Authentication Tokens

The Neuroon API uses HMAC tokens for authentication.

Token types

For frontend use (search widget):

X-Widget-Token: eyJzaG9wSWQiOiJzaG9wXzEyMyIsInRpbWVzdGFtcCI6...

Expires in 5 minutes
Only allows search operations
Generated by the server

API Key

For backend use (sync, webhooks):

X-Shop-API-Key: sk_live_abc123...

Never expires
Allows all operations
Never expose in frontend

Get credentials

Go to the Dashboard
Select your shop
Copy the Shop ID and API Key

The widget generates tokens automatically. For manual use:

// The widget handles this internally
const token = await generateWidgetToken(shopId, apiKey);

fetch('https://api.neuroon.ai/api/search', {
  method: 'POST',
  headers: {
    'X-Widget-Token': token,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({ query: 'running shoes' }),
});

Using the API Key

For backend operations:

curl -X POST https://api.neuroon.ai/api/shops/{shopId}/products/sync \
  -H "X-Shop-API-Key: sk_live_abc123" \
  -H "Content-Type: application/json" \
  -d '[{"externalId": "123", "name": "Product"}]'

Regenerate credentials

If your credentials are compromised:

Go to Dashboard → Shops → Your Shop
Click Regenerate API Key
Update your integrations with the new key

warning

Regenerating the API Key will immediately invalidate the previous key.

Security

Never expose the API Key in frontend code
Use the Widget Token for search operations
Implement HTTPS on your server
Rotate credentials periodically

Token types​

Widget Token​

API Key​

Get credentials​

Using the Widget Token​

Using the API Key​

Regenerate credentials​

Security​

Token types

Widget Token

API Key

Get credentials

Using the Widget Token

Using the API Key

Regenerate credentials

Security