Could some tell what the relevant endpoint is for fetching all public list of a user playlist. I am able to fetch a one via the id but i want to fetch all in a single request without using authorization.

Hello, Problem I am having the exact same issue as described here : https://forums.developer.apple.com/forums/thread/693310 From my understanding of the answers on this topic, it appears to be a problem on the Server Side. Is it still the case or perhaps I am missing something ? Here are the curl commands and their outputs : Storefront call ➜ ~ curl -v -H 'Authorization: Bearer [VALID TOKEN]' "https://api.music.apple.com/v1/storefronts/us" * Trying [2a02:26f0:2b00:3ab::2a1]:443... * Connected to api.music.apple.com (2a02:26f0:2b00:3ab::2a1) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /etc/ssl/cert.pem * CApath: none * [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Server hello (2): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Unknown (8): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Certificate (11): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, CERT verify (15): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Finished (20): * [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=itunes.apple.com * start date: Jan 23 20:23:43 2024 GMT * expire date: Jul 21 20:33:43 2024 GMT * subjectAltName: host "api.music.apple.com" matched cert's "api.music.apple.com" * issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 2 - G1 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * h2h3 [:method: GET] * h2h3 [:path: /v1/storefronts/us] * h2h3 [:scheme: https] * h2h3 [:authority: api.music.apple.com] * h2h3 [user-agent: curl/7.87.0] * h2h3 [accept: */*] * h2h3 [authorization: Bearer [VALID TOKEN]] * Using Stream ID: 1 (easy handle 0x12680a800) > GET /v1/storefronts/us HTTP/2 > Host: api.music.apple.com > user-agent: curl/7.87.0 > accept: */* > authorization: Bearer [VALID TOKEN] > < HTTP/2 200 < server: daiquiri/5 < content-type: application/json;charset=utf-8 < x-apple-jingle-correlation-key: QZSH3IR75IPQYS7LSN5C5EUJRI < x-apple-request-uuid: 86647da2-3fea-1f0c-4beb-937a2e92898a < b3: 86647da23fea1f0c4beb937a2e92898a-1d7eb7b8ad18bc4d < x-b3-traceid: 86647da23fea1f0c4beb937a2e92898a < x-b3-spanid: 1d7eb7b8ad18bc4d < apple-seq: 0.0 < apple-tk: false < apple-originating-system: MZStorePlatform < x-apple-application-site: MR22 < x-apple-application-instance: 3588504 < x-responding-instance: MZStorePlatform:3588504::: < apple-timing-app: 4 ms < access-control-allow-origin: * < strict-transport-security: max-age=31536000; includeSubDomains < x-daiquiri-instance: daiquiri:11896006:mr84p00it-qujn09092102:7987:24RELEASE93:daiquiri-amp-store-l7shared-int-001-mr < x-daiquiri-instance: daiquiri:12282002:mr47p00it-qujn07081302:7987:24RELEASE93:daiquiri-amp-store-l7shared-ext-001-mr < cache-control: public, no-transform, max-age=2625 < date: Tue, 23 Apr 2024 14:08:00 GMT < content-length: 276 < x-cache: TCP_REFRESH_MISS from a2-17-114-29.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (S) < x-cache-remote: TCP_HIT from a2-17-114-18.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-) < vary: Accept-Encoding < vary: Accept-Encoding < * Connection #0 to host api.music.apple.com left intact {"data":[{"id":"us","type":"storefronts","href":"/v1/storefronts/us","attributes":{"supportedLanguageTags":["en-US","es-MX","ar","ru","zh-Hans-CN","fr-FR","ko","pt-BR","vi","zh-Hant-TW"],"explicitContentPolicy":"allowed","name":"United States","defaultLanguageTag":"en-US"}}]}% Album call ➜ ~ curl -v -H 'Authorization: Bearer [VALID TOKEN]' "https://api.music.apple.com/v1/catalog/us/albums/310730204" * Trying [2a02:26f0:2b00:3ab::2a1]:443... * Connected to api.music.apple.com (2a02:26f0:2b00:3ab::2a1) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /etc/ssl/cert.pem * CApath: none * [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Server hello (2): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Unknown (8): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Certificate (11): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, CERT verify (15): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Finished (20): * [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=itunes.apple.com * start date: Jan 23 20:23:43 2024 GMT * expire date: Jul 21 20:33:43 2024 GMT * subjectAltName: host "api.music.apple.com" matched cert's "api.music.apple.com" * issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 2 - G1 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * h2h3 [:method: GET] * h2h3 [:path: /v1/catalog/us/albums/310730204] * h2h3 [:scheme: https] * h2h3 [:authority: api.music.apple.com] * h2h3 [user-agent: curl/7.87.0] * h2h3 [accept: */*] * h2h3 [authorization: Bearer [VALID TOKEN]] * Using Stream ID: 1 (easy handle 0x148010a00) > GET /v1/catalog/us/albums/310730204 HTTP/2 > Host: api.music.apple.com > user-agent: curl/7.87.0 > accept: */* > authorization: Bearer [VALID TOKEN] > < HTTP/2 500 < server: daiquiri/5 < content-type: application/json; charset=utf-8 < content-length: 42 < access-control-allow-origin: * < x-apple-jingle-correlation-key: EABGYDVEO5AFSK47FMXBMUMODY < x-apple-application-site: st < strict-transport-security: max-age=31536000; includeSubDomains < x-daiquiri-instance: daiquiri:42282002:st53p00it-qujn13050102:7987:24RELEASE93:daiquiri-amp-store-l7shared-ext-001-st < date: Tue, 23 Apr 2024 14:08:03 GMT < x-cache: TCP_MISS from a2-17-114-29.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-) < * Connection #0 to host api.music.apple.com left intact {"message":"An unexpected error occurred"}% Am I missing something ? Is it a server side issue ? If so, when will it be fixed ? Otherwise, what is wrong with my approach ?

