Access Keys

Permissions

Access to the Tomorrow.io REST Weather API requires a valid access key with the right permissions, allowing it to be used to make requests to specific endpoints.

A default, "private" access token is available on your Dashboard and allows access to all of your resources via the various endpoints. Make sure to keep this key safe on server-side applications.

Authentication

Your API keys carry full privileges, so make sure to keep them secure.

Be sure to include a valid API key with every request in order to access the API. Requests not properly authenticated will return a 403 error code.

API key authentication is slightly different from traditional basic authentication, as there is no email or user-name value, There are two ways to authenticate, you can either add the key value in query parameters or in the request header, like so:

curl --request POST \
  --url 'https://api.tomorrow.io/v4/locations?apikey=API_KEY' \
  --header 'content-type: application/json'
curl --request GET \ 
  --url 'https://api.tomorrow.io/v4/locations' \
  --header 'content-type: application/json'
  --header 'apikey: API_KEY'