Build vs Buy: The Real Cost of DIY Review-Reply Automation
Want to build review reply automation yourself? Here's the honest scope: two store APIs, two auth schemes, no webhooks, 7-day windows, grounding, and forever-maintenance.
The Argus Team
Reply Argus
You can build review-reply automation in a weekend. Keeping it alive is the part nobody quotes you for. A working prototype — pull reviews, ask an LLM to draft a reply, POST it back — is genuinely a Saturday of work. The gap between that demo and something you'd trust to answer a 1-star review in Portuguese, unattended, on a busy launch week, is where the real cost lives.
This is a straight build-vs-buy breakdown for the person who actually could build it. No hand-waving about "leveraging synergies." Just the concrete parts you'd own: the two store APIs (which are not one API), the two different auth schemes, the polling you can't avoid because there's no webhook, the 7-day window that quietly eats your history, grounding so the model doesn't invent a refund policy, multilingual coverage, and the maintenance tax that arrives every time Apple or Google changes something. Then the honest verdict on when each path wins.
What does "build review reply automation" actually include?
The demo is three steps. The product is about fifteen. Before you estimate the effort, it helps to see the whole surface at once, because the LLM call (the part everyone thinks is the hard bit) is maybe a fifth of the work.
Here's the full parts list you're signing up to own and operate:
- Two ingest integrations — the App Store Connect API and the Google Play Developer API, which share almost nothing beyond the word "reviews."
- Two auth systems — a self-signed ES256 JWT for Apple, a service-account OAuth token for Google. Both expire; both need refresh logic.
- A poller — because neither store pushes you a webhook when a new review lands, you have to ask, on a schedule, forever.
- Dedup + state — remembering which reviews you've already seen and replied to, since the APIs happily hand you the same review again.
- Grounding — feeding the model your real support facts (refund policy, known bugs, your voice) so it stops confidently making things up.
- Multilingual — detecting the reviewer's language and replying in it, both directions, without machine-translation stiffness.
- Char-limit enforcement — Google Play hard-caps replies at 350 characters; blow past it and the POST just fails.
- An approval surface — a human queue, or rules for what's safe to auto-send, plus an audit trail of who approved what.
- Retry, backoff, alerting — for the 401s, the quota 429s, and the silent nights when the poller dies and nobody notices for a week.
- Maintenance — the standing cost of every API change, deprecation, and new store behavior, for as long as the feature exists.
The two APIs are not one API
The single biggest surprise for people who scope this as "reviews API integration" (singular) is that you're building two integrations that barely rhyme. Apple's Reviews endpoints live in App Store Connect and speak JSON:API; you read with `GET /v1/apps/{id}/customerReviews` and answer with `POST /v1/customerReviewResponses`. Google's live in the Play Developer API as a `reviews` resource with three methods — `reviews.list`, `reviews.get`, `reviews.reply`. Different envelopes, different pagination, different error shapes.
Auth is where they diverge hardest. Apple makes you generate an API key, download a `.p8` private key exactly once, and sign a fresh ES256 JWT for each burst of calls, capped at a hard 20-minute lifetime with the audience string `appstoreconnect-v1`. Google makes you create a service account in Google Cloud, grant it access in the Play Console, and exchange its key for a short-lived OAuth access token. Neither is hard on its own. But you're now maintaining two credential rotations, two failure modes, and two sets of "why is this suddenly 401" debugging sessions. We wrote the full working references for each, the [App Store Connect Reviews API](/blog/app-store-connect-reviews-api-reference) and the [Google Play Reviews API](/blog/google-play-reviews-api-reference), and the deltas between them are exactly the parts a DIY build has to reconcile by hand. The [reply rules differ per store](/blog/reply-rules-for-every-app-store) too, so your logic can't be one-size-fits-both.
# Apple — read reviews (JWT ES256 in the header)
GET /v1/apps/{appId}/customerReviews?limit=200&sort=-createdDate
Authorization: Bearer <ES256 JWT, exp <= 20 min>
# Apple — post a reply
POST /v1/customerReviewResponses
{ "data": { "type": "customerReviewResponses",
"attributes": { "responseBody": "..." },
"relationships": { "review": { "data": { "type": "customerReviews", "id": "..." } } } } }
# Google — read + reply (OAuth service-account bearer)
GET /androidpublisher/v3/applications/{pkg}/reviews
POST /androidpublisher/v3/applications/{pkg}/reviews/{reviewId}:reply
{ "replyText": "... (<= 350 chars, hard cap) ..." }There is no webhook — so you're polling forever
This is the constraint that reshapes the whole architecture, and it catches nearly everyone. Neither Apple nor Google will call you when a new review comes in. There is no "new review" event to subscribe to. If you want to know a 1-star review landed at 2am, you have to keep asking. We dug into [why there's no webhook for new app reviews](/blog/no-webhook-for-new-app-reviews) and the practical upshot is the same on both stores: you run a scheduled poller, you diff against what you've already stored, and you accept some latency between a review appearing and you seeing it.
