- Language: Python
- Framework: Django
- Database: Postgres
Our app needs to do background operations that need an Apple Music token. I’m getting a token from Apple after the user had authorized the app to access his account. How do I store it securely in my database? Do I need to encrypt it?
The app already utilizes this token when a user initiates an action but throws it away. I want a way to store it in the database, securely.
How the token is obtained
This page at the Apple Music API docs is sparse but gives an overview on how the token is generated/obtained.
It seems that for every request that has to do with user data, we need to send two tokens: the developer token (JWT generated), and the user token (which is just a long string).
curl -v -H 'Music-User-Token: [music user token]' -H 'Authorization: Bearer [developer token]' "https://api.music.apple.com/v1/catalog/us/songs/203709340"
The user token is granted when the user authorizes the specific app to read/modify his Apple Music library.
Example user token:
My question is: can the token just be saved as a StringField in the database, can it only be used together with the developer token? or do I need to encrypt it?