How to use Apple’s WeatherKit to fetch weather data.
WeatherKit is Apple’s proprietary API service to provide weather data to devs who signed up for the Apple’s Developer program. Unlike, most of Apple’s APIs which are only available as libraries for apps, WeaterKit also offers a REST service for web apps. A developer account costs 99$, that includes 500K/month free API calls to the service, which is significantly cheaper than it’s competition. Let’s see how to configure the service.
Certificates & Identities
The first step in using the API is to create a key on the developer console.
You’re presented with the program resources after logging into your developer console. Go to Keys under the section Certificates, IDs & Profiles.
Click on the + button to add a new key. Select an appropriate key name, ‘WeatherKitApp’ in my case, check the box next to Weather Kit and hit continue.
Next, click on the Register button and then download the key and click done.
The copy of the key is removed from Apple’s servers once the key is downloaded, so make sure you download your key only when you’re ready to do so.
A file with the format of AuthKey_<KeyID>.p8 is then downloaded. Also, make note of the Key ID.
The .p8 file is a simple text file containing the private key. Let’s convert this into a .pem file.
openssl pkcs8 -nocrypt -in AuthKey_<YOURKEYID>.p8 -out AuthKey_<YOURKEYID>.pemThis creates a new .pem file.
It’s time to create a new Service ID. Click on Identifiers and click the + button to add a new Service ID. Select Services IDs and click continue.
Assign a suitable description and an identifier in reverse domain format. You don’t necessarily need to have a domain to add an identifier, but if you do, I’d suggest you to use it. For example, if your domain is ihemanth.com, then com.ihemanth.weatherkitapp would be a systematic way of choosing an identifier.
Click continue and then register the Service ID.
JWT Token
A JWT (JSON Web Token) needs to be sent along with the request to authenticate ourselves as a trusted developer and a user of Apple Developer Program (see docs). Apple requires that our JWT must be constructed from the following attributes:
HEADER
{
"alg": "ES256",
"kid": "ABC123DEFG",
"id": "DEF123GHIJ.com.example.weatherkit-client"
}
PAYLOAD
{
"iss": "DEF123GHIJ",
"iat": 1437179036,
"exp": 1493298100,
"sub": "com.example.weatherkit-client"
}ES256 is the algorithm used to sign the token. Use of any other algorithms will result in a response code of 401 (Unauthorised).
“kid” is the 10-character Key ID generated after creating a new Key on the console
“id” is your 10-character Developer team ID concatenated with your reverse domain name separated by a period
“iss” is your Developer Team ID
“iat” is the issuer time in Unix epoch time
“exp” is the expiry time in Unix epoch time
“sub” is your Service ID (reverse domain name)
The above details are enough for us to create a JWT. Next, the token must be signed with the private key(.pem) using ES256 algorithm.
Creating & Signing the JWT
We’re going to need the Python JWT library to sign and generate the JWT keys.
pip install jwtHere’s an example Python code to generate the JWT.
import jwt
import time
pem_file_path = 'PATH TO .pem FILE'
now = time.time()
payload = {
'iss': 'YOUR DEVELOPER TEAM ID',
'iat': int(now),
'exp': int(now + 1800),
'sub': 'REVERSE DOMAIN NAME'
}
headers = {
'alg': 'ES256',
'type':'JWT',
'kid': 'YOUR KEY ID',
'id': 'DEVELOPER TEAM ID.REVERSE DOMAIN NAME'
}
with open(pem_file_path, 'r') as f:
private_key = f.read()
signed_token = jwt.encode(payload, private_key, algorithm='ES256', headers=headers)
print(signed_token)Populate the fields with your own credentials and run the python program. This program will generate you the JWT that you can use to fetch weather data from WeatherKit.
curl -v -H 'Authorization: Bearer [developer token]' "https://weatherkit.apple.com/api/v1/availability/37.323/122.032?country=US"Copy your JWT(output of the program) and populate it in the place of “developer token” and send a request.