Polling forces two more things you didn't budget for. First, quotas: Google Play meters you (community testing puts it around 200 GETs per hour and 2,000 reply POSTs per day), so a naive "poll every app every minute" plan hits the ceiling and starts throwing 429s. You need per-app scheduling and backoff. Second, and worse:
The 7-day window will quietly eat your history
Both review APIs only return roughly the last seven days of reviews. There is no backfill endpoint. If your poller is down for eight days (a bad deploy, an expired key, a cloud bill you forgot to pay), those reviews are gone from the API forever, and you'll never know a customer went unanswered. This is why "I'll just run a cron job" quietly becomes "I need durable state, monitoring, and alerting," which is a real service, not a script.
Drafting is the easy 20% — grounding is the hard 80%
Calling an LLM to write a friendly reply is trivial. Getting it to write a reply you'd actually publish is not. An ungrounded model will cheerfully promise a refund you don't offer, cite a feature you killed two versions ago, or apologize for a bug that was the user's misconfiguration. Every one of those becomes a public, permanent, screenshotted reply under your app's name. Grounding — retrieving your real policies, your known-issues list, and your past approved replies, then constraining the draft to them — is the difference between a toy and something you'd let run unattended.
Then there's language. Reviews arrive in whatever language the customer speaks, and replying in that language measurably helps: the research on reply effectiveness (Srisopha et al., EASE 2021) ranks fit and effort above raw politeness. So you need reliable language detection, translation that doesn't read like a translation, and character-limit enforcement that survives the round trip (a reply that's 320 characters in English can balloon past Google's 350-char cap once translated). We go deeper on [replying in any language](/blog/reply-to-app-reviews-in-any-language), but the build cost is: another model in the loop, another failure mode, and per-language testing you'll never fully finish. And speed matters: the [faster you reply, the more it moves the rating](/blog/how-fast-should-you-reply-to-app-reviews), which puts pressure back on that poller you now have to keep healthy 24/7.
Pagué la suscripción anual y la función de exportar no funciona. Quiero mi dinero.
Sentimos mucho el problema con la exportación, y gracias por avisarnos. La corrección ya está en la versión 4.2, que se publica esta semana. Sobre el reembolso, escríbenos a soporte@… con tu recibo y lo resolvemos hoy mismo. Gracias por tu paciencia.
That reply looks effortless. Producing it reliably requires: detecting Spanish, knowing your real refund path (grounding), knowing 4.2 ships this week (grounding again), staying under 350 characters in Spanish (enforcement), and not inventing a policy (constraint). Miss any one and you've published a mistake. Multiply by every review, every language, every night.
What a real build looks like end to end
If you're still estimating, here's the honest shape of a production build — not the demo, the thing you'd actually run for a year.
- 1
Step 1 — Credentials, twice
Generate and store an Apple `.p8` + Key ID + Issuer ID, and a Google service-account key. Wire rotation and secret storage for both. Handle the inevitable 401 on first run for each.
- 2
Step 2 — Poller + state
Schedule per-app polling within quota, dedup against a durable store, and record reply status. Add alerting for a dead poller, because the 7-day window is unforgiving.
- 3
Step 3 — Grounding layer
Ingest your store listing, policies, known bugs, and past approved replies into a retrieval store. Keep it fresh, and detect when your sources contradict each other.
- 4
Step 4 — Draft + guard
Detect language, generate a grounded draft in the reviewer's language, enforce per-store character limits, and refuse to promise anything not in your knowledge base.
- 5
Step 5 — Approve + publish
Build a review queue for humans, or rules for what's safe to auto-send by rating/keyword/language, with an audit trail. Then POST to the right store's reply endpoint.
- 6
Step 6 — Keep it alive
Monitor, retry, and patch every time Apple or Google changes an endpoint, a limit, or an auth flow. This step never ends. Budget for it every quarter.
The maintenance tax nobody puts in the estimate
A build isn't a project, it's a subscription you pay in engineering hours. Store APIs shift. Auth schemes get deprecated. A new store behavior, say a change to how replies render or a fresh quota, lands with no warning and breaks your poller silently. Because there's no webhook, a silent break can go a week before anyone notices the queue stopped moving, and by then the 7-day window has erased the reviews you missed.
This is the number that flips most build-vs-buy math. The API integration is a one-time cost you can size. The maintenance is a recurring cost you can't, and it competes directly with your actual product roadmap. Every hour spent chasing an App Store Connect auth change is an hour not spent on the thing your users pay you for.
The honest reframe
Building this is very doable. The question is never "can we build it" — it's "do we want to own two store integrations, a poller, a grounding layer, and a maintenance backlog forever, or do we want that to be someone else's job?" [ReplyArgus](/features) is that someone else: both stores in one inbox, grounded multilingual drafts, approve-by-default with opt-in auto-publish rules, and the API breakage is our problem, not yours.
