Creating A Developer Token For Apple Music API

Question

I'm currently trying to create a Developer Token for the MusicKit API, I have the following: 10 digit Team-Id, 10 digit Key-Id, a .p8 AuthKey file. All of these are valid. I have tried using the following code to generate the token:

JavaScript in VSCode:

"use strict";
const fs      = require("fs");
const jwt     = require("jsonwebtoken");

const privateKey = fs.readFileSync("AuthKey.p8").toString();
const teamId     = "ABCDEFGHIJ";
const keyId      = "1234567891";

const jwtToken = jwt.sign({}, privateKey, {
    algorithm: "ES256",
    expiresIn: "180d",
    issuer: teamId,
  header: {
    alg: "ES256",
    kid: keyId
  }
});

console.log(jwtToken);

Python (pelauimagineering's generator code from github with some minor tweaks)

import datetime
import jwt

//not a real private key but it looks something like this
secret = """-----BEGIN PRIVATE KEY-----
asdfg1rty5GSM49AgEGCCqGSM49AwEHBHkwdwIBAQQguWRXMHYkuFImkMGByqEPT
jaXQyO0WK1BjYpuDxIgNQ5nHRRFCuUOi8mgCgYIKoZIzj0DAQehcp0+Z+jwRANCAA
RCBFg8fL08QS36Fb8HmY+eFrDWMO00w5unCo5n8VyLhvttIZeByXlVsJrK/L3f/
F2wYmZme
-----END PRIVATE KEY-----"""
teamId = "ABCDEFGHIJ";
keyId = "1234567891"
alg = 'ES256'

time_now = datetime.datetime.now()
time_expired = datetime.datetime.now() + datetime.timedelta(hours=12)

headers = {
    "alg": alg,
    "kid": keyId
}

payload = {
    "iss": teamId,
    "exp": int(time_expired.timestamp()),
    "iat": int(time_now.timestamp())
}


if __name__ == "__main__":
    """Create an auth token"""
    token = jwt.encode(payload, secret, algorithm=alg, headers=headers)

    print("----TOKEN----")
    print(token)

However the tokens generated from both scripts return an HTTP 401, What am I doing wrong? Are there any other scripts I could try? Are there any extra requirements I missed? (Besides Team-ID,Key-ID,and AuthKey.p8) I've been at this for a while so any help is appreciated! :D

score 1 · Accepted Answer · answered Mar 20 '20 at 15:28

1

I ran into the same problem, make sure your AuthKey.p8 file has the key on one line. Yours looks like this:

When it should look like this:

-----BEGIN PRIVATE KEY-----
asdfg1rty5GSM49AgEGCCqGSM49AwEHBHkwdwI...
-----END PRIVATE KEY-----

answered Mar 20 '20 at 15:28

Koby 27

1,049
1
8
17

Thanks, Fixed it! – barbecu Mar 20 '20 at 17:10
hmm, makes no difference for me – Denis Mysenko May 14 '20 at 09:22
it's ridiculous how undocumented this is. seemed to work for me as well – Andrew Feb 23 '22 at 04:03

Brian Hamm · Answer 2 · 2020-03-18T22:26:32.953

Here's the script I use. Just used it last week to re-up my developer token. I'm an iOS dev (not a Python dev), so I can't really troubleshoot it. I just know it works.

# requires pyjwt (https://pyjwt.readthedocs.io/en/latest/)
# pip install pyjwt


import datetime
import jwt


secret = """
-----BEGIN PRIVATE KEY-----
blah...CqGSM...49AwEH...BHkwdw...IBAQQgRESoq...etc
-----END PRIVATE KEY-----
"""

keyId  = "myKeyId"    # https://developer.apple.com/account/ios/authkey/
teamId = "myTeamId"   # https://developer.apple.com/account/#/membership/
alg    = "ES256"

time_now = datetime.datetime.now()
time_expired = datetime.datetime.now() + datetime.timedelta(hours = 4320)   #180d

headers = {
    "kid": keyId,
    "alg": alg
}

payload = {
    "iss": teamId,
    "iat": int(time_now.strftime("%s")),
    "exp": int(time_expired.strftime("%s"))
}


if __name__ == "__main__":
    """Create an auth token"""
    token = jwt.encode(payload, secret, algorithm = alg, headers = headers)

    print "\n----TOKEN----"
    print token

    print "\n----CURL----"
    print "curl -v -H 'Authorization: Bearer %s' \"https://api.music.apple.com/v1/catalog/us/artists/36954\" \n" % (token)


#end

This is the same script I used just with strftime (which doesn't work on windows and is the same as timestamp) — barbecu, Mar 19 '20 at 13:24

Creating A Developer Token For Apple Music API

2 Answers2