Permissions
Access to the Tomorrow.io REST Weather API requires a valid access key with the right permissions, allowing it to be used to make requests to specific endpoints.
A default, "private" access token is available on your Dashboard and allows access to all of your resources via the various endpoints. Make sure to keep this key safe on server-side applications.
Multiple API keys can be created by your account manager, to support different development environments or different use cases.
Authentication
Your API keys carry full privileges, so make sure to keep them secure.
Be sure to include a valid API key with every request in order to access the API. Requests not properly authenticated will return a 403 error code.
API key authentication is slightly different from traditional basic authentication, as there is no email or user-name value, There are two ways to authenticate, you can either add the key value in query parameters or in the request header, like so:
curl --request POST \
--url 'https://api.tomorrow.io/v4/locations?apikey=API_KEY' \
--header 'content-type: application/json'
curl --request GET \
--url 'https://api.tomorrow.io/v4/locations' \
--header 'content-type: application/json'
--header 'apikey: API_KEY'