jeffehobbs · February 1, 2024 20:24 · jeffehobbs · Nov 27, 2022 · eboettn · Jan 12, 2023
diff --git a/get_wk_token.py b/get_wk_token.py
 # get_wk_token.py // jeffehobbs@gmail.com // Nov. 2022
 # from documentation here, which you should read first:
 # https://developer.apple.com/documentation/weatherkitrestapi/request_authentication_for_weatherkit_rest_api
 # 
 # 1. Have a valid ADC acount. https://developer.apple.com
 # 2. Download this script, and open it in a text editor. You'll have to change three variables.
 # 3. Make up a reverse-domain name service ID (i.e., com.domain.app). Place this in SERVICE_ID.
 # 4. Create an ADC service identifier. https://developer.apple.com/account/resources/identifiers/add/bundleId
 # 5. Create an ADC service key. https://developer.apple.com/account/resources/authkeys/add
 # 6. Download that service key, rename to 'wkservicekey.p8', and move it into same directory as this script.
 # 7. Install pyjwt ("pip install pyjwt"). Make sure not to use "jwt", as that will throw an error.
 # 8. Install cryptography ("pip install cryptography").
 # 9. Place KEY_ID in script, via: https://developer.apple.com/account/resources/authkeys/list
 # 10. Place your TEAM_ID in script, via: https://developer.apple.com/account/#MembershipDetailsCard
 # 11. Run this script ("python get_wk_token.py").
 # 12. Verify your token by running the CURL statement output to console. If it all works, at the end you'll get:
 #     * Connection #0 to host weatherkit.apple.com left intact
 #     ["currentWeather","forecastDaily","forecastHourly","weatherAlerts"]% 

 import jwt, time, cryptography

 # apple auth info, customize in steps 3, 9, and 10
 SERVICE_ID = 'com.domain.app'              # the reverse-domain service ID you made up in step 3
 KEY_ID = 'USE_YOUR_OWN'                    # this is a 10 char "Key ID" from the ADC portal, found by "viewing key details"
 TEAM_ID = 'USE_YOUR_OWN'                   # found under your ADC membership info
 # end customization

 with open('wkservicekey.p8') as rsa_priv_file:
    priv_rsakey = rsa_priv_file.read()

 IAT = int(time.time()) # unix time when running script
 EXP = IAT + 315360000  # unix time one decade from now

 HEADERS = {'alg': 'ES256', 'kid': KEY_ID, 'id': f'{TEAM_ID}.{SERVICE_ID}'}
 PAYLOAD = {
    'iss': TEAM_ID,
    'iat': IAT,
    'exp': EXP,
    'sub': SERVICE_ID
 }

 token = jwt.encode(PAYLOAD, priv_rsakey, algorithm='ES256', headers=HEADERS)

 print(f'\n---\nYour WeatherKit token is: \n\n{token}\n\nIn most authorization headers, the token is presented like this:\n\nAuthorization: Bearer {token}\n\nTo make sure the token is correct, copy and paste this curl statement into your console/terminal and run it:\n')
 print(f"curl -v -H 'Authorization: Bearer {token}' 'https://weatherkit.apple.com/api/v1/availability/37.323/122.032?country=US'")
 print(f'\nIf the last lines of that curl output are:\n\n* Connection #0 to host weatherkit.apple.com left intact\n["currentWeather","forecastDaily","forecastHourly","weatherAlerts"]%\n\n...then the token is valid and you can begin to access the WeatherKit REST API.\n')

 #fin
	# get_wk_token.py // jeffehobbs@gmail.com // Nov. 2022
	# from documentation here, which you should read first:
	# https://developer.apple.com/documentation/weatherkitrestapi/request_authentication_for_weatherkit_rest_api
	#
	# 1. Have a valid ADC acount. https://developer.apple.com
	# 2. Download this script, and open it in a text editor. You'll have to change three variables.
	# 3. Make up a reverse-domain name service ID (i.e., com.domain.app). Place this in SERVICE_ID.
	# 4. Create an ADC service identifier. https://developer.apple.com/account/resources/identifiers/add/bundleId
	# 5. Create an ADC service key. https://developer.apple.com/account/resources/authkeys/add
	# 6. Download that service key, rename to 'wkservicekey.p8', and move it into same directory as this script.
	# 7. Install pyjwt ("pip install pyjwt"). Make sure not to use "jwt", as that will throw an error.
	# 8. Install cryptography ("pip install cryptography").
	# 9. Place KEY_ID in script, via: https://developer.apple.com/account/resources/authkeys/list
	# 10. Place your TEAM_ID in script, via: https://developer.apple.com/account/#MembershipDetailsCard
	# 11. Run this script ("python get_wk_token.py").
	# 12. Verify your token by running the CURL statement output to console. If it all works, at the end you'll get:
	# * Connection #0 to host weatherkit.apple.com left intact
	# ["currentWeather","forecastDaily","forecastHourly","weatherAlerts"]%

	import jwt, time, cryptography

	# apple auth info, customize in steps 3, 9, and 10
	SERVICE_ID = 'com.domain.app' # the reverse-domain service ID you made up in step 3
	KEY_ID = 'USE_YOUR_OWN' # this is a 10 char "Key ID" from the ADC portal, found by "viewing key details"
	TEAM_ID = 'USE_YOUR_OWN' # found under your ADC membership info
	# end customization

	with open('wkservicekey.p8') as rsa_priv_file:
	priv_rsakey = rsa_priv_file.read()

	IAT = int(time.time()) # unix time when running script
	EXP = IAT + 315360000 # unix time one decade from now

	HEADERS = {'alg': 'ES256', 'kid': KEY_ID, 'id': f'{TEAM_ID}.{SERVICE_ID}'}
	PAYLOAD = {
	'iss': TEAM_ID,
	'iat': IAT,
	'exp': EXP,
	'sub': SERVICE_ID
	}

	token = jwt.encode(PAYLOAD, priv_rsakey, algorithm='ES256', headers=HEADERS)

	print(f'\n---\nYour WeatherKit token is: \n\n{token}\n\nIn most authorization headers, the token is presented like this:\n\nAuthorization: Bearer {token}\n\nTo make sure the token is correct, copy and paste this curl statement into your console/terminal and run it:\n')
	print(f"curl -v -H 'Authorization: Bearer {token}' 'https://weatherkit.apple.com/api/v1/availability/37.323/122.032?country=US'")
	print(f'\nIf the last lines of that curl output are:\n\n* Connection #0 to host weatherkit.apple.com left intact\n["currentWeather","forecastDaily","forecastHourly","weatherAlerts"]%\n\n...then the token is valid and you can begin to access the WeatherKit REST API.\n')

	#fin