Failed to change password",
  "error": "Error details"
}
Note: The API returns the file directly. Use the --output flag in cURL to save it, or handle the binary response in your application code.
Free Enterprise Signing API
Commission on Elections

Status: Revoked

Sign IPA files using our pre-configured enterprise certificate. This is the simplest way to sign apps.


Note: This API comes with upload size limits based on your plan. Check Plans & Limits

Limit: Standard users are limited to 10,000 requests per week.
Endpoint
POST https://cococloud-signing.online/api/v2/free-enterprise/sign
Authentication

Include your API Key in the request header:

X-API-Key: YOUR_API_KEY
Parameters
  • ipa: The IPA file or direct download URL (Required)
  • bundleId: New Bundle ID (Optional)
  • bundleName: New Bundle Name (Optional)
  • bypassapplerevokes: Set to 'true' or '1' to use our current apple bypass revoke feature (Optional)
  • enterprise_mp_id: Mobileprovision file ID to use for signing (Optional) Pro Feature
Pro Feature: Mobileprovision Selection

Pro users can specify which mobileprovision file to use via the enterprise_mp_id parameter. This is useful for:

  • Switching to alternative profiles if one gets blacklisted by Apple
  • Using different entitlements for different apps
To get available mobileprovision IDs, use the Shared Enterprise Certs API. View API
Example Request (cURL)
curl -X POST https://cococloud-signing.online/api/v2/free-enterprise/sign \
  -H "X-API-Key: YOUR_API_KEY" \
  -F "[email protected]"
Example Request with URL (cURL)
curl -X POST https://cococloud-signing.online/api/v2/free-enterprise/sign \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "ipa=https://example.com/app.ipa"
Example Request with Mobileprovision Selection (Pro Users)
curl -X POST https://cococloud-signing.online/api/v2/free-enterprise/sign \\
  -H "X-API-Key: YOUR_API_KEY" \\
  -F "[email protected]" \\
  -F "enterprise_mp_id=3"
Use the Shared Enterprise Certs API to get available mobileprovision IDs.
Example Response
{
  "success": true,
  "jobId": "dd34d4b5-7746-47fa-b5a4-ab1a7ed45f74",
  "message": "IPA signed successfully",
  "downloadUrl": "https://appstore-signer-api.nabzclan.vip/download/dd34d4b5...",
  "manifestUrl": "https://appstore-signer-api.nabzclan.vip/manifest/dd34d4b5...",
  "itmsServicesUrl": "itms-services://?action=download-manifest&url=...",
  "signingTime": "0.26s",
  "performance": "⚡ Lightning Fast",
  "appInfo": {
    "bundleId": "com.example.app",
    "bundleName": "Example App",
    "bundleVersion": "1.0.0"
  },
  "appSize": {
    "input": "14MB",
    "output": "26MB"
  },
  "certificate_info": {
    "cert_name": "Tianjin University of Commerce",
    "cer_status": "Revoked",
    "revoked_from": "2025-11-19T02:05:29Z" // if nothing we leave it as null
  }
}
Error Response - File Size Limit
{
  "error": "File size exceeds your plan limit (1.10 GB). Please upgrade to Pro."
}
Error Response - Unauthorized Mobileprovision
{
  "error": "Standard users can only use the primary mobileprovision. Please upgrade to Pro for access to additional profiles."
}
HTTP Status: 403 Forbidden
Error Response - Invalid Mobileprovision ID
{
  "error": "Invalid mobileprovision ID"
}
HTTP Status: 404 Not Found
Shared Enterprise Certificates API

Retrieve a list of all shared enterprise certificates available on the platform.

No Limits: This API has no usage limits. Enjoy unlimited requests!
Endpoint
GET https://cococloud-signing.online/api/v1/sharedenterprisecerts
Authentication

Include your API Key as a query parameter:

