Glossary
Apple Search Ads API
Apple's official REST API for programmatic Apple Search Ads management — campaign CRUD, reporting, keyword management, bid changes. Uses OAuth 2.0 with ES256 JWT for authentication.
Also known as: ASA API, Apple Search Ads Campaign Management API
What is the Apple Search Ads API?
The Apple Search Ads API is Apple’s official REST API for programmatic Apple Search Ads management. It is the integration surface used by every legitimate third-party ASA tool — including ASAPilot.
Capabilities:
- Campaign management — create, update, pause, archive
- Ad group management — keywords, ads, bids, audience refinements
- Keyword operations — add, edit match type, set bid, add negatives
- Reporting — spend, taps, installs, conversion rate per keyword/ad group/campaign
- Search term reports — see actual user queries that triggered taps
- Custom Product Page assignment — assign CPP to ad group
How authentication works
Apple Search Ads API uses OAuth 2.0 with ES256 JWT:
- Generate an EC (elliptic curve) private key in Apple Search Ads Account Settings.
- Store the private key securely (this is your secret).
- To make an API call, construct a JWT signed with the private key. The JWT includes your client ID, team ID, key ID, and a short expiration (typically 5-20 minutes).
- POST the JWT to Apple’s OAuth endpoint to exchange for a short-lived access token.
- Use the access token in the
Authorization: Bearer <token>header for subsequent API calls.
This flow is intentionally heavier than a simple API key. ASAPilot and other third-party tools handle the JWT generation internally — you only supply the key during setup.
Rate limits
Apple does not publish strict rate limit numbers. Observed behavior (2026):
- Soft throttling at sustained >5 requests per second
- Burst tolerance up to ~20-30 requests per second for short windows
- Reporting endpoints are more lenient than mutation endpoints
If you hit a limit, Apple returns 429 Too Many Requests with a Retry-After hint.
Production integrations should implement exponential backoff.
Why third-party tools use the API
Apple Search Ads dashboard is fine for single-account, low-frequency tasks. The API becomes essential when:
- Managing 5+ accounts at once (manual login is operationally infeasible)
- Running automations (daily summaries, anomaly alerts, recurring audits)
- Building custom dashboards (revenue joining, LTV analysis, cohort breakdowns)
- Bulk operations (adding 200 negative keywords in one batch)
Common integration patterns
| Pattern | How it uses the API |
|---|---|
| Daily reporting tool | Pulls reports nightly, computes KPIs, emails summaries |
| Anomaly detector | Polls metrics every 5-15 minutes, alerts on threshold breach |
| Bid optimizer | Reads performance, computes new bids, writes back (only with human approval in safe tools like ASAPilot) |
| Audit dashboard | Read-only pull of full account state, surfaces structural issues |
| MMP integration | Joins ASA spend data with cross-channel attribution from AppsFlyer/Adjust/Kochava |
How ASAPilot uses the API
ASAPilot connects to your Apple Search Ads account via OAuth 2.0 + ES256 JWT during setup (median time <2 minutes). After connection, ASAPilot:
- Polls reporting endpoints every 5-15 minutes for spend pacing and anomaly detection
- Reads campaign / ad group / keyword state for the account audit
- Does NOT write to your account by default — read-only mode is the default; writes require explicit human approval per recommendation
See docs/connect-apple-search-ads for the full setup flow.
Related terms
- Apple Search Ads — the platform itself
- Ad Services API — the attribution API (different from this one)
- adam ID — the app identifier passed in API calls