So should you build or buy?
There's a real case for building. If review replies are your core product — you're a review-management platform yourself — you have to own this. If you have exactly one app, English-only, low volume, and an engineer who enjoys it, a small internal script is defensible. And if you have hard compliance reasons every byte must stay in your own infrastructure, build.
Buy when review replies are a means, not the product. If you'd rather ship features than babysit two store APIs, if you have more than one app or more than one language, if you want grounded drafts without building a retrieval system, or if you simply don't want a silent 7-day data-loss risk sitting in your stack — a tool pays for itself the first time it catches a 1-star review you'd otherwise have missed. Worth remembering why this matters at all: Google's own I/O 2019 data showed apps that respond to reviews gain about +0.7 stars on average. The automation exists to capture that lift consistently, not to be a fun weekend project.
What you'd own vs what ReplyArgus handles
Here's the clean split. Build it yourself and you own every row on the left. Use ReplyArgus and every row is handled for you — you keep control of voice and approval, we keep the plumbing running.
- Two store integrations — you'd build and maintain both Apple + Google. Argus: both, in one inbox, already live.
- Two auth schemes — you'd rotate a `.p8` JWT and a service-account token. Argus: connect once, we handle refresh.
- Polling + 7-day-window safety — you'd run and monitor a poller forever. Argus: continuous sync with alerting, so nothing falls out of the window unseen.
- Grounding — you'd build retrieval over your policies and past replies. Argus: auto-ingests your store listing + marketing page, drift-detects contradictions, grounds every draft.
- Multilingual — you'd add detection + translation + per-language testing. Argus: 100+ languages, both directions, char-limits enforced per store.
- Approval + auto-publish — you'd build the queue and rules. Argus: approve-by-default, opt-in rules by rating/keyword/language/store, full audit trail.
- Maintenance — you'd patch every API change forever. Argus: our on-call, not yours.
- Bonus you wouldn't build — reviews cluster into a PM roadmap board (export to Jira/Notion/Sheets), plus an [MCP connector](/agentic-tools) to run it all from Claude or Cursor.
The math is usually clear once the maintenance tax is on the table. A weekend prototype is cheap. A reliable, grounded, multilingual, two-store, always-on reply system is a product — and it already exists. Start on the [Free plan](/pricing) (one app, 100 replies a month, no card), connect a store, and watch it draft your first grounded reply before you'd have finished writing the JWT signer. If it earns its keep, Indie is $29 and adds the knowledge base, roadmap board, and auto-publish.
Start free — Argus drafts your first reply in minutes
Connect your App Store or Google Play account and let Argus watch both stores, ground its drafts in your own facts, and reply in the customer's language. [Start free — no card](/signup). Build the poller later, if you still want to.
Frequently asked
- Is it hard to build review reply automation yourself?
- The prototype is a weekend; the production system is a standing commitment. The hard parts aren't the LLM call — they're maintaining two different store APIs and auth schemes, polling reliably because there's no webhook, grounding drafts in real facts, handling 100+ languages, and patching every API change forever.
- Why can't I just use a webhook for new reviews?
- Because neither the App Store Connect API nor the Google Play Developer API offers one. There's no "new review" event to subscribe to, so any build has to poll on a schedule and diff against stored state — and stay within Google's quotas while doing it.
- What is the 7-day window and why does it matter?
- Both review APIs only return roughly the last seven days of reviews, with no backfill endpoint. If your poller is down for eight days, those reviews are permanently gone from the API. It turns a simple cron job into a system that needs durable state and monitoring.
- What's the character limit on a review reply?
- Google Play hard-caps developer replies at 350 characters — go over and the POST fails. Apple publishes no official limit; community testing suggests a few thousand characters. Any build has to enforce Google's cap, especially after translating a reply into another language.
- When does buying a tool beat building?
- Buy when review replies are a means, not your core product: more than one app, more than one language, or no appetite to own two store integrations and a maintenance backlog. Build only if replies are your actual product, or you have a hard compliance reason to keep everything in-house.
- What does ReplyArgus handle that a DIY build doesn't?
- Both stores in one inbox, both auth schemes, continuous polling with 7-day-window alerting, auto-ingested grounding with drift detection, 100+ language drafts with per-store limits, approve-by-default publishing rules, and all the ongoing API maintenance — plus a PM roadmap board and an MCP connector you'd never build yourself.
Try it
Let Argus draft your next reply.
Watch it answer a real review in your voice. 10-day trial, no card to begin.
Keep reading
App Store Reviews Not Showing? The Full Fix List for Apple and Google Play
App Store or Google Play reviews not showing? Here's every real cause — moderation delay, wrong country storefront, filtering, rating lag, cache — and the fix.
Read moreAre App Store Reviews Fake? How to Spot Them and What to Do
Yes, some App Store and Google Play reviews are fake — but fewer survive than you think. How to spot them, and what to do when they hit your app.
Read more