?YOUR_API_KEY
Parameters
  • extra_mp: Filter mobileprovisions by index (e.g., extra_mp=1 returns the 1st MP, 2 for the 2nd). Optional.
Example Request (cURL)
curl -X GET "https://cococloud-signing.online/api/v1/sharedenterprisecerts?sk_YOUR_API_KEY"
Example Request with Extra MP Filter (cURL)
curl -X GET "https://cococloud-signing.online/api/v1/sharedenterprisecerts?sk_YOUR_API_KEY&extra_mp=2"
Example Response
{
  "success": true,
  "certificates": [
    {
      "id": 1,
      "name": "Apple Inc",
      "organization": "Tianjin University of Commerce",
      "status": "Signed",
      "validity": {
        "not_before": "2023-02-08T11:07:10+00:00",
        "not_after": "2026-02-07T11:07:09+00:00"
      },
      "CertificateName": "Apple Inc",
      "CertificateStatus": "Signed",
      "addedDate": "2024-01-15T10:30:00+00:00",
      "ExpirationDate": "2026-02-07T11:07:09+00:00",
      "Subject": { ... },
      "Issuer": { ... },
      "TeamName": "Etisalat - Emirates Telecommunications Corporation",
      "full_zipped_files_download_url": "https://cococloud-signing.online/api/v1/downloadcert/14?expires=...",
      "p12_download_url": "https://cococloud-signing.online/api/v1/downloadp12/14?expires=...",
      "mp_download_url": "https://cococloud-signing.online/api/v1/downloadmobileprovision/17?expires=...",
      "mobileprovisions": [
        {
            "id": 3,
            "name": "Provisioning Profile Name.mobileprovision",
            "is_primary": true,
            "is_extra": false,
            "extra_mp": 1,
            "uuid": "cc32b862-80f8-4aa3-bfca-54908f3533eb",
            "TeamName": "Example Team",
            "AppID": "TeamID",
            "AppIDName": "XC com etisalat INDY",
            "ExpirationDate": "2026-02-07T11:07:09+00:00",
            "CreationDate": "2023-02-08T11:07:10+00:00",
            "download_url": "https://cococloud-signing.online/api/v1/downloadmobileprovision/3?expires=..."
        },
        {
            "id": 4,
            "name": "Secondary Profile.mobileprovision",
            "is_primary": false,
            "is_extra": true,
            "extra_mp": 2,
            "uuid": "...",
            "TeamName": "Example Team",
            "AppID": "TeamID",
            "AppIDName": "XC com etisalat INDY",
            "ExpirationDate": "2026-02-07T11:07:09+00:00",
            "CreationDate": "2023-02-08T11:07:10+00:00",
            "download_url": "https://cococloud-signing.online/api/v1/downloadmobileprovision/4?expires=..."
        }
      ]
    }
  ]
}
Response Fields
  • id: Certificate unique identifier
  • name: Certificate name/common name
  • CertificateName: Alias for name
  • organization: Organization name from certificate subject
  • status: Certificate status (Signed/Revoked)
  • CertificateStatus: Alias for status
  • validity: Certificate validity period (ISO-8601 format)
  • ExpirationDate: Certificate expiration date
  • downloads: Number of times certificate has been downloaded
  • mobileprovisions_count: Number of associated mobileprovision files
  • created_at: Certificate upload timestamp (ISO-8601 format)
  • revoked_date: Revocation timestamp (ISO-8601 format) or null if not revoked
  • full_zipped_files_download_url: Secure signed download URL for the ZIP bundle (valid for 24 hours)
  • p12_download_url: Secure signed download URL for the P12 file only (valid for 24 hours)
  • mp_download_url: Secure signed download URL for the **primary** mobileprovision file (valid for 24 hours)
  • mobileprovisions: Array of associated mobileprovision objects (filtered based on plan)
  • mobileprovisions[].is_extra: Boolean, true if the profile is NOT primary
  • mobileprovisions[].extra_mp: Integer, 1-based index of the profile in the list
Pro Feature: Standard users only receive the primary mobileprovision file. Pro users receive all associated mobileprovision files.
Error Response
{
  "error": "Invalid API Key"
}
Webhooks

Webhooks allow you to receive real-time notifications about events happening in your account. You can configure webhooks for Discord, Telegram, or a generic HTTP endpoint.

Management: You can manage your webhooks from the Manage Webhooks page.
Supported Events
Event Name Description
cert.uploaded Triggered when you upload a new personal certificate.
cert.revoked Triggered when one of your personal certificates is revoked.
cert.deleted Triggered when you delete a personal certificate.
enterprise_cert.available Triggered when a new shared enterprise certificate is uploaded by admins.
enterprise_cert.revoked Triggered when a shared enterprise certificate is revoked.
enterprise_mp.available Triggered when a new mobile provision is added to a shared enterprise certificate. Includes Pro details.
Payload Structure

The payload structure depends on the webhook type (Discord, Telegram, or Generic). Below is the generic JSON payload format:

