> ## Documentation Index
> Fetch the complete documentation index at: https://docs.climatifai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authenticate with Climatifai API

> Learn how access control works for the Climatifai API, including public endpoints, CORS configuration, and upstream API key handling.

The Climatifai API is designed for straightforward integration — its public endpoints do not require authentication headers. You can start making requests immediately without registering for a key or configuring credentials on your end.

## Public endpoints

All GET endpoints under `/agri`, `/fires`, and `/support` are publicly accessible. This includes:

* `/agri/advisor` — crop aptitude scoring
* `/agri/climate` — historical and projected climate series
* `/agri/geocode` — location search
* `/fires/hotspots` — NASA FIRMS fire detections
* `/fires/risk` — aggregated fire risk score
* `/support/programs` — government support programs
* `/health` — service health check

The GraphQL endpoint at `/graphql` is also publicly accessible. You can query it directly or use the GraphiQL playground in your browser without any credentials.

## CORS

The API accepts cross-origin requests from its configured origins. If you are consuming the API from a frontend application, make requests normally — the server handles CORS headers. If you receive unexpected CORS errors, contact your API provider.

## NASA FIRMS API key

Fire hotspot endpoints (`/fires/hotspots`, `/fires/risk`, and the GraphQL `hotspots` and `fireRisk` queries) proxy requests to NASA FIRMS on your behalf. The server handles the NASA API key — you do not need to obtain or pass one.

## Error codes from upstream services

Two status codes indicate upstream failures rather than problems with your request:

| Code  | Meaning                                                                                  |
| ----- | ---------------------------------------------------------------------------------------- |
| `502` | An upstream service (NASA FIRMS or Open-Meteo) returned an error or unexpected response. |
| `503` | The request was rate-limited by an upstream service. Wait briefly and retry.             |

In both cases, the response body includes a `detail` field describing which upstream service failed.

<Note>
  Some hosted deployments add authentication in front of the service at the gateway or infrastructure level — for example, requiring a bearer token or API key in the `Authorization` header. If you receive 401 or 403 responses, check with your API provider whether a gateway key is required for your environment.
</Note>
