The MusicKit JS V3 documentation has this article about Native WebViews. For some reason, my app fails to do anything after musicKitInstance.authorize() is called. I think that it is not being recognized as a WebView and is trying to open the window as if it was running in a browser, but since it's not a browser, there's no way for it to open a browser window. Is there something I can do to make this work? I have tried many things, including setting the user agent to a few different ones for web views and seeing if it behaves differently but didn't see any different behavior. Is there something musickit.js checks for, when determining if it's running in a WebView, that I can leverage to ensure the Native WebView workflow is followed?

Hi! For a couple of days and only for some users, we are getting this error message on this endpoint: https://api.music.apple.com/v1/me/library/playlists?limit=100 {"id":"6NT5LBXIZW65K2G3L6QY3WWYAA","title":"Upstream Service Error","detail":"Error fetching library content","status":"500","code":"50001"} Any idea?

Hello, I am working on the Musickit web browser application. I have created my developer token as mentioned in the documentation. When I call the authorize() method to authenticate, I get the Apple Music pop up as expected. However, after entering the user credentials and "allowing" access, I get the following error: POST https://play.itunes.apple.com/WebObjects/MZPlay.woa/wa/webPlayerLogout 403 (Forbidden) musickit.js:28 Uncaught (in promise) AUTHORIZATION_ERROR: Unauthorized at https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:269512 at Generator.next () at asyncGeneratorStep$u (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:266594) at _next (https://js-cdn.music.apple.com/musickit/v3/musickit.js:28:266821) I am using an user account with paid subscription to Apple Music. With the JWT created, I am able to make API calls and receive the response for requests that do that need the userToken. I am currently stuck at this step and would like some help to root cause this issue.

After thoroughly scouring the internet numerous times, I came to the realization that Apple has not documented their User Authentication flow. Instead, developers are often directed to use their JavaScript solution, which proves to be insufficient and impractical for many projects. Could we please request a comprehensive documentation outlining the process of generating a Music User Token from the Developer Token? This would greatly benefit developers seeking to integrate Apple Music functionality into their projects.

I was about to finally sign up for the Apple Music affiliate program since one of my apps does provide the MusickKit Subscription Offer. However, it looks like it was renamed and restricts usage to only artists and record labels. (https://partners.applemediaservices.com) Is this correct? Can I as an indie developer not earn commission of Apple Music that I drive from my apps?

Access to fetch at 'https://play.itunes.apple.com/WebObjects/MZPlay.woa/wa/webPlayback' from origin 'http://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Has anyone found a way to retrieve user token if I want to make an app on Flutter that uses that to make Apple Music API calls to just retrieve the user data and display it on the application? Something like when a user opens their app, there is a button that says connect with apple. It takes the user to give permissions for apple music and that retrieves their user token. I know there is Music Kit on Swift but i wonder if there is something like that on flutter

