What is the primary authentication method for OpenUV?

OpenUV primarily uses API keys for authentication. These keys are unique identifiers included in HTTP requests to authorize access to the API.

How do I get an API key for OpenUV?

You obtain an API key by signing up for an account on the OpenUV website, logging into your user dashboard, and generating the key in the API access or developer settings section.

Where should I include my OpenUV API key in requests?

Your OpenUV API key must be sent in the `x-access-token` HTTP header for all authenticated requests to the API.

Is it safe to put my OpenUV API key in client-side code?

No, it is not safe to embed your OpenUV API key directly in client-side code. For client-side applications, requests should be proxied through a secure backend server that adds the API key.

What happens if my OpenUV API key is compromised?

A compromised API key can lead to unauthorized access to your OpenUV account, potentially exceeding your usage limits. You should immediately generate a new key and revoke the old one through your OpenUV dashboard.

Does OpenUV support OAuth 2.0 or other advanced authentication methods?

As of 2026, OpenUV's documentation indicates that API keys are the primary and essentially sole method for authentication. OAuth 2.0 is not explicitly supported for direct API access.

How often should I rotate my OpenUV API key?

It is a good security practice to periodically rotate your API keys, for example, every few months, or immediately if you suspect a key might have been compromised.

OpenUV Authentication: API Key Setup and Security (2026)

OpenUV authentication primarily relies on API keys for securing access to its UV index and forecast data. Developers integrate these keys into their application requests, typically within a custom HTTP header, to authorize their calls against the OpenUV API.

Authentication overview

OpenUV secures access to its API primarily through the use of API keys. These keys serve as a unique identifier and secret token that applications must present with each request to verify their identity and authorize access to the UV index, forecast, and sun protection time data. This method ensures that only authorized applications consume API resources and that usage can be tracked against specific accounts.

The OpenUV API is designed for straightforward integration, requiring the API key to be sent within a specific HTTP header. This approach is common for many web APIs, offering a balance between ease of implementation and security for client-server communication Google Cloud API key authentication. All communications with the OpenUV API should occur over HTTPS to protect the API key and data in transit from eavesdropping and tampering.

Successful authentication grants access to various API endpoints, including current UV index, hourly and daily forecasts, and recommended sun protection times. Failure to provide a valid API key, or providing an expired or revoked key, will result in an authentication error, typically an HTTP 401 Unauthorized or 403 Forbidden response.

Supported authentication methods

OpenUV exclusively supports API key authentication for accessing its services. This method is suitable for most application types, from server-side integrations to client-side applications where proper key management is implemented.

Authentication Method	When to Use	Security Level
API Key (HTTP Header)	Server-side applications, mobile apps, web applications with secure backend proxy	Moderate (dependent on key secrecy)

API keys are long, randomly generated strings that act as both an identifier and a secret. When using API keys, it is critical to treat them with the same level of security as passwords. Unlike OAuth 2.0, which delegates authorization through tokens issued after user consent, API keys directly grant access to the associated account's permissions OAuth 2.0 specification overview. Therefore, their exposure can lead to unauthorized access and potential misuse of your OpenUV account's API quota.

Getting your credentials

To obtain an API key for OpenUV, you must first register for an account on their official website. The process typically involves a few steps:

Sign Up: Navigate to the OpenUV website and sign up for a new account. This usually requires providing an email address and creating a password.
Verify Email: After signing up, you may need to verify your email address by clicking a link sent to your inbox.
Access Dashboard: Once your account is active, log in to your user dashboard.
Generate API Key: Within your dashboard, there will be a section dedicated to API access or developer settings where you can generate your API key. OpenUV's documentation provides specific instructions on how to find and manage your keys OpenUV API documentation. Typically, you'll find an option to reveal or generate a new key.
Copy Key: Carefully copy your API key. It is crucial to store this key securely and avoid hardcoding it directly into your application's source code, especially for client-side applications.

OpenUV offers a free tier that includes 50 API calls per day, which requires an API key for authentication. For higher usage limits, you can upgrade to a paid plan, with pricing details available on their website OpenUV pricing plans. Your API key remains the same regardless of your plan level, but the associated usage limits and features will vary.

