last night I only got 401 errors after the same script working fine an hour before. I checked the "downed services site" and all seemed well.
I almost tore up the whole project looking for the flaw when I thought to myself: "self, just give it a night and maybe it's an undocumented flaw on the API".
Well, this morning it works again.
I found the "# of API calls" report once... now I can't find it anymore. I'm sure it's there and will stumble across it again sometime and then forget.
I do wish somebody would document the WeatherKit API in a professional manner. It seems very much "institutional knowledge" at best, trial and error in the worst.
Maybe Ajax can get on that as it's first task :D.
I don't think Apple uses kph for precipitation intensity, at least not currently / anymore.
I ran a 240h hourly API request and the precipitation amount ranges from 0 to 1.9.
The precipitation intensity is identical to the precipitation amount.
Since it's hourly granularity, the unit of speed is definitely not "per second" so not m/s.
also K/h is implausible because 1.9 kph = 75000 inches per hour.
I would venture to guess that precipitation is "cm"
and precipitation intensity is "cm/h"
Has anyone found explicit confirmation of the units? I don't see it anywhere in Apple's documentation.
cloudCover: %
daylight: T/F
humidity: %
precipitationAmount: cm ?
precipitationIntensity: cm/h ?
pressure: hPa ?
snowfallIntensity: cm/h
snowfallAmount: cm
temperature: C
temperatureApparent: C
temperatureDewPoint: C
uvIndex: 0-10?
visibility: m?
windDirection: degrees ?
windGust: m/s ?
windSpeed: m/s ?
this works for me. note that you need to update with your token:
curl -v -H "Authorization: Bearer {YOUR_TOKEN_HERE}" "¤tAsOf=2022-01-01T00:00:00Z&hourlyStart=2022-01-01T00:00:00Z&hourlyEnd=2022-01-07T00:00:00Z&timezone=America/New_York&countryCode=US"
the token can be created with python:
import jwt
import datetime
TEAM_ID = 'TTTTTTTTTT' #replace with your team_id from the apple developers site, keep in quotes
KEY_ID = 'KKKKKKKKKK' #replace with key_id from the apple developers site
APP_ID = 'com.MyVeryOwnURL.WetterAPI' #invent this with your own domain in reverse
file_path = f'./AuthKey_{KEY_ID}.pem' # use full path to the key you download from Apple Developer Site. Note, I converted my .p8 file to .pem using `openssl pkcs8 -nocrypt -in AuthKey_KKKKKKKKKK.p8 -out AuthKey_KKKKKKKKKK.pem`
header = {
"alg": "ES256",
"kid": KEY_ID,
"id": f"{TEAM_ID}.{APP_ID}"
current_time = datetime.datetime.utcnow()
expiration_time = current_time + datetime.timedelta(minutes=19)
payload = {
"iss": TEAM_ID,
"iat": int(current_time.timestamp()),
"exp": int(expiration_time.timestamp()),
"sub": APP_ID
with open(file_path, 'r') as file:
private_key =
coordinates= '35.0,-80.0'
token = jwt.encode(payload, private_key, algorithm='ES256', headers=header)
# Create the curl command
curl_command = f'curl -v -H "Authorization: Bearer {token}" "¤tAsOf=2022-01-01T00:00:00Z&hourlyStart=2022-01-01T00:00:00Z&hourlyEnd=2022-01-07T00:00:00Z&timezone=America/New_York&countryCode=US"
After that's done, run it in the terminal. it'll give you your the line you need to copy and explicitly paste to execute on the terminal.
good luck!
I found this here, in case anyone else is looking for it:
I don't have an answer but I'm experiencing the same frustration. I'm trying to use python to generate my JWT then generate a curl command to test in the terminal (because it has verbose messaging).
I created a private key. under "Keys" create a key with the + button. this generates a file AuthKey_{KEY_ID}.p8 where {KEY_ID} is the key_id that was given.
I downloaded the p8 file.
