Authentication
The countries.dev API needs no API key, token or signup. Learn how authentication works (it doesn't), and how to call the country data API directly from the browser with CORS.
No API key required
countries.dev has no authentication. There are no API keys, tokens, OAuth flows or accounts. Send a request to any endpoint and you get JSON back:
curl https://countries.dev/alpha/FRThat's the entire setup — nothing to sign up for, nothing to rotate, nothing to leak in a frontend bundle.
Why there's no key
Country data — ISO codes, flags, currencies, calling codes — doesn't change often and isn't sensitive. Gating it behind keys, quotas and dashboards adds friction without protecting anything. So the API is open: free to call, free to ship.
Calling from the browser
Every response includes permissive CORS headers (Access-Control-Allow-Origin: *), so you can fetch directly from client-side JavaScript — no proxy or backend required:
const country = await fetch('https://countries.dev/alpha/JP').then((r) => r.json());This makes it a good fit for country dropdowns, phone-number inputs, flag pickers and other UI that runs in the browser.
Limits
There are no per-key quotas because there are no keys. A generous abuse ceiling protects the service — see Rate limits & caching.
Quick Start
Get started with the countries.dev REST API — a free country data API with no API key and no signup. Fetch countries, ISO codes, flags, currencies, languages, cities, postal codes and IP geolocation in seconds.
Response format
Every countries.dev endpoint returns JSON. Learn how to select fields, sort and paginate the country API response with the fields, sort, order, limit and offset query parameters.