Has anyone found a way to retrieve user token if I want to make an app on Flutter that uses that to make Apple Music API calls to just retrieve the user data and display it on the application? Something like when a user opens their app, there is a button that says connect with apple. It takes the user to give permissions for apple music and that retrieves their user token. I know there is Music Kit on Swift but i wonder if there is something like that on flutter

Access to fetch at 'https://play.itunes.apple.com/WebObjects/MZPlay.woa/wa/webPlayback' from origin 'http://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I was about to finally sign up for the Apple Music affiliate program since one of my apps does provide the MusickKit Subscription Offer. However, it looks like it was renamed and restricts usage to only artists and record labels. (https://partners.applemediaservices.com) Is this correct? Can I as an indie developer not earn commission of Apple Music that I drive from my apps?

After thoroughly scouring the internet numerous times, I came to the realization that Apple has not documented their User Authentication flow. Instead, developers are often directed to use their JavaScript solution, which proves to be insufficient and impractical for many projects. Could we please request a comprehensive documentation outlining the process of generating a Music User Token from the Developer Token? This would greatly benefit developers seeking to integrate Apple Music functionality into their projects.

Hello, I am working on the Musickit web browser application. I have created my developer token as mentioned in the documentation. When I call the authorize() method to authenticate, I get the Apple Music pop up as expected. However, after entering the user credentials and "allowing" access, I get the following error: POST https://play.itunes.apple.com/WebObjects/MZPlay.woa/wa/webPlayerLogout 403 (Forbidden) musickit.js:28 Uncaught (in promise) AUTHORIZATION_ERROR: Unauthorized at https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:269512 at Generator.next () at asyncGeneratorStep$u (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:266594) at _next (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:266821) I am using an user account with paid subscription to Apple Music. With the JWT created, I am able to make API calls and receive the response for requests that do that need the userToken. I am currently stuck at this step and would like some help to root cause this issue.

Hi! For a couple of days and only for some users, we are getting this error message on this endpoint: https://api.music.apple.com/v1/me/library/playlists?limit=100 {"id":"6NT5LBXIZW65K2G3L6QY3WWYAA","title":"Upstream Service Error","detail":"Error fetching library content","status":"500","code":"50001"} Any idea?

The MusicKit JS V3 documentation has this article about Native WebViews. For some reason, my app fails to do anything after musicKitInstance.authorize() is called. I think that it is not being recognized as a WebView and is trying to open the window as if it was running in a browser, but since it's not a browser, there's no way for it to open a browser window. Is there something I can do to make this work? I have tried many things, including setting the user agent to a few different ones for web views and seeing if it behaves differently but didn't see any different behavior. Is there something musickit.js checks for, when determining if it's running in a WebView, that I can leverage to ensure the Native WebView workflow is followed?

Not sure when it happened but I can no longer play explicit songs in my app using MK v3. I've turned off restrictions/made sure i have access to explicit in... My phone (Screen Time) My computer (Screen Time) My iPad (Screen Time) music.apple.com (Settings) and I still get this error when I try to play a song in console. `CONTENT_RESTRICTED: Content restricted at set isRestricted (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:296791) at SerialPlaybackController._prepareQueue (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:318357) at SerialPlaybackController._prepareQueue (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:359408) at set queue (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:308934) at https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:357429 at Generator.next (<anonymous>) at asyncGeneratorStep$j (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:351481) at _next (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:351708)`

As the title states. Would like to use MusicKit for Web instead of the Swift integration.

