Hi, I’m an iOS developer building an app with an use case that needs advanced playback on Apple Music subscription streams, specifically: • Real-time tempo change (BPM) during playback — i.e., time-stretch with key-lock, not just crossfade. • Beat-matched transitions between tracks. From what I can tell, this capability seems to exist only for approved partners and isn’t available through public MusicKit. Question: What’s the official request path to be evaluated for that restricted partner entitlement (application form, questionnaire, NDA, or internal team/BD contact)? If the entitlement identifier is internal, how can I get my account routed to the right Apple Music team? For reference, publicly announced partners include Algoriddim djay, Serato DJ Pro, rekordbox (AlphaTheta), and Engine DJ—all of which appear to implement mixing features that imply advanced playback (tempo/beat-matching) on Apple Music content. I’d prefer not to share product details publicly for the moment and can provide specifics privately if needed. Thanks in advance!

Hi, While I don't normally use FairPlay, I got this email that is so strangely worded I am wondering if it makes sense to people who do know it or if it has some typo or what. You can only generate certificates for SDK 4, also SDK 4 is no longer supported? (Also "will not expire" is imprecise phrasing, certificates presumably will expire, I think it meant to say are still valid / are not invalidated.)

Hi, I'm trying to create a FairPlay Streaming Certificate for the SDK 26.x version. Worth to mention that we already have 2 (1024 and 2048) and we only have the possibility to use our previous 1024-bit certificate (which we do not want because we want a 2048 cert) Our main issue is that when I upload a new "CSR" file, the "Continue" button is still on "gray" and cannot move forward on the process. The CSR file has been created with this command: openssl req -out csr_2048.csr -new -newkey rsa:2048 -keyout priv_key_2048.pem -subj /CN=SubjectName/OU=OrganizationalUnit/O=Organization/C=US Some help will be appreciated. Thanks in advance Best,

Hello, I requested Fairplay credentials a week ago. Where can I check the status of my request? Thank you very much. The team ID is: 6WZ8SVRYV9

For iOS17 we've had no problem playing Apple Fairplay encrypted content with keys delivered from our key server running on FairPlay Streaming Server SDK 5.1 and subsequently FairPlay Streaming Server SDK 26. It's built and deployed using Xcode Version 26.1.1 (17B100) with no changes to the code and - as expected - the content continued to be successfully decrypted and played (so far so good). However, as soon as a device was updated to iOS26, that device would no longer play the encrypted content. Devices remaining on iOS17 continue to work normally and the debugging logs are a sanity-check that proves that. Is anyone else experiencing this issue? Here's the code (you should be able to drop it into a fresh iOS Xcode project and provide a server url, content url and certificate).

Our license service is based on version 4.5.4 and we make use of sample .c/.h files for building license service. We are told that version 4.5.4 is going to be deprecated in 2026 and we should migrate to latest SDK version 26. When explored the SDK, we noticed that only python and Swift based SDk is provided. Does Apple also provide C/C++ based SDK as it is going to easier for us to integrate. If yes, please share the SDK package and sample license service solution.

Hi there I've been having trouble finding any details around how safari is supposed to behave when a FairPlay license expires. My assumption was that the video segments would stop getting decrypted and playback would stop, however I just see that the playback continues like nothing has happened. I've setup the "fps_safari_has_key_renewal.html" sample code from the Fairplay SDK and got encrypted playback working. The renewal method also appears to work. However, if I don't issue a renew call, or if I wait several minutes after the renew has succeeded the video never stops (my license is set with a 1 minute expiry so I can test this quickly). I've also observed that the MediaKeySession expiration property is always set to NaN even though my license has an expiry. I've tried with both Lease and Rental expiries set in the license (separately AND at the same time in separate tests). I'm using EZDRM as my drm provider. Just looking for some feedback on if this is supposed to work this way in safari or if license expiry isn't supported in safari. Thanks!

We are trying to port our code to Apple TV on tvosVersion 17.6 while running the sample we are getting error CoreMediaErrorDomain error -42681. We understand that this error occurs when the FairPlay license (CKC) returned by the server contains incompatible or malformed version information that the iOS/tvOS FairPlay CDM cannot parse. Can you please specify tvos 17.6 expect what fairplay version number or what fields are mandartory for fps version metadata ?

