New Notarization needed soon for macOS. Fall 2023

Not sure if this came up here yet but soon there current way to notarise apps will change.

It looks more complicated than before. Ah well …

Basically this means Sam will have some work to do updating AppWrapper.
DMGCanvas 4 already support the new notarisation method.

For me it got faster and better.
Was a bit of surprise, when old scripts stopped working.

e.g. my shell script to notarize the dmg:

xcrun notarytool submit $Name --progress --apple-id --password xxx --team-id xxx --wait

$name is the variable with the dmg path.


xcrun stapler staple $Name

and test it:

spctl -a -v -t install $Name

Is TeamID a required variable?
Because I do not have this.

The TeamID is shown on → Account: MemberShip Details

Assuming you have an Apple Developer account, you do even if you are a team of one. And you can’t notarize an app unless you have a developer account, so basically everyone who tries to notarize DOES have a team ID.

You can also get the TeamID via the command line:
xcrun altool --list-providers --username "" --password "wwww-xxxx-yyyy-zzzz"

It seems that depending on some variable (the age of your account?) the team ID and short name may be different.

ProviderName    ProviderShortname PublicID                             WWDRTeamID 
--------------- ----------------- ------------------------------------ ---------- 
My Copmany Inc. MyCompanyInc      69de4d2-a5b3-0000-0000-1234567901123 XXXXXXXXXX

In my case it was, and I had to use the WWDRTeamID field

The password should be an app specific password and not your account password.

1 Like

It also has the ability to waif for the response so you don’t have to keep checking to see if it’s done. Overall it seems easier to use to me.

1 Like

I always notarised my apps with AppWrapper and never had to enter TeamID (only my Apple account).

Because App Wrapper makes our life much easier. However, in the Packing pane you did have to define the Apple login and an app specific password for it to use to login on your behalf to submit to Apple. I believe it uses information from that to get the Team ID to use when submitting the notarization request to Apple.

Edit: Typo correction


Probably not though. The teamID is as to required for the old method. If you look at the command line options for this new notarytool program, they also give you the option of using Apple Connect Store API credentials.

The reason for requesting the Team ID may be one concerning ambiguity though. Working on my profile tool, I’ve found more than a few scenarios that can be solved by simply filtering on the Team ID.

NotaryTool is much MUCH better than altool. I switched from using altool in Terminal (clumsier) to creating and using my own customized AppleScript with NotaryTool on the inside, to run and notarize installers. With NotaryTool I’m able to perform the complete upload/download/wait-for-reply/staple and then run my own validation check on the notarized installer to finish.

NotaryTool is also faster, in terms of upload speed and response, than altool had been.

I hadn’t been aware of the migration from altool to NotaryTool, but once I did this (and did it “early”) it’s been a huge improvement.