Application security question to which you can invite others via email to share data.

Sending some type of key via email is not very secure since email can be intercepted.  As example, PCI compliance prevents merchants from receiving credit card data via email.

If all you want to do is invite others to share music, I would simply let User 1 fill in a simple form field with the email address of the person you want to share with.   On the back end, the email address (used as an ID) is associated with USER 1 for either all music or just the one song.  

USER 2 receives the email with a link to join your service and use the email as the username/ID.  Once they sign up, your back end work already has associated USER 2's email with USER 1's music.  

I would still require USER 2 to  receive an approver email after they initially signed up.

Thx, I did think about that but what if User 1 is a hacker or a jerk and knows a email address, first name and last name of User 2 closest friends or relatives and just fills out the form? Guess I thought this is where that key came into play as a added measure but I hear what you are saying about it being intercepted. Just haven't had the most experience with this part of app development so I'm trying to come up with a good and secure way. Maybe I would have to have a signup and "go check your email to confirm..." but isn't that the same thing I was thinking with a key?

For example MailChimp .... has a signup and then you get a email with a link to which you have to confirm from a sent email (link below is a example of their link).

http://somedomain.us7.list-manage.com/subscribe/confirm?u=55770920d4fa2cc130650b396f908&id=bec174013231&e=5fff812e5aed