Hey there, sorry to hear you're hitting that frustrating 401 error when working with the Apple Music API on Windows—let's walk through the most common fixes to get you back on track.

Common Causes & Fixes #

1. Invalid or Expired JWT Token #

Apple Music API relies on signed JWT tokens for authentication, and even small mistakes here can trigger a 401. Here's what to check:

• Token Expiry: Ensure your token's exp claim is set correctly (max 1800 seconds/30 minutes from generation). Older tokens will be rejected immediately.
• Correct Claims: Verify the iss (your Team ID), aud (must be https://music.apple.com), and kid (your Key ID) are all accurate. You can decode the token without verifying the signature to inspect these values using pyjwt:

  import jwt
  token = "YOUR_GENERATED_TOKEN"
  decoded = jwt.decode(token, options={"verify_signature": False})
  print(decoded)
  

• Signature Issues: Double-check that you're using the correct .p8 private key file, and that you're signing with the ES256 algorithm—this is required by Apple.

2. Windows File Path Problems for Private Key #

Windows uses backslashes in file paths, which can cause issues if not handled properly in Python:

• Use raw string literals for your certificate path to avoid escape character errors:

  cert_path = r"C:\Users\YourUsername\Documents\AuthKey_ABC123.p8"
  

• Alternatively, use os.path to build the path dynamically, which handles Windows paths automatically:

  import os
  cert_path = os.path.join(os.environ["USERPROFILE"], "Documents", "AuthKey_ABC123.p8")
  

3. Incorrect Request Headers #

A tiny typo in your request headers can lead to authorization failures:

• Ensure the Authorization header follows the exact format: Bearer {your_token} (note the space after "Bearer"—lowercase "bearer" won't work).
• For user-specific endpoints (like accessing a user's library), you'll also need a valid Music-User-Token in your headers. If you're missing this for those endpoints, you'll get a 401.

4. Network/Proxy Interference #

Windows system proxies or firewalls might be modifying or blocking your API requests, causing the token to not be properly transmitted:

• Try disabling any active proxies temporarily to test.
• If using the requests library, you can force-disable proxies in your request:

  response = requests.get(url, headers=headers, proxies={"http": None, "https": None})
  

Working Example Code #

Here's a minimal, tested snippet to generate a valid token and make a basic API request on Windows:

import jwt
import requests
import time
import os

# Replace these with your actual credentials
TEAM_ID = "YOUR_TEAM_ID"
KEY_ID = "YOUR_KEY_ID"
# Use raw string or os.path for Windows paths
CERT_PATH = r"C:\Path\To\Your\AuthKey_XXXXXX.p8"

# Generate JWT token
with open(CERT_PATH, "r") as f:
    private_key = f.read()

payload = {
    "iss": TEAM_ID,
    "exp": int(time.time()) + 1800,  # 30-minute expiry
    "aud": "https://music.apple.com"
}

token = jwt.encode(
    payload,
    private_key,
    algorithm="ES256",
    headers={"kid": KEY_ID}
)

# Test request (get a sample song from US catalog)
url = "https://api.music.apple.com/v1/catalog/us/songs/1602967719"
headers = {"Authorization": f"Bearer {token}"}

response = requests.get(url, headers=headers)
print(f"Status Code: {response.status_code}")
print(response.json())

Start with verifying your token generation, then work through the other checks—this should help you nail down the root cause of that 401 error.

内容的提问来源于stack exchange，提问作者MSTR Prime