I am trying to Build server for testing on Linux(Alma linux 9 VM) NAME="AlmaLinux" VERSION="9.7 (Moss Jungle Cat)" ID="almalinux" ID_LIKE="rhel centos fedora" VERSION_ID="9.7" PLATFORM_ID="platform:el9" PRETTY_NAME="AlmaLinux 9.7 (Moss Jungle Cat)" ANSI_COLOR="0;34" [azuki@AlmaDevVM ~]$ uname -m x86_64 I have tried the following steps: Before starting, ensured that Swift 6 installed. Referred https://www.swift.org/install/ for instructions. Build the library In Terminal, uses the following commands to compile the Swift library: cd Development/Key_Server_Module/Swift swift build -Xbuild-tools-swiftc -DTEST_CREDENTIALS After building the library, ran test cases to ensure the library behaves as expected. ALL unit tests are passing with the development credentials. • Since I was using an x86_64 machine: export LD_LIBRARY_PATH=./Sources/prebuilt/x86_64-unknown-linux-gnu/ Run all tests: swift test -Xbuild-tools-swiftc -DTEST_CREDENTIALS --disable-swift-testing Build the server Build the server: Apache Before starting, ensured the following: a. Installed Apache HTTPD and the dev tools. Using the following command for installation: yum install httpd httpd-devel redhat-rpm-config b. After this, integrated it into the Apache server environment with swift library that was built above. Used the following command to build the server using apxs: • Since I was using an x86_64 machine: apxs -i -a -c -Wl,-L${PWD}/.build/x86_64-unknown-linux-gnu/debug/ -Wl,-lswift_fpssdk -Wl,-L${PWD}/Sources/prebuilt/x86_64-unknown-linux-gnu -lfpscrypto -Wl,-R${PWD}/.build/x86_64-unknown-linux-gnu/debug server_setup/mod_fps.c c. Next, copied the dependent libraries to the Apache modules folder using these commands: • If using an x86_64 machine: cp Sources/prebuilt/x86_64-unknown-linux-gnu/libfpscrypto.so /usr/lib64/httpd/modules/libfpscrypto.so cp .build/x86_64-unknown-linux-gnu/debug/libswift_fpssdk.so /usr/lib64/httpd/modules/libswift_fpssdk.so d. Configuring Apache HTTPD Configured Apache HTTPD by adding the module and handler to your Apache HTTPD configuration (/etc/httpd/conf/httpd.conf). Note that the apxs command may automatically add the LoadModule line in the previous step. Listen 8080 LoadFile /usr/lib64/httpd/modules/libfpscrypto.so LoadFile /usr/lib64/httpd/modules/libswift_fpssdk.so LoadModule fps_module /usr/lib64/httpd/modules/mod_fps.so <Location "/fps"> SetHandler fps_handler Copy the credentials to the Apache modules folder. cp -r ../credentials /usr/lib64/httpd/modules/ export FPS_CERT_PATH= /usr/lib64/httpd/modules/credentials/test_certificates.json e. Run your server You can run the Apache HTTPD server with the configured module by using the following command: httpd -D FOREGROUND No issues see till step. Get SDK version [azuki@AlmaDevVM Key_Server_Module]$ curl localhost:8080/fps/v 26.0.0 But when i try to generate license [azuki@AlmaDevVM Key_Server_Module]$ curl -d ../Test_Inputs/iOS/spc_ios_hd_lease_2048.json localhost:8080/fps {"fairplay-streaming-response":{"create-ckc":[{"id":1,"status":-42601}]}} Can you please suggest what i might be missing here?

The ASk is used by the KSM to derive the dASk, which is then used to decrypt the SK...R1. If the only thing we give the client is the certificate, how does it encrypt the SK...R1 so the server is able to process it. Would be nice to know it it works generally, because I've been getting questions about it and can't provide a helpful answer. Thanks in advance.

Hello, I have a problem generating a 2048-bit FairPlay Streaming certificate. I tried generating SDK v26.x certificate in two ways. (1) Use existing certificate (2) Create new certificate Though, in both ways, Apple gives me a certificate bundle of 1024-bit certificate. (fps_certificate.bin) I've uploaded 2048-bit CSR on creating a certificate. Just to note, I have created a SDK v4.x certificate few years ago. Have anyone bumped into a same issue? Or am I missing something?