Hello, Problem I am having the exact same issue as described here : https://forums.developer.apple.com/forums/thread/693310 From my understanding of the answers on this topic, it appears to be a problem on the Server Side. Is it still the case or perhaps I am missing something ? Here are the curl commands and their outputs : Storefront call ➜ ~ curl -v -H 'Authorization: Bearer [VALID TOKEN]' "https://api.music.apple.com/v1/storefronts/us" * Trying [2a02:26f0:2b00:3ab::2a1]:443... * Connected to api.music.apple.com (2a02:26f0:2b00:3ab::2a1) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /etc/ssl/cert.pem * CApath: none * [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Server hello (2): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Unknown (8): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Certificate (11): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, CERT verify (15): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Finished (20): * [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=itunes.apple.com * start date: Jan 23 20:23:43 2024 GMT * expire date: Jul 21 20:33:43 2024 GMT * subjectAltName: host "api.music.apple.com" matched cert's "api.music.apple.com" * issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 2 - G1 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * h2h3 [:method: GET] * h2h3 [:path: /v1/storefronts/us] * h2h3 [:scheme: https] * h2h3 [:authority: api.music.apple.com] * h2h3 [user-agent: curl/7.87.0] * h2h3 [accept: */*] * h2h3 [authorization: Bearer [VALID TOKEN]] * Using Stream ID: 1 (easy handle 0x12680a800) > GET /v1/storefronts/us HTTP/2 > Host: api.music.apple.com > user-agent: curl/7.87.0 > accept: */* > authorization: Bearer [VALID TOKEN] > < HTTP/2 200 < server: daiquiri/5 < content-type: application/json;charset=utf-8 < x-apple-jingle-correlation-key: QZSH3IR75IPQYS7LSN5C5EUJRI < x-apple-request-uuid: 86647da2-3fea-1f0c-4beb-937a2e92898a < b3: 86647da23fea1f0c4beb937a2e92898a-1d7eb7b8ad18bc4d < x-b3-traceid: 86647da23fea1f0c4beb937a2e92898a < x-b3-spanid: 1d7eb7b8ad18bc4d < apple-seq: 0.0 < apple-tk: false < apple-originating-system: MZStorePlatform < x-apple-application-site: MR22 < x-apple-application-instance: 3588504 < x-responding-instance: MZStorePlatform:3588504::: < apple-timing-app: 4 ms < access-control-allow-origin: * < strict-transport-security: max-age=31536000; includeSubDomains < x-daiquiri-instance: daiquiri:11896006:mr84p00it-qujn09092102:7987:24RELEASE93:daiquiri-amp-store-l7shared-int-001-mr < x-daiquiri-instance: daiquiri:12282002:mr47p00it-qujn07081302:7987:24RELEASE93:daiquiri-amp-store-l7shared-ext-001-mr < cache-control: public, no-transform, max-age=2625 < date: Tue, 23 Apr 2024 14:08:00 GMT < content-length: 276 < x-cache: TCP_REFRESH_MISS from a2-17-114-29.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (S) < x-cache-remote: TCP_HIT from a2-17-114-18.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-) < vary: Accept-Encoding < vary: Accept-Encoding < * Connection #0 to host api.music.apple.com left intact {"data":[{"id":"us","type":"storefronts","href":"/v1/storefronts/us","attributes":{"supportedLanguageTags":["en-US","es-MX","ar","ru","zh-Hans-CN","fr-FR","ko","pt-BR","vi","zh-Hant-TW"],"explicitContentPolicy":"allowed","name":"United States","defaultLanguageTag":"en-US"}}]}% Album call ➜ ~ curl -v -H 'Authorization: Bearer [VALID TOKEN]' "https://api.music.apple.com/v1/catalog/us/albums/310730204" * Trying [2a02:26f0:2b00:3ab::2a1]:443... * Connected to api.music.apple.com (2a02:26f0:2b00:3ab::2a1) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /etc/ssl/cert.pem * CApath: none * [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Server hello (2): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Unknown (8): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Certificate (11): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, CERT verify (15): * [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Finished (20): * [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 * ALPN: server accepted h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionCountryName=US; jurisdictionStateOrProvinceName=California; serialNumber=C0806592; C=US; ST=California; L=Cupertino; O=Apple Inc.; CN=itunes.apple.com * start date: Jan 23 20:23:43 2024 GMT * expire date: Jul 21 20:33:43 2024 GMT * subjectAltName: host "api.music.apple.com" matched cert's "api.music.apple.com" * issuer: C=US; O=Apple Inc.; CN=Apple Public EV Server RSA CA 2 - G1 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * h2h3 [:method: GET] * h2h3 [:path: /v1/catalog/us/albums/310730204] * h2h3 [:scheme: https] * h2h3 [:authority: api.music.apple.com] * h2h3 [user-agent: curl/7.87.0] * h2h3 [accept: */*] * h2h3 [authorization: Bearer [VALID TOKEN]] * Using Stream ID: 1 (easy handle 0x148010a00) > GET /v1/catalog/us/albums/310730204 HTTP/2 > Host: api.music.apple.com > user-agent: curl/7.87.0 > accept: */* > authorization: Bearer [VALID TOKEN] > < HTTP/2 500 < server: daiquiri/5 < content-type: application/json; charset=utf-8 < content-length: 42 < access-control-allow-origin: * < x-apple-jingle-correlation-key: EABGYDVEO5AFSK47FMXBMUMODY < x-apple-application-site: st < strict-transport-security: max-age=31536000; includeSubDomains < x-daiquiri-instance: daiquiri:42282002:st53p00it-qujn13050102:7987:24RELEASE93:daiquiri-amp-store-l7shared-ext-001-st < date: Tue, 23 Apr 2024 14:08:03 GMT < x-cache: TCP_MISS from a2-17-114-29.deploy.akamaitechnologies.com (AkamaiGHost/11.4.5-55391218) (-) < * Connection #0 to host api.music.apple.com left intact {"message":"An unexpected error occurred"}% Am I missing something ? Is it a server side issue ? If so, when will it be fixed ? Otherwise, what is wrong with my approach ?

Could some tell what the relevant endpoint is for fetching all public list of a user playlist. I am able to fetch a one via the id but i want to fetch all in a single request without using authorization.