Keys can vary; an account is not necessary, as only Team Keys are suitable for notarization.
It seems that Developer role is sufficient for notarization.
We have tried both keys and roles of Developer and Account Manager - the behavior is the same.
Multiline
There are two types of API keys:
Team
Access to all apps, with varying levels of access based on selected roles.
Individual
Access and roles of the associated user. Individual kevs aren't able to use Provisioning endpoints, access Sales and
Finance, or notaryTool.
BlockQuote
Here are the parameters used for notarization via API key:
`-k, --key key-path
App Store Connect API key. File system path to the private key.
-d, --key-id key-id
App Store Connect API Key ID. For most teams this will be a 10 character alphanumeric string.
-i, --issuer issuer
App Store Connect API Issuer ID. The issuer ID is a UUID format string.`
The notarization result shows as successful, and on the same machine, the package appears as notarized.
However, when the package is transferred to another system, it is displayed as not notarized.