I converted the p8 file to .pem using openssl pkcs8 -nocrypt -in AuthKey_{KEY_ID}.p8 -out AuthKey_{KEY_ID}.pem
I've seen different instructions regarding the creation of the identifier. the documentation says create a ServiceID. an 'influencer' I've tried to follow says to create an App ID identifier. I tried both but have questions: 1) if serviceID do I need to enable "Sign in with Apple". I did not. 2) If AppID, a) which appID Prefix do I choose? I chose the one associated with TeamID, although that was not the default. b) do I tick the box for WeatherKit under the Capabilities or App Services sub-tab? it offers both. I chose both.
3) I created a JWT using python. I have understood that the one 'key' is to get the header to include the APP_ID (the reverse URL). here's what I'm trying but it still fails:
## note remember to update the file path of the .pem file to reflect your username and file location
import jwt
import datetime
APP_ID = 'com.beispiel.WetterAPI'
file_path = f'/Users/myUser/sandbox/wetterapi/AuthKey_{KEY_ID}.pem'
header = {
"alg": "ES256",
"kid": KEY_ID,
"id": f"{TEAM_ID}.{APP_ID}"
current_time = datetime.datetime.utcnow()
expiration_time = current_time + datetime.timedelta(minutes=19)
payload = {
"iss": TEAM_ID,
"iat": int(current_time.timestamp()),
"exp": int(expiration_time.timestamp()),
"sub": APP_ID
with open(file_path, 'r') as file:
private_key =
token = jwt.encode(payload, private_key, algorithm='ES256', headers=header)
# Create the curl command
curl_command = f'curl -v -H "Authorization: Bearer {token}" ""'
that produces a curl command that I can drop into my terminal. the curl returns:
* Connected to (2600:1408:c400:58::17d5:9e54) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted http/1.1
* Server certificate:
* subject:; O=Apple Inc.; ST=California; C=US
* start date: Jul 25 21:03:10 2023 GMT
* expire date: Oct 23 21:13:10 2023 GMT
* subjectAltName: host "" matched cert's ""
* issuer: CN=Apple IST CA 8 - G1; OU=Certification Authority; O=Apple Inc.; C=US
* SSL certificate verify ok.
* using HTTP/1.1
> GET /api/v1/availability/37.323/122.032?country=US HTTP/1.1
> Host:
> User-Agent: curl/8.1.2
> Accept: */*
> Authorization: Bearer sdfsfns,dfnanflsandfasdanflknasdlknalsdknlnlnasflnldsfknalasdfknlksandflnsdflnasdflnsaldfknsldakfnlskndflsknadflnsadflnsaldfnaoiw,vm,asfdlkjsdlfklnvlnasdjfsdfadnflsakfndklsfdalknklfsdnlklrewoewu8llnsLSKNlkzxcLKlKNlnskdKVLKSNlknZLKcnLKLKAlkaMLnSDVBisdbdkvbkjvsavskajdbzCXk-2-TasdE-skdfjKJHkjKLlkJLKJlkNLnLKHHiUbKBNhIUHIU
< HTTP/1.1 401 Unauthorized
< Server: Apple
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=31536000; includeSubdomains
< X-XSS-Protection: 1; mode=block
< Access-Control-Allow-Origin: *
< X-Content-Type-Options: nosniff
< Content-Security-Policy: default-src 'self';
< X-REQUEST-ID: 8e5e48ac-410a-4398-b7e6-8d4fbd0454a4
< Date: Thu, 17 Aug 2023 01:56:37 GMT
< X-Cache: TCP_MISS from (AkamaiGHost/11.2.2-50400341) (-)
< Connection: close
* Closing connection 0
{"reason": "NOT_ENABLED"}%
I've tried this with both "Identifiers" by choosing a suffix to my Reverse URL and using that in one and not using that in the other...
I hope that helps more than it confuses.
I'd love if someone with knowledge can point me (us) in the right direction...