In the Apple Developer portal, create a MusicKit identifier and download a private key (.p8 file), noting the Key ID and your Team ID.
Construct a JWT with the header fields alg=ES256 and kid equal to your Key ID, and payload fields iss (your Team ID), iat (current epoch time), and exp (expiry, maximum 6 months from now).
Sign the JWT using the ES256 algorithm with your .p8 private key.
Include the token as a Bearer token in the Authorization header of requests to the Apple Music API base URL.
To search the catalog, send a GET request to the catalog search endpoint for the desired storefront, passing term (your query) and types (e.g., songs, albums) as query parameters.
Parse the results object in the response, which contains keyed collections matching each requested type.
Known gotchas
The JWT expiry cannot exceed 6 months from the issued-at time; tokens with a longer exp value are rejected.
The private key file (.p8) can only be downloaded once from the Apple Developer portal; store it securely immediately after download.
Storefront codes (e.g., us, gb) are required in catalog endpoints; using an incorrect or missing storefront code returns a 404 or empty results.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp