So you want to sign an IPA, Starfiles can take care of it. Dozens of third party app stores and signing services use Starfiles to power their services, this article explains how to sign an IPA using Starfiles from start to finish.
Benefits of Using Starfiles Signing API
- On Demand Signing
- Anti Blacklisting
- Instant Signing Algorithm
- Automated Crash Fixes
- Built in Revoke Checker
- Tons of Customisation Options
- No Backend Required
- Supports All iOS Versions from iOS 12 Up
- And Much More
All IPA signing requests use the same endpoint:
The request method used to communicate with this endpoint is
Attaching the IPA
The IPA file you’re trying to sign must be on Starfiles. To attach the IPA file, simply specify the file ID under the name
ipa. The file ID can be accessed from the URL. For example:
https://starfiles.co/file/xxxxx/myapp-ipa the id is
The final endpoint you’re calling should look something like
Specifying the Certificate
Starfiles provides many methods of specifying certificates. The following options are listed in order of precedence, the lower down the list, the higher its priority. For example, if you use a parameter towards the top of the list and a parameter towards the bottom of the list, the bottom one will override the top one if there is an overlap in information.
Manually Specify Certificate Details
All these parameters are optional (it’s okay to use just one).
p12 (File ID)
mobileprovision (File ID)
password (Plain Text)
The following parameters predefine the mobileprovision and/or p12 and/or password. Using a predefined certificate has 2 main benefits. The first benefit is simplicity, you don’t have to manually specify certificate information. The second benefit is security/privacy, the certificate information stays hidden, so your users can’t see your certificate details.
Public Certificate Database
This parameter lets you choose a certificate directly from our public certificate database. This is popular with free third party app stores.
certificate (Certificate ID)
This parameter is best for paid signing services, you can specify your certificate details in the admin panel and not broadcast them to the world. To use this method, please contact us privately to get set up.
This is best if you aren’t sure what certificate a device is signed on or don’t want to expose certificate details. To use this method, the device must be registered on our automatic device registration system.
It is recommended that you only use the parameters that prevent app crashes if required.
&custom_app_name=My app name: Allows you to specify a custom app name
&remove_plugins=true: Prevents some apps from crashing
&remove_codesignature=true: Prevents previously signed apps from crashing
&remove_cydiasubstrate=true: Prevents badly formatted apps from crashing
&replace_cydiasubstrate=true: Prevents badly formatted apps from crashing
&default_bundle_id=true: Uses the default bundle ID
&custom_bundle_id=com.example.app: Defines a custom bundle ID
Good luck, and let me know if you have any issues.