Get ADC WeatherKit token for REST API

get_wk_token.py

# get_wk_token.py // [email protected] // Nov. 2022
# from documentation here, which you should read first:
# https://developer.apple.com/documentation/weatherkitrestapi/request_authentication_for_weatherkit_rest_api
# 
# 1. Have a valid ADC acount. https://developer.apple.com
# 2. Download this script, and open it in a text editor. You'll have to change three variables.
# 3. Make up a reverse-domain name service ID (i.e., com.domain.app). Place this in SERVICE_ID.
# 4. Create an ADC service identifier. https://developer.apple.com/account/resources/identifiers/add/bundleId
# 5. Create an ADC service key. https://developer.apple.com/account/resources/authkeys/add
# 6. Download that service key, rename to 'wkservicekey.p8', and move it into same directory as this script.
# 7. Install pyjwt ("pip install pyjwt"). Make sure not to use "jwt", as that will throw an error.
# 8. Install cryptography ("pip install cryptography").
# 9. Place KEY_ID in script, via: https://developer.apple.com/account/resources/authkeys/list
# 10. Place your TEAM_ID in script, via: https://developer.apple.com/account/#MembershipDetailsCard
# 11. Run this script ("python get_wk_token.py").
# 12. Verify your token by running the CURL statement output to console. If it all works, at the end you'll get:
#     * Connection #0 to host weatherkit.apple.com left intact
#     ["currentWeather","forecastDaily","forecastHourly","weatherAlerts"]% 

import jwt, time, cryptography

# apple auth info, customize in steps 3, 9, and 10
SERVICE_ID = 'com.domain.app'              # the reverse-domain service ID you made up in step 3
KEY_ID = 'USE_YOUR_OWN'                    # this is a 10 char "Key ID" from the ADC portal, found by "viewing key details"
TEAM_ID = 'USE_YOUR_OWN'                   # found under your ADC membership info
# end customization

with open('wkservicekey.p8') as rsa_priv_file:
    priv_rsakey = rsa_priv_file.read()

IAT = int(time.time()) # unix time when running script
EXP = IAT + 315360000  # unix time one decade from now

HEADERS = {'alg': 'ES256', 'kid': KEY_ID, 'id': f'{TEAM_ID}.{SERVICE_ID}'}
PAYLOAD = {
    'iss': TEAM_ID,
    'iat': IAT,
    'exp': EXP,
    'sub': SERVICE_ID
}

token = jwt.encode(PAYLOAD, priv_rsakey, algorithm='ES256', headers=HEADERS)

print(f'\n---\nYour WeatherKit token is: \n\n{token}\n\nIn most authorization headers, the token is presented like this:\n\nAuthorization: Bearer {token}\n\nTo make sure the token is correct, copy and paste this curl statement into your console/terminal and run it:\n')
print(f"curl -v -H 'Authorization: Bearer {token}' 'https://weatherkit.apple.com/api/v1/availability/37.323/122.032?country=US'")
print(f'\nIf the last lines of that curl output are:\n\n* Connection #0 to host weatherkit.apple.com left intact\n["currentWeather","forecastDaily","forecastHourly","weatherAlerts"]%\n\n...then the token is valid and you can begin to access the WeatherKit REST API.\n')

#fin

Check out https://gist.github.com/jeffehobbs/28206bfe2ca1750766bed8c3e06f2d59 for how to deploy this to AWS via Zappa, along with OpenAI summarization.

Check out https://gist.github.com/jeffehobbs/29659661dfcf76c42b2c606b945d2000 to integrate WeatherKit with Home Assistant.

I tried following your script to get the token but I’m getting an error I can’t resolve.

NameError: name ‘token’ is not defined.

What’s causing that? I’m sure I’m doing something wrong on my end, but I can’t figure it out. :slight_smile:

@eboettn great catch, I omitted a line (line 42). Should be fixed now. Try again?

That did it! Thanks!!!