The Authentication & sessions endpoints handle everything needed to establish and maintain an authenticated session with the Neuron Agent API. After creating an account via Accounts & onboarding, use these endpoints to log in, keep sessions alive, and securely validate tokens. All authenticated API calls require a JWT bearer token in theDocumentation Index
Fetch the complete documentation index at: https://docs.neuro-tech.io/llms.txt
Use this file to discover all available pages before exploring further.
Authorization header:
Endpoints
| Endpoint | Description |
|---|---|
| Login | Exchange a username and password for a JWT. The standard login method for back-end services. |
| Quick login | Authenticate using the current HTTP session cookie (browser-based flows). Requires cookies to be enabled. |
| WWW login | Authenticate using the HTTP WWW-Authenticate header mechanism. Use Login instead where possible. |
| Get session token | Retrieve session info for an account created via web form, without re-entering credentials. |
| Refresh | Extend a valid JWT before it expires, without re-entering credentials. |
| Logout | Invalidate the current JWT and terminate the session. |
| Authenticate JWT | Validate a JWT issued by the broker and retrieve its parsed claims. Useful for service-to-service verification. |
| Prepare remote quick login | Prepare a remote Neuron for a Quick Login attempt by retrieving the caller’s Legal ID. |
| Remote quick login | Trigger a Quick Login on a remote Neuron using a Legal ID — no QR code scan required. |
Typical session flow
Login methods compared
| Method | Use case | Requires cookies |
|---|---|---|
| Login | Back-end services, server-to-server | No |
| Quick login | Browser sessions on the same broker | Yes |
| WWW login | HTTP WWW-Authenticate header flows | No |
| Remote quick login | Cross-broker login via Legal ID | No |
Token lifetime
- Maximum token lifetime is 3600 seconds (1 hour).
- Call Refresh before the token expires to get a new JWT without logging in again.
- Once a token expires, you must call Login again.
- Call Logout to immediately invalidate a token.
Related
- Accounts & onboarding — create and verify an account before logging in.
- Authentication guide — full details on HMAC signing, bearer tokens, and security best practices.
- Login flows guide — step-by-step walkthroughs of each login method.