Authentication
All API endpoints (except the health check at GET /) require authentication via an API key.
Getting an API key
Section titled “Getting an API key”- Sign in to the Developer Portal
- Navigate to API Keys
- Click Generate Key and give it a name
- Copy the key immediately — it won’t be shown again
Your key will look like: ss_a1b2c3d4e5f6789...
Using your API key
Section titled “Using your API key”Include the key in the X-API-Key header with every request:
curl https://mcll3bnfubyazfg6wekv3xc6fi0dgpyk.lambda-url.us-east-1.on.aws/identify_clothing \ -H "X-API-Key: ss_your_key_here" \ -H "Content-Type: application/json" \ -d '{"image_url": "https://example.com/outfit.jpg"}'Error responses
Section titled “Error responses”| Status | Error | Meaning |
|---|---|---|
401 | Missing X-API-Key header | You didn’t include the header |
403 | Invalid API key | The key is wrong, revoked, or inactive |
401 — Missing key
Section titled “401 — Missing key”{ "error": "Missing X-API-Key header"}403 — Invalid key
Section titled “403 — Invalid key”{ "error": "Invalid API key"}Managing keys
Section titled “Managing keys”You can manage your keys from the Developer Portal:
- Generate new keys with descriptive names
- Revoke keys that are compromised or no longer needed
- Monitor when each key was last used
Best practices
Section titled “Best practices”- Never expose keys in client-side code — use a backend proxy
- Use different keys for development, staging, and production
- Rotate keys periodically — revoke old ones after generating new ones
- Store keys in environment variables, not in source code