Production Test Account for Apple Review Team

Hey there!

We are trying to get our app up and running in Test Flight for the Apple App Store. One of the requirements is to provide an account that they can use to sign in. Obviously, by signing up for an account, we are actually creating a bank account. How have other platforms done this? We don’t want to use fake IDs or documents to create the account and also don’t want to provide someone’s personal account. Any help is appreciated.

Summary of Thread

Hey Anna,

The account that you will provide to TestFlight/Apple App Store should be associated with the Synapse sandbox environment. The account login credentials provided to Test Flight should be unique so that it will toggle into the sandbox environment in the event that the tester logs in to your iOS app. Once your app is production-ready you will submit a build to test flight with additional logic that looks like this:

if login == testers_credentials:

    host = "[uat.api.synapsefi.com](http://uat.api.synapsefi.com/)"
    endpoint = {{host}}/v3.1/users/...

else:

    host = "[api.synapsefi.com](http://api.synapsefi.com/)"
    endpoint = {{host}}/v3.1/users/…

Here are the steps that you will need to take:

  1. Create a test user in the sandbox environment with a unique username and password.

  2. Add logic that toggles into the sandbox environment for the tester’s login combination.

  3. Provide the tester with this exact username and password.

  4. Finish the build to be ready for production.

Essentially the build will be designed to allow the iOS tester to interact with the app through the sandbox environment, and will also allow the intended users to access the production environment. TestFlight’s requirements are fulfilled by providing them a test account, so once your review process is verified the app can be elevated to the iOS store without further changes.

First Response

Hello Anna,

If you are thinking about testing with Test Flight we recommend using our sandbox environment, not production. This should solve your doubt. Below are the recommended steps to do so:

  1. Create a test user in your sandbox environment through the SynapseAPI or the Dashboard with a generic username and password
  2. Provide the tester with the username and password alongside the documents needed to verify a user
  3. We recommend using our sandbox test values to sign up for an account, this is the preferred method for testing because you can trigger different responses from the API https://docs.synapsefi.com/docs/sandbox-test-values

–Tariq, Integration Engineer @ Synapse

Hey Tariq - thanks for following up. Once we put our app into Apple’s system, it will be the production app. The intention of Test Flight is that once the build has been verified, you elevate it into production to be released. One of Apple’s requirements is that we provide an account to them. Because the intention is that this is the production app, we’ll have to provide them with a production account. We were wondering if there’s a way to create a “test” account in production so that we aren’t providing our actual account credentials to Apple. If not, this might be a useful feature request for customers who are launching an iOS app.

Hi Anna, thanks for your reply.

There is no specific requirement to provide a test account for a production environment (for more information please refer to this resource). Consequently, there is no need to create a “test” account in production and the iOS tester can successfully test with dummy test values in sandbox.

Testers will be executing from the production build, while the test account’s backend will use our Sandbox environment

We suggest the following steps to make the above possible:

  1. On your end create a sandbox test account.

  2. Give those login credentials to TestFlight when you submit the app build.

  3. The final piece is to create logic in your production build that routes the provided login to your platform’s sandbox environment.

    • Essentially the build will be designed to listen for the iOS tester’s login combination.

Hello Tariq,

Thanks for the response. If we follow your strategy, and Apple approves a build for distribution via TestFlight, how would you suggest rolling it out to our users since they will need the app to use the production environment?

We can’t make a new production build since that will need to go through a review again.

Hi Jonathan,

Thank you for clarifying,

There is no need to repeat the review process again. With the advice provided above, you will be hitting two birds with one stone. The build will process all customer requests through Synapse’s production environment. In addition, the build will toggle into the sandbox environment in the event that the tester logs in to your iOS app.

In pseudo-code the logic will look like this:

if login == testers_credentials:

host = "[uat.api.synapsefi.com](http://uat.api.synapsefi.com/)"
endpoint = {{host}}/v3.1/users/...

else:

host = "[api.synapsefi.com](http://api.synapsefi.com/)"
endpoint = {{host}}/v3.1/users/…

Essentially the build will be designed to allow the iOS tester to interact with the app through the sandbox environment, and will also allow the intended users to access the production environment. TestFlight’s requirements are fulfilled by providing them a test account, therefore once your review process is verified the app can be elevated to the iOS store without further changes.

If we give them phone + email + passcode, how do we handle MFA and device binding? We would’t want to give them the creds to access the email/phone accounts.

Also note that we would like to avoid having them test the entire onboarding flow.

Hi Sanny,

MFA will not be required if the user’s fingerprint has already been verified, circumventing the need to provide email/phone account credentials to the iOS tester. The MFA flow is only triggered when a fingerprint is INVALID.

In order to have the user’s fingerprint verified, create a user, authenticate and submit all required KYC documents (user should have SEND-AND-RECEIVE–see recommended user creation flow here.

If you provide the iOS tester with an already created and verified account they wouldn’t need to be on-boarded. This could require logic being built in your app to recognize the account now has all the required information and to bypass the Account Setup Flow.
–Tariq, Integration Engineer @ Synapse

I’m not sure that solves my problem.

  1. I create a test account with full KYC completed on my iPhone 7 fingerprint. I hand off credentials to the Apple tester.
  2. Apple tester uses login info to test on their iPhone X/Simulator. They have a different fingerprint and will encounter MFA.
  3. MFA gets sent to my phone/email. We want to disable/bypass this step entirely for the test account.

@sanny

if login == testers_credentials:
	#use static FP
else:
	#use dynamic FP

Got it. Thank you!