> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wearo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Get your API key

> Create, restrict, and manage your Wearo API keys.

# Get your API key

Your API key authenticates every request between your site and Wearo. Each
account can have multiple keys (e.g., one for production, one for staging).

## Get your first key

<Steps>
  <Step title="Sign in to your Wearo dashboard">
    Go to [wearo.io/dashboard](https://wearo.io/dashboard).
  </Step>

  <Step title="Navigate to API keys">
    In the sidebar, click **API Keys**.
  </Step>

  <Step title="Create a new key">
    Click **+ New API key**. Give it a name like `Production` or `Kookai prod`.
  </Step>

  <Step title="Copy the key">
    The key is shown once and starts with `wearo_`. Copy it and store it
    securely (1Password, AWS Secrets Manager, etc.).

    <Warning>
      For security, the key is shown only once. If you lose it, create a new
      one and update your snippet.
    </Warning>
  </Step>
</Steps>

## Restrict your key to specific domains

To prevent abuse if your key leaks (e.g., scraped from your front-end),
restrict it to your domains:

1. In **API Keys**, click the key.
2. Under **Domain restrictions**, add your root domain: `kookai.fr`.
3. All subdomains are automatically included — `www.kookai.fr`, `shop.kookai.fr`, etc. don't need a separate entry.

Requests from any other origin will get a `403 Domain not authorized` error.

## Rotate or revoke a key

If a key is compromised:

1. Create a new key.
2. Update your snippets.
3. Delete the old key.

Generations already in flight on the old key will complete; new requests will fail immediately.
