Authentication

Every API request requires a valid API key.

API key format

Keys are prefixed with pub_ followed by 32 lowercase hex characters (a-f, 0-9). Example:

pub_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

Passing your key

You can authenticate using either method:

Header (preferred)

Pass the key in the x-api-key request header:

curl -H "x-api-key: pub_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4" \
  https://activeweather.com/v1/forecast/862a10747ffffff.json

Query parameter

Alternatively, pass the key as a query parameter. This is useful for quick testing or environments where custom headers are difficult to set:

https://activeweather.com/v1/forecast/862a10747ffffff.json?api_key=pub_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

Security note: The header method is preferred because query parameters may appear in server logs and browser history. Use the query parameter only when headers are not available.

Key management

Each account can have multiple API keys
Keys can be revoked individually from the dashboard
Rate limits and usage are tracked per key
Never expose your API key in client-side code — use a backend proxy for browser-based apps

Next: Endpoints →