Requests for data (typically everything else than static HTML-pages) must be authenticated with a client ID, either by using Basic authentication without a password, or by using OAuth2 in combination with a client secret and an access token.

If you do not already have a client ID, you need to create a user.

Note: OAuth2 must be used for authorizing access to confidential data, while both Basic authentication and OAuth2 may be used to access freely available data.

Basic authentication

Example using curl:

          curl --user <client ID>: ""

Note: The colon after the client ID indicates an empty password field.

Note: In the API Reference, you can paste the client ID into a special field near the top of the page in order to authenticate calls. Alternatively, if you try to access a resource call without authenticating, the browser will usually pop up a credentials dialog where you can paste the the client ID into the username field (leaving the password field empty).

OAuth2 authentication

Using OAuth2 is a two-step process: First generate an access token by passing the client ID and client secret to the auth/accessToken endpoint. Then use the access token to get data. The access token typically expires after 24 hours, after which a new one must be generated.

Examples using curl:

STEP 1, generate an access token:

          curl -d 'client_id=<client ID>&client_secret=<client secret>&grant_type=client_credentials' ''
STEP 2, use the access token to get data:

          curl -H 'Authorization: Bearer <access token>' ''
This example shows how the OAuth2 protocol can be used to access Frost from a Python script.


Some data available through Frost are confidential and require authorized access using OAuth2 (see above).

Note: Accessing such data must be done using a special client ID and client secret provided by MET Norway, i.e. credentials generated with the self-service solution will not work.