Obtain developer tokens and keys needed to make requests to the Apple Music API.
To make requests to the Apple Music API, Create a MusicKit identifier and private key using a developer token to authenticate yourself as a trusted developer and member of the Apple Developer Program. A signed developer token is required in the header of every Apple Music API request.
Create a Developer Token
The Apple Music API supports the JSON Web Token (JWT) specification, so you can pass statements and metadata called claims. For more information, see the JWT specification and the available libraries for generating signed JWTs.
Construct a developer token as a JSON object whose header contains:
The encryption algorithm (
alg) you use to encrypt the token
A 10-character key identifier (
kid) key, obtained from your developer account
In the claims payload of the token, include:
The issuer (
iss) registered claim key, whose value is your 10-character Team ID, obtained from your developer account
The issued at (
iat) registered claim key, whose value indicates the time at which the token was generated, in terms of the number of seconds since Epoch, in UTC
The expiration time (
exp) registered claim key, whose value must not be greater than
15777000(6 months in seconds) from the Current Unix Time on the server.
After you create the token, sign it with your MusicKit private key. Then encrypt the token using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm. Specify the value
ES256 in the algorithm header key (
A decoded JWT developer token has the following format:
Create a Music User Token
For personalized requests, pass a music user token in the header that you obtain using the
request method in the StoreKit framework.
A developer token is a signed and encrypted JWT token used to authenticate a developer in Apple Music requests. For personalized requests, also include a music user token.
In all requests, pass the
Authorization: Bearer key set to the developer token:
For personalized requests, add the
Music-User-Token key set to the music user token:
Simulate the Too Many Requests Error
You receive the Too Many Requests (429) error when the server exceeds its capacity. To simulate this error, use a request with an invalid ID of 0 (for example,
https://api) and this MusicKit private key:
Save this key as a text file with a
.p8 file extension, and be sure to keep the key string on one line. In the JWT, set the algorithm (
alg) key to
ES256, the key identifier (
kid) key to
Cap, and the issuer (