> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wcr.is/llms.txt
> Use this file to discover all available pages before exploring further.

# How to authenticate WeCareRemote API requests

> WeCareRemote API requests require a Bearer token in the Authorization header. Learn how to get your token, pass it correctly, and handle auth errors.

Every request to the WeCareRemote AI agent API requires an `Authorization` header with a Bearer token. You obtain this token by logging in to the platform or via the JWT token endpoint. Without a valid token, the API returns a `401 Unauthorized` response.

The token is the only credential the API uses. There is no separate API key, no client secret, and no signature step — once you have a valid JWT, you are authenticated.

## Getting your token

You have two options for obtaining a Bearer token.

**Option 1: Log in through the WeCareRemote web interface.** After logging in, your session token is available in the platform settings. Copy it and use it in your API requests.

**Option 2: Call the JWT token endpoint directly.**

```bash theme={null}
curl https://getme.global/api/v1/wordpress_auth/jwt_token
```

The endpoint returns a token you can use immediately:

```json theme={null}
{
  "success": true,
  "jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

See the [Auth API reference](/api/auth) for full details on the token endpoints.

## Passing your token

Add the `Authorization` header to every request to the AI agent API. Use the `Bearer` scheme followed by your token.

```http theme={null}
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
```

The following example shows a complete authenticated request:

```bash theme={null}
curl -X POST http://localhost:8080/ \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{"message": "What services are available?"}'
```

## Authentication errors

If your request is rejected due to an authentication problem, the API returns one of the following status codes.

| Status code        | Cause                                                                                 |
| ------------------ | ------------------------------------------------------------------------------------- |
| `401 Unauthorized` | The token is missing, expired, or invalid.                                            |
| `403 Forbidden`    | The token is valid, but it does not have the required permissions for this operation. |

When you receive a `401`, obtain a new token and retry your request.

<Warning>Never hardcode your Bearer token directly in source code. Store it in an environment variable and read it at runtime to avoid accidentally exposing credentials in version control.</Warning>

<Note>JWT tokens expire after a set period. If your requests start returning `401` errors after previously succeeding, your token has likely expired. Re-authenticate through the web interface or call the token endpoint again to get a fresh token.</Note>
