Downloading a build programmatically requires a two-step process: first, generate a short-lived download token, then use that token to resolve the actual download URL. The download URL is served via a redirect response.
Unlike the other build endpoints, the download token endpoint is only available through the Workspace API and requires a Service Account token or a user session token obtained at login. The Integrations API (App API Token) does not support this endpoint.
To create a Service Account, see Service Accounts.
Overview: Download flow
Step 1: Generate a download token
GET /v1/organizations/{organizationId}/apps/{applicationId}/builds/{buildId}/downloadToken
→ returns { token, expiresAt }
Step 2: Resolve the download URL
GET https://download-api.applivery.io/v1/download/{token}
→ HTTP 302 redirect to the actual file URL
Generates a short-lived, single-use token that authorizes the download of a specific build file.
Endpoint
GET https://api.applivery.io/v1/organizations/{organizationId}/apps/{applicationId}/builds/{buildId}/downloadToken
Authentication
Authorization: Bearer <your_service_account_token>
Path parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
organizationId |
String | Yes | The unique identifier (or slug) of your Applivery organization. |
applicationId |
String | Yes | The unique identifier of the app the build belongs to. |
buildId |
String | Yes | The unique identifier of the build you want to download. Returned by POST – Upload a Build and GET – List of Builds. |
Query parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type |
String | Yes | Specifies which file format to generate the download token for. See values below. |
type values
| Value | Description |
|---|---|
auto |
Default behavior. Returns a .apk for Android builds, or the manifest (.plist) for Apple builds. This is the standard option for in-app installation flows. |
file |
Returns the raw binary file. For Apple builds, this is the .ipa or .pkg file instead of the manifest. Use this when you need the actual file rather than an OTA install link. |
aab |
For Android builds originally uploaded as an .aab, this returns the original .aab file instead of the Universal .apk that Applivery generates from it. |
Example Request
curl 'https://api.applivery.io/v1/organizations/MY_ORG_SLUG/apps/MY_APP_ID/builds/MY_BUILD_ID/downloadToken?type=file' \
-X GET \
-H 'Accept: application/json' \
-H 'Authorization: Bearer YOUR_SERVICE_ACCOUNT_TOKEN'
Responses
{
"status": true,
"data": {
"token": "string",
"expiresAt": "string"
}
}
Build not yet processed. The build exists but has not finished processing. Only builds with status: processed can have download tokens generated.
{
"status": false,
"error": {
"code": 5014,
"message": "Build Not Processed"
}
}
{
"status": false,
"error": {
"code": 4002,
"message": "No auth token"
}
}
{
"status": false,
"error": {
"code": 3001,
"message": "Entity not found"
}
}
| Field | Description |
|---|---|
token |
The download token string. Pass this as the path parameter to Step 2 to resolve the download URL. |
expiresAt |
ISO 8601 timestamp indicating when the token expires. Tokens are short-lived — use them promptly after generation. |
Uses the token obtained in Step 1 to get the actual file download URL. The API responds with an HTTP 302 Found redirect to the file's storage location.
No authentication required.** This endpoint is public — the token itself acts as the credential. Anyone with the token can download the file, so treat tokens as sensitive and do not share them beyond the intended recipient.
Endpoint
GET https://download-api.applivery.io/v1/download/{token}
Path parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
token |
String | Yes | The download token returned in Step 1. |
Example Request
curl -L 'https://download-api.applivery.io/v1/download/YOUR_DOWNLOAD_TOKEN' \
-o downloaded_build.ipa
The -L flag instructs curl to follow the 302 redirect automatically. Without it, you will receive the redirect response with the Location header containing the actual file URL, but no file will be downloaded.
Redirect behavior by platform
The URL in the Location redirect header varies depending on the platform and the type parameter used in Step 1:
| Platform | type value |
Redirect target |
|---|---|---|
| Android | auto |
Universal .apk file |
| Android | aab |
Original .aab file |
| Apple | auto |
OTA manifest (.plist) — for in-app installation via MDM or direct install link |
| Apple | file |
Raw binary — .ipa for iOS, .pkg for macOS |
Responses
Redirect to the file URL.
The response does not have a body. The actual download URL is in the Location response header. Follow the redirect to download the file.
Token expired. Download tokens are short-lived. If the token has expired, generate a new one from Step 1.
{
"status": false,
"error": {
"code": 4005,
"message": "Token Expired"
}
}
{
"status": false,
"error": {
"code": 3001,
"message": "Entity not found"
}
}
Complete example: Download a Build file
# Step 1: Generate the download token
TOKEN=$(curl -s \
'https://api.applivery.io/v1/organizations/MY_ORG/apps/MY_APP/builds/MY_BUILD/downloadToken?type=file' \
-H 'Authorization: Bearer YOUR_SERVICE_ACCOUNT_TOKEN' \
| jq -r '.data.token')
# Step 2: Download the file, following the redirect
curl -L \
"https://download-api.applivery.io/v1/download/$TOKEN" \
-o my_build.ipa