I'm dabbling with the MusicKit API and came across this in the sample app.
Keep in mind, you should not hardcode the value of the developer token in your application. This is so that if you need to generate a new developer token you are able to without having to submit a new version of your application to the App Store.
This makes me wonder where I should store the token since it has a maximum expiry of 6 months. Is the idea that I would regenerate the token on the server and have the app periodically request a new one? Am I missing something obvious?
I don't know MusicKit but I imagine you store the token in the keychain after requesting it from a server that you control. That way the app will work without an internet connection (after the first fetch of the token). Your app can ping your server when there's a connection and ask if there's a new token.
The other option is just to store it in the app's Documents directory if it doesn't need to be secure. The main difference is that they keychain data will survive a re-install. In either case it has to come from somewhere outside the app bundle (like your server).