# Authentication

### API Keys <a href="#api-keys" id="api-keys"></a>

**DRESSX** API requires you to have a **DRESSX** account to create and manage API keys. If a request is made to the API without a valid API key, the API will respond with an invalid credentials error.

#### Using API Keys

Once you have an API key, you can use it to authenticate your requests to the **DRESSX** API. You can pass your API key in the Authorization header, as shown in the example below.

```json
{
  "Authorization": "Bearer 1234567890XwsSpIkK213011234567890"
}
```

{% hint style="info" %}
The `Bearer`  prefix in the header value is mandatory to interact with the DRESSX API programatically. You can learn more about it at [IETF RFC 6750](https://datatracker.ietf.org/doc/html/rfc6750)
{% endhint %}

### Security <a href="#security" id="security"></a>

We take security very seriously at **DRESSX**, and we are committed to ensuring that the **DRESSX** API is secure. We want your data and your users' data to remain safe with us. Below are some high-level guidelines to help you protect your data and requests when using the **DRESSX** API. Additionally, please make sure to follow the security practices established by your team or organization.

#### API Key Safety

{% hint style="info" %}
Please note that even DRESSX team members cannot view or recover revoked API keys for you!
{% endhint %}

Once minted, API keys are no longer visible in the dashboard, so please download and store it securely. Anyone who obtains your API key can use it to access the **DRESSX** API on your behalf. If you suspect that your API key has been compromised, you can revoke it at any time from the dashboard. Once revoked, it will no longer be valid.