I was about to link my AppStoreConnect
account with RevenueCat
so that RevenueCat could fetch details of my subscription products for me. But then I saw this in AppStoreConnect:
So this part:
You may not use this App Store Connect API to provide services to any third parties or for any other use. As a reminder, you may not share authorization credentials with anyone outside your team or solicit authorization credentials from any third parties. As requests are reviewed, organization will be given first access followed by individuals.
More precisely:
You may not use this App Store Connect API to provide services to any third parties or for any other use.
It's unclear what services would be, but I guess allowing RevenueCat to read products and such from my account is not any kind of service...
Still, it sounds to me like we should use this API
only within our team, rather than with third parties (aka RevenueCat). Am I wrong? I see people actually doing this, but this message is quite confusing to me.
Here is the link to RevenueCat docs I was using.
Nobody (except the one who wrote that sentence in Apple) should know exactly what that means, so all we can do is guess. It could mean building your own business using the APIs or even giving access to third parties like RevenueCat. However, it sounds more like something they have to warn as a platformer. In the end, it's all your responsibility to gain the benefit by providing the API Keys.
In my personal opinion, I'll allow to give it to RevenueCat as it's quite a well-known service in the mobile app field. But I'd recommend you create a dedicated API key per service so that you can revoke it once you suspect it has been compromised without affecting other services or scripts of your own.
After all, it's not mandatory to provide the App Store API key to RevenueCat and you can manage the products without automation by yourself there, so it's all up to you.