AASA Validator
Test apple-app-site-association
and assetlinks.json online
Free AASA validator for Universal Links (iOS) and Android App Links: checks your apple-app-site-association and assetlinks.json for redirects, content type, JSON structure, appID and SHA256 fingerprint - with a fix tip for every failed check.
Validate your deep links
Universal Links (iOS)
App Links / TWA (Android)
- ✔️ checks /.well-known/ paths directly, without redirects
- ✔️ detects wrong content type and invalid JSON
- ✔️ validates appID, package name and SHA256 fingerprint
- ✔️ free, no sign-up
AASA check
Universal Links (iOS)
assetlinks.json check
App Links / TWA (Android)
Common errors with AASA and assetlinks.json
1. Redirects from Joomla or WordPress SEF rules
Apple's CDN and Google's verifier do not follow redirects - the files must answer directly with HTTP 200. SEF and SEO extensions in Joomla and WordPress often force a trailing slash, www or a language prefix onto every URL, which silently breaks /.well-known/. The fix: exclude /.well-known/ from the rewrite rules in your .htaccess before the CMS rules run.
2. Wrong content type because the file has no .json extension
The AASA file must be served without a file extension. Many servers then fall back to text/html - and Apple rejects the file. On Apache, force the type for this one file:
<Files "apple-app-site-association">
ForceType application/json
</Files>On nginx, a location block with default_type application/json; does the same job.
3. Play App Signing: app signing key vs. upload key
If Google signs your app (Play App Signing), the SHA256 fingerprint in assetlinks.json must be the one of the app signing key from the Play Console (Setup > App integrity) - not the one of your local upload key. With the wrong fingerprint the verification fails and your TWA shows a browser bar.
Your website as an app in both stores?
I publish Joomla and WordPress websites as apps on Google Play and in the Apple App Store - fixed-price packages, deep links and store assets included. See PWA to App Store for details.
View app store packagesFrequently asked questions about the AASA validator
The AASA file tells iOS which app may open which URLs of your domain (Universal Links). It must be reachable at https://yourdomain.com/.well-known/apple-app-site-association and served as JSON - without a file extension.
The most common causes are redirects (Apple's CDN does not follow them), a wrong content type, invalid JSON or a wrong appID. Apple also caches the file on its CDN, so changes can take up to 24 hours and a reinstall of the app to take effect.
No. The file must be reachable exactly at /.well-known/apple-app-site-association without an extension, but it must be served with the content type application/json. Many servers send text/html for files without an extension - that is exactly what this AASA validator detects.
assetlinks.json verifies Android App Links and Trusted Web Activities (TWA). Without a valid file at /.well-known/assetlinks.json an Android TWA app shows a browser address bar instead of running fullscreen.
With Play App Signing, the fingerprint of the app signing key from the Play Console (Setup > App integrity) counts - not the fingerprint of your upload key. A wrong fingerprint is the most common reason why a TWA still shows the browser bar.
Yes. The validator checks your apple-app-site-association and assetlinks.json for free and shows a concrete fix tip for every failed check.
PWA Asset Generator
Generate PWA icons, iOS splash screens and app store assets (Apple icon, Play icon, feature graphic) for free
PWA to App Store
Publish your PWA to Google Play and the Apple App Store - fixed-price packages from EUR 500