Access to the Tomorrow.io REST Weather API requires a valid access key with the right permissions, allowing it to be used to make requests to specific endpoints.
A default, "private" access token is available on your Dashboard and allows access to all of your resources via the various endpoints. Make sure to keep this key safe on server-side applications.
Your API keys carry full privileges, so make sure to keep them secure.
Be sure to include a valid API key with every request in order to access the API. Requests not properly authenticated will return a 403 error code.
API key authentication is slightly different from traditional basic authentication, as there is no email or user-name value, There are two ways to authenticate, you can either add the key value in query parameters or in the request header, like so:
curl --request POST \ --url 'https://api.tomorrow.io/v4/locations?apikey=API_KEY' \ --header 'content-type: application/json'
curl --request GET \ --url 'https://api.tomorrow.io/v4/locations' \ --header 'content-type: application/json' --header 'apikey: API_KEY'