Hi We’re updating our KSM to support SPC v2/v3 and currently operate with both legacy SDK4 credentials (ASK + 1024 cert) and SDK26 credentials (certificate bundle + provisioning data + 1024/2048 keys). Our client apps run across a wide range of iOS/tvOS versions, so we want to follow Apple’s recommended client strategy for certificate selection. The docs describe SHA‑1 vs SHA‑256 in the SPC header, but do not specify which OS versions should use SDK4 vs SDK26 credentials. Could you clarify: Is there an official minimum iOS/tvOS version where you recommend SDK26 credentials for client apps? For older OS versions (e.g. iOS 15), is SDK4 still the recommended choice for client apps? Are there any official migration guidelines for client apps moving from SDK4 to SDK26 credentials? Thanks in advance.

According to the documentation (https://developer.apple.com/documentation/avfoundation/avcontentkeyrequest/originatingrecipient?changes=_3&language=objc), starting with ios 18.4, I can get AVContentKeyRecipient from AVContentKeyRequest. But when I try to get it, I get a crash. What could be the issue? I want to note that I add the asset to the AVContentKeySession using the addContentKeyRecipient method (https://developer.apple.com/documentation/avfoundation/avcontentkeysession/addcontentkeyrecipient(_:)?changes=_3&language=objc).

I received my approval for FairPlay Streaming (FPS) and was getting things organized and then my computer crashed. So... Yes, I lost the 32 digit Account Security Key (ASk) that I was warned not to lose repeatedly... I understand that I can't query apple for the existing ASk. I don't see where I can delete the existing cert to request another one. So I assume I'll need to start from scratch either with another FPS approval process. Can someone please direct me on next steps for this boneheaded situation. Thank you

Hello, I’m using a valid certificate bundle generated with SDK 26 (combined RSA‑1024 + RSA‑2048). However, all my devices currently still generate SPC v2 during playback, including my iPhone 16 under iOS 26.2. Apple staff mentioned that future iOS versions will send SPC v3 when using an SDK 26 certificate bundle. Could you please clarify: Which iOS/macOS versions will first support SPC v3? Are there any additional client‑side requirements (Safari version, playback APIs, headers, etc.) to trigger SPC v3? Is there any way to test SPC v3 today, e.g., using beta builds? Thank you!

Hello, I am reviewing the sample codes of FairPlay Streaming SDK 26 and there was a place where I think is a mistake. The codes are for the server, for both Swift and Rust codes. There is an if statement which compares "ProtocolVersionUsed"(spcData.versionUsed) and SPCVersion1 constant, though "ProtocolVersionUsed" and SPC Version is a different thing, so shouldn't it be using a different constant value? [createContentKeyPayload.swift] // Fallback to version 1 if content can have encrypted slice headers, which need to be decrypted separately. Slice headers are not encrypted when using CBCS. if serverCtx.spcContainer.spcData.versionUsed == base_constants.SPCVersion.v1.rawValue && [createContentKeyPayload.rs] // Fallback to version 1 if content can have encrypted slice headers, which need to be decrypted separately. Slice headers are not encrypted when using CBCS. if (serverCtx.spcContainer.spcData.versionUsed == SPCVersion::v1 as u32) && Thank you.

Hi, Has anyone been able to protect the audio part of FairPlay protected content from being captured as part of screen recording on Safari/iOS (PWA and/or online web app)? We have tried many things but could not prevent the audio from being recorded. Same app and content on Safari/Mac does not allow audio to be recorded. Any tips?

I am working on offline license support for FairPlay. I am trying to identify offline vs. live streaming requests. How do I do that? Is there any way to identify the request type (offline or streaming) from SPC?

Hi, Our client currently has an FPS deployment certificate generated with SDK version 4 that is still actively used in production. They would like to generate an additional certificate using SDK version 26. Before doing so, they just want to confirm: Will the existing SDK 4 certificate remain unaffected and still visible in the Apple Developer portal? Any considerations they should keep in mind? Thanks! :)

Hi, Our client currently has an FPS deployment certificate generated with SDK version 4 that is still actively used in production. They would like to generate an additional certificate using SDK version 26. Before doing so, they just want to confirm: Will the existing SDK 4 certificate remain unaffected and still visible in the Apple Developer portal? Any considerations they should keep in mind? Thanks!