Authenticated request example

Once you have obtained your API key, you can include it in your HTTP requests to the OpenUV API. The key must be sent in the x-access-token HTTP header. Here's an example using cURL, which is a common command-line tool for making HTTP requests:

curl -X GET \
  'https://api.openuv.io/api/v1/uv?lat=34.052235&lng=-118.243683' \
  -H 'x-access-token: YOUR_API_KEY_HERE'

In this example:

-X GET specifies the HTTP GET method.
'https://api.openuv.io/api/v1/uv?lat=34.052235&lng=-118.243683' is the API endpoint for getting UV data, with latitude and longitude parameters.
-H 'x-access-token: YOUR_API_KEY_HERE' is the crucial part for authentication. Replace YOUR_API_KEY_HERE with your actual OpenUV API key.

For client-side applications (e.g., JavaScript in a web browser), directly exposing your API key in the client-side code is a security risk. Instead, it is recommended to proxy your requests through a secure backend server. This server would hold your API key securely and add it to requests before forwarding them to OpenUV, returning the response to the client. This prevents the API key from being visible or extractable from the client-side application.

Here's a conceptual example of how you might structure a request in a JavaScript application, assuming a backend proxy:

async function getOpenUVData(latitude, longitude) {
  const response = await fetch(`/api/openuv-proxy?lat=${latitude}&lng=${longitude}`);
  if (!response.ok) {
    throw new Error(`HTTP error! status: ${response.status}`);
  }
  const data = await response.json();
  return data;
}

// Example usage:
getOpenUVData(34.052235, -118.243683)
  .then(data => console.log('OpenUV Data:', data))
  .catch(error => console.error('Error fetching OpenUV data:', error));

In this scenario, the /api/openuv-proxy endpoint on your server would handle adding the x-access-token header before making the actual request to https://api.openuv.io/api/v1/uv.

Security best practices

Securing your OpenUV API key is paramount to prevent unauthorized usage and maintain the integrity of your application. Adhering to these best practices will help protect your credentials:

Environment Variables: Store your API key as an environment variable (e.g., OPENUV_API_KEY) on your server or development machine. This prevents the key from being hardcoded directly into your source code, which could expose it if your code repository is compromised.
```
# Example for a Node.js application
process.env.OPENUV_API_KEY
```
Backend Proxy for Client-Side Apps: For web or mobile applications where the code runs on the client, never embed your API key directly in the client-side code. Instead, route all API requests through a secure backend server. The backend server will add the API key before forwarding the request to OpenUV. This prevents the key from being exposed to end-users or malicious actors who could inspect your client-side code.
Restrict Access: Limit who has access to your API keys within your team or organization. Only individuals who specifically need to work with the OpenUV API should have knowledge of the keys.
Regular Key Rotation: Periodically rotate your API keys. This means generating a new key and updating your applications to use it, then revoking the old key. Regular rotation minimizes the impact of a compromised key, as the exposure window is reduced. OpenUV's dashboard should provide functionality for key management and rotation.
Monitor Usage: Regularly monitor your API usage through your OpenUV dashboard. Unusual spikes in usage could indicate a compromised key or an issue with your application, allowing you to react quickly.
HTTPS Enforcement: Always ensure that all communication with the OpenUV API occurs over HTTPS (TLS). This encrypts the data in transit, protecting your API key and other sensitive information from interception during network transmission. The OpenUV API inherently supports and enforces HTTPS for all endpoints.
IP Whitelisting (if available): If OpenUV offers IP whitelisting, configure your API key to only accept requests originating from a specific set of trusted IP addresses (e.g., your server's IP). This adds an extra layer of security, as even if your key is stolen, it cannot be used from an unauthorized location. (Check OpenUV documentation for this specific feature).
Error Handling: Implement robust error handling in your application to gracefully manage authentication failures. This can prevent sensitive information from being logged or displayed to end-users in case of an invalid key.

By implementing these security measures, developers can significantly reduce the risk of unauthorized access to their OpenUV account and ensure the continuous, secure operation of their applications.

OpenUV Authentication: API Key Setup and Security (2026)

Authentication overview

Supported authentication methods

Getting your credentials

Authenticated request example

Security best practices

Frequently asked questions

Reviews

Discussion

Written by