> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neuro-tech.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

The Authentication & sessions endpoints handle everything needed to establish and maintain an authenticated session with the Neuron Agent API. After creating an account via [Accounts & onboarding](/neuron-api/api-reference/accounts-and-onboarding/overview), use these endpoints to log in, keep sessions alive, and securely validate tokens.

All authenticated API calls require a JWT bearer token in the `Authorization` header:

```text theme={null}
Authorization: Bearer {token}
```

Tokens are short-lived (up to 3600 seconds) and must be refreshed before they expire.

## Endpoints

| Endpoint                                                                                                       | Description                                                                                                     |
| -------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- |
| [Login](/neuron-api/api-reference/authentication-and-sessions/login)                                           | Exchange a username and password for a JWT. The standard login method for back-end services.                    |
| [Quick login](/neuron-api/api-reference/authentication-and-sessions/quick-login)                               | Authenticate using the current HTTP session cookie (browser-based flows). Requires cookies to be enabled.       |
| [WWW login](/neuron-api/api-reference/authentication-and-sessions/www-login)                                   | Authenticate using the HTTP `WWW-Authenticate` header mechanism. Use `Login` instead where possible.            |
| [Get session token](/neuron-api/api-reference/authentication-and-sessions/get-session-token)                   | Retrieve session info for an account created via web form, without re-entering credentials.                     |
| [Refresh](/neuron-api/api-reference/authentication-and-sessions/refresh)                                       | Extend a valid JWT before it expires, without re-entering credentials.                                          |
| [Logout](/neuron-api/api-reference/authentication-and-sessions/logout)                                         | Invalidate the current JWT and terminate the session.                                                           |
| [Authenticate JWT](/neuron-api/api-reference/authentication-and-sessions/authenticate-jwt)                     | Validate a JWT issued by the broker and retrieve its parsed claims. Useful for service-to-service verification. |
| [Prepare remote quick login](/neuron-api/api-reference/authentication-and-sessions/prepare-remote-quick-login) | Prepare a remote Neuron for a Quick Login attempt by retrieving the caller's Legal ID.                          |
| [Remote quick login](/neuron-api/api-reference/authentication-and-sessions/remote-quick-login)                 | Trigger a Quick Login on a remote Neuron using a Legal ID — no QR code scan required.                           |

## Typical session flow

```mermaid theme={null}
sequenceDiagram
  participant Client
  participant Neuron
  Client->>Neuron: POST Account/Login (username + password)
  Neuron-->>Client: JWT + expiry
  loop Before expiry
    Client->>Neuron: POST Account/Refresh
    Neuron-->>Client: New JWT + expiry
  end
  Client->>Neuron: POST Account/Logout
  Neuron-->>Client: Session terminated
```

## Login methods compared

| Method                                                                                         | Use case                            | Requires cookies |
| ---------------------------------------------------------------------------------------------- | ----------------------------------- | ---------------- |
| [Login](/neuron-api/api-reference/authentication-and-sessions/login)                           | Back-end services, server-to-server | No               |
| [Quick login](/neuron-api/api-reference/authentication-and-sessions/quick-login)               | Browser sessions on the same broker | Yes              |
| [WWW login](/neuron-api/api-reference/authentication-and-sessions/www-login)                   | HTTP WWW-Authenticate header flows  | No               |
| [Remote quick login](/neuron-api/api-reference/authentication-and-sessions/remote-quick-login) | Cross-broker login via Legal ID     | No               |

## Token lifetime

* Maximum token lifetime is **3600 seconds** (1 hour).
* Call [Refresh](/neuron-api/api-reference/authentication-and-sessions/refresh) before the token expires to get a new JWT without logging in again.
* Once a token expires, you must call [Login](/neuron-api/api-reference/authentication-and-sessions/login) again.
* Call [Logout](/neuron-api/api-reference/authentication-and-sessions/logout) to immediately invalidate a token.

## Related

* [Accounts & onboarding](/neuron-api/api-reference/accounts-and-onboarding/overview) — create and verify an account before logging in.
* [Authentication guide](/neuron-api/authentication) — full details on HMAC signing, bearer tokens, and security best practices.
* [Login flows guide](/neuron-api/guides/login-flows) — step-by-step walkthroughs of each login method.
