Skip to content

Instantly share code, notes, and snippets.

Last active February 1, 2024 20:24
Show Gist options
  • Save jeffehobbs/1d35ac0d49b59ce75bc74f033188a6f1 to your computer and use it in GitHub Desktop.
Save jeffehobbs/1d35ac0d49b59ce75bc74f033188a6f1 to your computer and use it in GitHub Desktop.
Get ADC WeatherKit token for REST API
# // // Nov. 2022
# from documentation here, which you should read first:
# 1. Have a valid ADC acount.
# 2. Download this script, and open it in a text editor. You'll have to change three variables.
# 3. Make up a reverse-domain name service ID (i.e., Place this in SERVICE_ID.
# 4. Create an ADC service identifier.
# 5. Create an ADC service key.
# 6. Download that service key, rename to 'wkservicekey.p8', and move it into same directory as this script.
# 7. Install pyjwt ("pip install pyjwt"). Make sure not to use "jwt", as that will throw an error.
# 8. Install cryptography ("pip install cryptography").
# 9. Place KEY_ID in script, via:
# 10. Place your TEAM_ID in script, via:
# 11. Run this script ("python").
# 12. Verify your token by running the CURL statement output to console. If it all works, at the end you'll get:
# * Connection #0 to host left intact
# ["currentWeather","forecastDaily","forecastHourly","weatherAlerts"]%
import jwt, time, cryptography
# apple auth info, customize in steps 3, 9, and 10
SERVICE_ID = '' # the reverse-domain service ID you made up in step 3
KEY_ID = 'USE_YOUR_OWN' # this is a 10 char "Key ID" from the ADC portal, found by "viewing key details"
TEAM_ID = 'USE_YOUR_OWN' # found under your ADC membership info
# end customization
with open('wkservicekey.p8') as rsa_priv_file:
priv_rsakey =
IAT = int(time.time()) # unix time when running script
EXP = IAT + 315360000 # unix time one decade from now
HEADERS = {'alg': 'ES256', 'kid': KEY_ID, 'id': f'{TEAM_ID}.{SERVICE_ID}'}
'iss': TEAM_ID,
'iat': IAT,
'exp': EXP,
token = jwt.encode(PAYLOAD, priv_rsakey, algorithm='ES256', headers=HEADERS)
print(f'\n---\nYour WeatherKit token is: \n\n{token}\n\nIn most authorization headers, the token is presented like this:\n\nAuthorization: Bearer {token}\n\nTo make sure the token is correct, copy and paste this curl statement into your console/terminal and run it:\n')
print(f"curl -v -H 'Authorization: Bearer {token}' ''")
print(f'\nIf the last lines of that curl output are:\n\n* Connection #0 to host left intact\n["currentWeather","forecastDaily","forecastHourly","weatherAlerts"]%\n\n...then the token is valid and you can begin to access the WeatherKit REST API.\n')
Copy link

jeffehobbs commented Jan 12, 2023

@eboettn great catch, I omitted a line (line 42). Should be fixed now. Try again?

Copy link

eboettn commented Jan 13, 2023

That did it! Thanks!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment