FAQ and troubleshooting

Why does Create or Login return a signature error?
How long are JWTs valid?
Why is my account still disabled after Create?
What happens if Refresh fails?
Does Recover reveal if an account exists?
Are there rate limits?

Double-check the string you sign, the host value (domain only), and the HMAC key. Reusing a nonce will also cause failures.

How long are JWTs valid?

JWTs are short-lived. Use Account/Refresh before expiry or log in again.

Why is my account still disabled after Create?

New accounts are disabled until the email address is verified with Account/VerifyEMail.

What happens if Refresh fails?

If the JWT is expired or invalid, you must log in again with Account/Login.

Does Recover reveal if an account exists?

No. Account/Recover intentionally returns no success signal to avoid information leakage. A 422 error is the only explicit case, when multiple accounts match and no userName is supplied.

Are there rate limits?

Yes. Account recovery and login endpoints are audited and may be rate-limited. Contact your Neuron operator if you are blocked.

Resources and tools

⌘I

Getting started

Use cases

Concepts

Resources

How long are JWTs valid?

Why is my account still disabled after Create?

What happens if Refresh fails?

Does Recover reveal if an account exists?

Are there rate limits?

Getting started

Use cases

Concepts

Resources

​Why does Create or Login return a signature error?

​How long are JWTs valid?

​Why is my account still disabled after Create?

​What happens if Refresh fails?

​Does Recover reveal if an account exists?

​Are there rate limits?

Why does Create or Login return a signature error?

How long are JWTs valid?

Why is my account still disabled after Create?

What happens if Refresh fails?

Does Recover reveal if an account exists?

Are there rate limits?