What is AASA and Why It Exists
The Apple App Site Association (AASA) file is a JSON configuration file that enables iOS apps to claim ownership of your website domains. Without this file, iOS apps can open your website links, but users won't get the seamless experience of being directed directly to app content—they'll see a web page instead.
AASA is the foundation of Universal Links, Apple's solution for deep linking. It works by establishing a cryptographic connection between your website and your app, proving that both entities are owned by the same organization. This trust relationship is essential for Apple's strict security model.
When users tap a link to your domain, iOS checks for your AASA file. If it finds the correct configuration and your app is installed, iOS opens the app directly to the specified content. If the app isn't installed, the link opens normally in Safari.
AASA JSON Format Reference
Here's a complete AASA file structure with annotations explaining each section:
{
"applinks": {
"apps": [],
"details": [
{
"appID": "9ABC123DEF.com.example.myapp",
"paths": [
"/product/*",
"/account/profile",
"NOT /static/*"
]
}
]
},
"webcredentials": {
"apps": ["9ABC123DEF.com.example.myapp"]
}
}Field Explanations
- appID: Your Team ID + Bundle Identifier (format: TeamID.bundleIdentifier)
- paths: URL paths your app handles. Use * for wildcards, NOT for exclusions
- webcredentials: Enables password autofill for password managers (optional)
applinks vs webcredentials Sections
Your AASA file can contain two main sections, each serving different purposes:
applinks
Enables Universal Links. When users tap links to your domain, iOS directs them to your app if it's installed. This is your primary deep linking mechanism.
webcredentials
Enables AutoFill for passwords and passkeys in Safari and your app. This improves user authentication experience but doesn't directly affect deep linking.
Version Differences: iOS 13+ vs Legacy
Apple introduced significant changes to AASA in iOS 13. Here's how they differ:
| Feature | iOS 13+ | iOS 12 and Earlier |
|---|---|---|
| Format | JSON with "details" array | Simple JSON format |
| Multiple apps | Supported (details array) | Limited support |
| Negative paths | Fully supported with NOT | No support |
| Case sensitivity | Case-sensitive matching | Case-insensitive |
For modern app development, focus on the iOS 13+ format. If you need to support older iOS versions, structure your AASA to be backward compatible while leveraging newer features.
Path Patterns and Wildcards
Path patterns are how you tell iOS which URLs your app should handle. Understanding the pattern matching rules is critical:
"paths": [ "/product/*", // Wildcard - matches any substring "/account/profile", // Exact path match "/posts/*/comments", // Multi-level wildcards "NOT /admin/*", // Exclude paths from matching "NOT /login", // Exclude specific routes "/?*", // Match root and all subpaths "/checkout/success/*" // Deep path matching ]
Wildcard Rules
- * matches zero or more characters in a single path component
- ? matches exactly one character
- NOT prefix excludes paths from being handled by your app
- Paths are case-sensitive in iOS 13+
- Query strings and fragments are ignored in path matching
Hosting Requirements
Your AASA file must be hosted correctly for iOS to find and validate it:
File Location
https://yourdomain.com/.well-known/apple-app-site-association
The file must be in the .well-known directory at the root of your domain.
HTTPS Required
Your website must use HTTPS. iOS will not read AASA files over HTTP.
Content-Type Header
Content-Type: application/json
Your server must return the correct MIME type.
Valid JSON
The file must be valid JSON. Invalid JSON will silently fail, and iOS will fall back to opening links in Safari.
No File Extension
The file should have no .json extension. Name it exactly: apple-app-site-association
Complete AASA Example
Here's a production-ready AASA configuration:
{
"applinks": {
"apps": [],
"details": [
{
"appID": "ABC123DEF9.com.example.app",
"paths": [
"/product/*",
"/order/*",
"/account/*",
"/referral/*",
"NOT /admin/*",
"NOT /api/*"
]
},
{
"appID": "ABC123DEF9.com.example.app.beta",
"paths": ["/beta/*"]
}
]
},
"webcredentials": {
"apps": [
"ABC123DEF9.com.example.app",
"ABC123DEF9.com.example.app.beta"
]
}
}Validating Your AASA File
After creating your AASA file, validate it before deploying. Invalid AASA files won't throw errors—they'll silently fail. Here are the validation steps:
1. Check JSON Validity
Use a JSON validator to ensure your file has valid JSON syntax.
2. Use Redirectly's AASA Validator
Test your file with our free validator tool, which checks iOS 13+ compatibility and provides detailed error messages.
3. Verify HTTP Headers
Ensure your server returns Content-Type: application/json and proper HTTPS.
4. Test on Device
Install your app and test tapping links to ensure they open in your app correctly.
Pro Tip: Use Redirectly's free AASA validator to quickly test your configuration before deploying to production.
Try AASA ValidatorTroubleshooting Common Issues
Here are solutions to the most common AASA problems:
Links not opening in app
Check: (1) AASA is at .well-known/apple-app-site-association, (2) appID matches your Team ID + Bundle ID, (3) paths match your URLs, (4) HTTPS is enabled
Content-Type header incorrect
Verify your web server returns application/json. Test with: curl -I https://yourdomain.com/.well-known/apple-app-site-association
Invalid JSON syntax
Copy your AASA content into a JSON validator. Even a missing comma or quote will cause silent failures.
Still not working after fixes
Delete and reinstall the app. iOS caches AASA files aggressively. Clearing the app cache forces iOS to re-fetch the configuration.
Building on AASA: Next Steps
Now that you understand AASA, explore related deep linking topics:
Summary
The AASA file is essential for iOS deep linking. By understanding its format, hosting requirements, and path patterns, you can create reliable universal links that seamlessly direct users to your app content. Remember:
- Host AASA at .well-known/apple-app-site-association with HTTPS
- Ensure valid JSON and application/json Content-Type
- Use appID format: TeamID.bundleIdentifier
- Define paths carefully with wildcards and NOT exclusions
- Validate before deploying using our validator tool