Overview

The Tempest API supports the Authorization Code grant type. For clients that are unable to maintain the confidentiality of the client secret, the API also supports the Authorization Code with PKCE grant type.

Creating a Client Application

Before you can begin using OAuth with the Tempest API, you must register your application with WeatherFlow. To do so, sign in to your Tempest account on the Tempest Website, and then go to the Developers page.

The information below is required to register your application.

APPLICATION NAME
The name of your application. This name will be displayed on the authorization page and should be a name that users will recognize and trust.

APPLICATION DESCRIPTION
A brief description of your application.

AUTHORIZATION CALLBACK URL
The endpoint that will receive authorization codes. Each application may have multiple callback URLs. For mobile applications, a custom URL scheme can be registered.

πŸ“˜

To register an application you must have a Tempest account.

Authorization Code Grant Type

STEP 1:
Request authorization from the user using the authorization endpoint below.
https://tempestwx.com/authorize.html

With the request include the following query string parameters:

client_id
Provided when your application was created.

response_type
Set this value to code to indicate that you would like an authorization code returned.

redirect_uri
The url you want the user to be redirected to after the authorization is completed.

πŸ“˜

The redirect URL provided in the query string must be registered with the Tempest API. If needed, you may register more than one redirect URL.

STEP 2:

Once redirected to the authorization page, the user will approve or deny the authorization request. If they approve the request they will be redirected back to the redirect URL you provided along with an authorization code.

Exchange the authorization code for an access token by making a POST request to the API endpoint below.
https://swd.weatherflow.com/id/oauth2/token

In the URL Encoded Form body of the POST request include:

grant_type
Set this value to authorization_code

code
The authorization code received in the query string from the authorization server.

client_id
Provided when your application was created.

client_secrect
Provided when your application was created.

πŸ“˜

If you are not using a server application and cannot properly secure the client secret use the Authorization Code Grant with PKCE method instead.