> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wearo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate your Direct API requests to Wearo.

# Authentication

All Direct API requests must include your API key in the `X-API-Key` header. The key must always be sent as a **header** — never as a query parameter (doing so returns `401 Authentication required`).

## Endpoint

```
POST https://api.wearo.io/functions/v1/tryon-api
```

## Required headers

| Header         | Required    | Description                                              |
| -------------- | ----------- | -------------------------------------------------------- |
| `X-API-Key`    | **Yes**     | Your Wearo API key (starts with `wearo_`)                |
| `Content-Type` | **Yes**     | Must be `application/json`                               |
| `Origin`       | Conditional | Required when domain restrictions are active on your key |

## Example

```bash theme={"dark"}
curl -X POST "https://api.wearo.io/functions/v1/tryon-api" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: wearo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -d '{ ... }'
```

## Get your API key

Don't have a key? [Get one from your dashboard →](/getting-started/api-key)

## Domain restrictions

If you've configured domain restrictions on your key, include the `Origin` header:

```bash theme={"dark"}
-H "Origin: https://mystore.com"
```

[Learn more about domain restrictions →](/configure/domain-whitelist)
