Skip to main content
NeuronSearchLab offers two authentication methods:
  • SDK Credentials — OAuth 2.0 client credentials for direct API access via the SDK. Best for production integrations.
  • API Keys — Simple Bearer tokens for the console proxy. Include features like rerank controls. See the API Keys guide for details.
This page covers SDK credential setup. Follow these practices to protect your integration.

Create SDK credentials

  1. Visit Console → SDK Credentials.
  2. Click New client and provide a descriptive name per application or environment.
  3. Download the generated Client ID and Client Secret. Store the secret in a secure vault—never ship it to browsers or mobile apps.

Exchange credentials for an access token

Use the client credentials to request a short-lived access token. 
curl -X POST https://api.neuronsearchlab.com/auth/token \
  -H "Authorization: Basic <base64(client_id:client_secret)>" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials"
Tokens default to a 60-minute lifetime. Cache them server-side and refresh proactively to avoid downtime.

Authenticate SDK requests

Obtain an access token using the client credentials grant, then pass it to the SDK:

JavaScript / TypeScript

import NeuronSDK from '@neuronsearchlab/sdk';

const sdk = new NeuronSDK({
  baseUrl: 'https://api.neuronsearchlab.com',
  accessToken: '<your_access_token>',
});

PHP / Laravel

<?php

use NeuronSearchLab\NeuronSDK;

$sdk = new NeuronSDK([
    'baseUrl' => 'https://api.neuronsearchlab.com',
    'accessToken' => '<your_access_token>',
]);
Both SDKs retry transient errors with exponential backoff. You are responsible for refreshing the access token before it expires (tokens default to 60 minutes) and updating the client:
  • JavaScript: sdk.setAccessToken(newToken)
  • PHP: $sdk->setAccessToken($newToken)

Protect secrets in production

  • Scope clients per environment (staging, production) to limit blast radius.
  • Rotate credentials regularly using your secrets manager.
  • Audit token usage through the console activity logs.
For endpoint-specific authentication details, refer to the API Reference introduction, the JavaScript SDK, or the PHP SDK.