Example Payload: Enterprise Certificate Available
{
  "event": "enterprise_cert.available",
  "data": {
    "title": "New Enterprise Certificate Available",
    "message": "A new shared certificate 'Apple Inc' is now available for signing.",
    "color": 5763719,
    "fields": {
      "Certificate ID": 1,
      "Certificate Name": "Apple Inc",
      "Status": "Signed",
      "Expiration Date": "2026-02-07T11:07:09+00:00",
      "Available At": "2024-11-24 00:45:00",
      "Signer URL": "https://cococloud-signing.online/user/ipa-signer"
    }
  },
  "timestamp": "2024-11-24T00:45:00.000000Z"
}
Example Payload: Enterprise Certificate Revoked
{
  "event": "enterprise_cert.revoked",
  "data": {
    "title": "Enterprise Certificate Revoked",
    "message": "The shared certificate 'Apple Inc' has been revoked. Please wait for a replacement.",
    "color": 16711680,
    "fields": {
      "Certificate ID": 1,
      "Certificate Name": "Apple Inc",
      "Status": "Revoked",
      "Reason": "Key Compromised",
      "Revoked At": "2024-11-25 10:00:00"
    }
  },
  "timestamp": "2024-11-25T10:00:00.000000Z"
}
Example Payload: Enterprise Mobile Provision Added
{
  "event": "enterprise_mp.available",
  "data": {
    "title": "New Mobile Provision Available",
    "message": "A new mobile provision file has been added to the certificate 'Apple Inc'.",
    "color": 5763719,
    "image": "https://cococloud-signing.online/signing-imgs-status/signed.jpg",
    "url": "https://cococloud-signing.online/user/certificates/1",
    "fields": {
      "Certificate Name": "Apple Inc",
      "Event": "Mobile Provision Added",
      "Added At": "2024-11-26 15:30:00",
      "Platform": "CocoCloud Signing 2.0",
      "Mobile Provision Name": "iOS Team Provisioning Profile: com.example.app",
      "UUID": "12345678-1234-1234-1234-1234567890ab",
      "Team Name": "Apple Inc",
      "Team Identifier": "ABCDE12345",
      "Creation Date": "2024-11-26 15:00:00",
      "Expiration Date": "2025-11-26 15:00:00",
      "Time To Live": "365 days",
      "App ID Name": "XC com example app"
    }
  },
  "timestamp": "2024-11-26T15:30:00.000000Z"
}
Headers

We send the following headers with every webhook request:

  • User-Agent: CocoCloud-Webhook/1.0
  • Content-Type: application/json
  • X-Webhook-Event: The event name (e.g., enterprise_cert.available)
Certificate Import via URL Parameters

Import certificates directly into your account by visiting a URL with certificate file locations. Perfect for automation and sharing certificate configurations.

Zero-Click Import: Just visit the URL and your certificate is automatically imported after login.
Secure: Files are validated before import. Invalid certificates are rejected.
How It Works
  1. Create a URL with certificate file locations as query parameters
  2. Visit the URL (login required if not authenticated)
  3. Certificate files are automatically downloaded and validated
  4. Certificate is imported into your "My Certificates" section
URL Format
https://cococloud-signing.online/user/certificates?p12=P12_URL&mp=MP_URL&password=PASSWORD
Parameters
  • p12: Direct URL to P12 certificate file (Required)
  • mp: Direct URL to mobileprovision file (Required)
  • password: Certificate password (Optional)
Security Requirements:
  • URLs must use HTTP or HTTPS protocols
  • Files must be under 10MB each
  • Download timeout is 30 seconds per file
  • Certificates are validated before import
Example: Authenticated User

If you are already logged in, visit the URL and the certificate imports immediately:

https://cococloud-signing.online/user/certificates?\
mp=https://example.com/profile.mobileprovision&\
p12=https://example.com/cert.p12&\
password=mycertpassword
Example: Unauthenticated User

If you are not logged in, you will be redirected to login. After successful login, the import happens automatically:

https://cococloud-signing.online/user/certificates?\
mp=https://cdn.example.com/files/profile.mobileprovision&\
p12=https://cdn.example.com/files/certificate.p12&\
password=secret123
Use Cases
  • Team Distribution: Share certificate links with team members for easy setup
  • Automation: Generate import links programmatically after creating certificates
  • Documentation: Include import links in setup guides and tutorials
  • CI/CD Integration: Automatically import certificates from external storage
Response Messages
Status Message
Success "Certificate 'Name' imported successfully"
Error "Invalid URL format: ..."
Error "Download failed: ..."
Error "Certificate validation failed: ..."
Missing "P12 certificate URL is required"
Missing "Mobileprovision file URL is required"
Pro Tip: You can URL-encode the parameters if they contain special characters. Most HTTP libraries do this automatically.

We use cookies to personalize your experience. By continuing to visit this website you agree to our use of cookies