Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.neuronsearchlab.com/llms.txt

Use this file to discover all available pages before exploring further.

NeuronSearchLab offers two authentication methods:
  • SDK Credentials — OAuth 2.0 client credentials for direct API access via the SDK. Best for production integrations.
  • API Keys — Simple Bearer tokens for the Platform API and server-side console automation. See the API Keys guide for details.
This page covers SDK credential setup. Follow these practices to protect your integration.

Create SDK credentials

1

Open SDK Credentials

Visit Console -> SDK Credentials.
2

Create a client

Click New client and provide a descriptive name per application or environment.
3

Store the generated secret

Download the generated Client ID and Client Secret. Store the secret in a secure vault and never ship it to browsers or mobile apps.

Exchange credentials for an access token

Use the client credentials to request a short-lived access token. 
curl -X POST https://auth.neuronsearchlab.com/oauth2/token \
  -H "Authorization: Basic <base64(client_id:client_secret)>" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials"
Tokens default to a 60-minute lifetime. Cache them server-side, compute an expires_at timestamp from expires_in, and refresh proactively to avoid downtime.

Authenticate SDK requests

Obtain an access token using the client credentials grant, then pass it to the SDK:

JavaScript / TypeScript

import NeuronSDK from '@neuronsearchlab/sdk';

const sdk = new NeuronSDK({
  baseUrl: 'https://api.neuronsearchlab.com/v1',
  accessToken: '<your_access_token>',
});

PHP / Laravel

<?php

use NeuronSearchLab\NeuronSDK;

$sdk = new NeuronSDK([
    'baseUrl' => 'https://api.neuronsearchlab.com/v1',
    'accessToken' => '<your_access_token>',
]);
Both SDKs retry transient errors with exponential backoff. You are responsible for refreshing the access token before it expires (tokens default to 60 minutes) and updating the client:
  • JavaScript: sdk.setAccessToken(newToken)
  • PHP: $sdk->setAccessToken($newToken)

Protect secrets in production

  • Scope clients per environment (staging, production) to limit blast radius.
  • Rotate credentials regularly using your secrets manager.
  • Audit token usage through the console activity logs.
For endpoint-specific authentication details, refer to the Core API introduction, the JavaScript SDK, or the PHP SDK.