Hi! I've been working on a project in python that pulls in a bunch of my personal apple music playback history and library, etc. I can't find a single good/functional example on how to pull the Music User Token via the android method or MusicKit JS (web) - I've spent a lot of hours on this today, and no permutation of existing examples/documentation has worked. Any guidance would be much appreciated!! If you have a web app that pulls the music user token, I just need help understanding how to get to the token itself. Thank you!

Hello Apple Community, First, I'm asking this on the holidays, so happy holidays. Now I have some "fun coding time" and can do it because I have some holiday time. I'm new to this area and would greatly appreciate your expertise and guidance. Have mercy. I'm attempting to develop a simple application on my Mac OS to browse my playlists. However, I've encountered a few roadblocks that I struggle to navigate. I understand I need to implement two-factor authentication to access my playlists, for which an OAuth setup is required. This involves obtaining an Apple ID and a service ID and dealing with other complex elements. One particular challenge I'm facing is with the redirect URI in the OAuth process. It seems that it needs to be a valid domain, and I'm unsure if using a local server address like https://localhost:5000 would work. My goal is to create a basic Flask application that can interact with Apple's web authentication system, but I'm uncertain about the feasibility of this approach, given the domain restrictions. I would appreciate any advice or step-by-step guidance on the following points. What would be the simplest way to create an application (Swift, Python, or JavaScript) that can authenticate and enable browsing through my playlists? Any insights, tips, or examples you could share would be immensely helpful. I am eager to learn and look forward to your valuable suggestions. Anything step-by-step would be great, but I like to dream. Thank you so much for your time and assistance.

I want to add a small play button to play a song preview on my site. I don't want to use the embedded player because I want to style it custom. If I use the MusicKit Web library, do I need to add Apple branding legally? I don't see anywhere that says its required and I want to confirm.

Greetings Fellow Humans, My player uses the v3 musickit-js library. I am trying to handle situations where a user tries to play explicit content in my player with an account that has content restrictions enabled. I don't see a mechanism to know if the toggle is set in the account. The only mechanism I see is to respond to a CONTENT_RESTRICTED error as handled by the callback to the function I provide as a callback to the mediaPlaybackError event. I have attached many callbacks (like bufferedProgressDidChange) and those all work, but this one never fires. music.addEventListener("mediaPlaybackError", onPlaybackError); Or music.addEventListener(MusicKit.Events.mediaPlaybackError, onPlaybackError); My onPlaybackError function, at least for debugging purposes, is: function onPlaybackError(e) { console.log("onPlaybackError"); console.log(e); } There are so many error conditions that are meant to be handled in this way but the callback never happens. Am I missing something? Why doesn't this callback fire? Thanks!

Trying to use the Apple Music API for mirroring playlists from spotify. Wondering if it will ever be on the roadmap to update/reorder playlists, or delete playlists/remove items using the API? Is this something that can't be handled or is it a business decision? I see that there is more flexibility with the MusicKit. Can we expect something like this in the future for the API? Thanks,

Is it possible to get timestamp in any of the API endpoints present in applemusic API Here's the documentation -> https://developer.apple.com/documentation/applemusicapi/

Apple Music Kit API will throw an Unauthorized 403 error when I log in successfully using an Apple Music account that has no Apple Music Subscription. After I successfully log in with my credentials, I will see a "Play full songs on the web" screen that indicates a successful log in. When I click "try it now" or "not now," the API will throw a "AUTHORIZATION_ERROR: Unauthorized." Authorization status will be set to 0, preview only will be set to false. Shouldn't the authorization be a success after the user has logged in? Ideally, the status should be a 1and preview true. I think what is missing is the consent screen which shows up only when the user is a subscribed member.

For some reason when I go through the same process as shown here: https://developer.apple.com/documentation/musickitjs/ using MusicKit JS to authorize a user, the popup opens a user logs in and then on the access request screen you click allow nothing happens. You can see in the network tab when inspecting that the usertoken is being generated but the popup isn't closing and no matter what I try I cannot extract the usertoken, any thoughts?

Cannot get various songs to play and cannot figure out what is causing it. It appears to be certain albums don't play. For instance Eric Church's Chief album plays fine, but his Soul album does not play.