Skip to main content
API keys provide programmatic access to NeuroAI. If you’re using the web interface, authentication is handled automatically.

API Keys

API keys provide secure, programmatic access to NeuroAI platform resources. They enable authentication for automated workflows, integrations, and applications without requiring manual login credentials.

What are API Keys?

API keys are long-lived access tokens that authenticate requests to NeuroAI services. They act as unique identifiers that verify your identity and determine what actions you can perform within the platform.

Key Benefits

Seamless Integration

Connect NeuroAI with external tools and services effortlessly

Automated Access

Enable scripts, CI/CD pipelines, and automated workflows

Granular Permissions

Control access levels through role-based permissions

Secure Communication

Authenticate without exposing user credentials

Getting Started

Prerequisites

To create and manage API keys:
  • Active NeuroAI account
  • Administrator or API Key Manager role
  • Access to NeuroAI dashboard

Creating an API Key

Via Dashboard

  1. Navigate to SettingsUsers and Teams
  2. Select API Keys from the menu
  3. Click Create API Key button
  4. Configure your key:
    • Name: Descriptive identifier (e.g., “Production CI/CD”)
    • Description: Document purpose and usage
    • Role: Select appropriate access level
    • Expiration (optional): Set expiration date
  5. Click Create
Copy and securely store your API key immediately—it will only be displayed once!

API Key Types

Personal Keys

Individual user keys for personal projects and testing

Team Keys

Shared keys for production applications and team integrations

Service Keys

Dedicated keys for service-to-service authentication

Personal API Keys

Personal keys are specific to individual NeuroAI users and inherit the creator’s permissions. Use Cases:
  • Personal projects and experiments
  • Development and testing environments
  • Individual automation scripts
Characteristics:
  • Tied to single user account
  • Cannot exceed creator’s permission level
  • Auto-revoked when user account is deactivated

Team API Keys

Shared keys that authenticate requests on behalf of a team or organization. Use Cases:
  • Production applications
  • Team-wide integrations
  • CI/CD pipelines
  • Shared development resources

Service API Keys

Dedicated keys for service-to-service authentication and data ingestion. Use Cases:
  • Telemetry data transmission
  • Webhook endpoints
  • Third-party service integrations
  • Monitoring and analytics services

Authentication

Integration Examples

Python

Integrate with Python applications

Node.js

Integrate with Node.js applications

cURL

Test with command line

Environment Setup

Configure API keys in your environment: 
# .env file
NEUROAI_API_KEY=your_api_key_here
NEUROAI_API_BASE=https://api.neuroai.com/v1
MODEL_TO_USE=openai/gpt-4o

Python Example

import os
import requests

# Load API key from environment
api_key = os.getenv('NEUROAI_API_KEY')

# Make authenticated request
headers = {
    'Authorization': f'Bearer {api_key}',
    'Content-Type': 'application/json'
}

response = requests.get(
    'https://api.neuroai.com/v1/agents',
    headers=headers
)

print(response.json())

Node.js Example

const axios = require('axios');

const apiKey = process.env.NEUROAI_API_KEY;

const client = axios.create({
  baseURL: 'https://api.neuroai.com/v1',
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

// Make authenticated request
client.get('/agents')
  .then(response => console.log(response.data))
  .catch(error => console.error(error));

cURL Example

# Set API key as environment variable
export NEUROAI_API_KEY="your_api_key_here"

# Make authenticated request
curl "https://api.neuroai.com/v1/agents" \
  -H "Authorization: Bearer $NEUROAI_API_KEY"

Permissions and Roles

Role-Based Access

Assign predefined roles with specific permission sets

Custom Permissions

Create custom roles for fine-grained access control

Available Roles

RolePermissionsUse Case
ViewerRead-only accessMonitoring, analytics, reporting
DeveloperCreate and modify agentsDevelopment, testing
AdministratorFull access including user managementProduction deployments
API ManagerManage API keys and integrationsDevOps, security

Custom Permissions

For fine-grained control, create custom roles: 
{
  "role_name": "custom-deployment-role",
  "permissions": {
    "agents": ["create", "read", "update"],
    "workflows": ["create", "read", "execute"],
    "deployments": ["create", "read", "update", "delete"],
    "users": ["read"]
  }
}

Managing API Keys

List all API keys associated with your account:
curl "https://api.neuroai.com/v1/api-keys" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Modify API key properties (name, description, permissions):
curl -X PATCH "https://api.neuroai.com/v1/api-keys/{key_id}" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Updated Key Name",
    "description": "Updated description",
    "role": "administrator"
  }'
Regular key rotation enhances security:
curl -X POST "https://api.neuroai.com/v1/api-keys/{key_id}/rotate" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
This generates a new key while invalidating the old one.
Delete an API key when it’s no longer needed:
curl -X DELETE "https://api.neuroai.com/v1/api-keys/{key_id}" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Via Dashboard:
  1. Navigate to SettingsAPI Keys
  2. Locate the key to revoke
  3. Click Delete or Revoke
  4. Confirm the action

Security Best Practices

Storage & Handling

Secure storage and environment configuration

Access Control

Principle of least privilege and role management

Key Rotation

Regular rotation schedule and automated processes

Monitoring

Usage tracking and suspicious activity alerts

Storage and Handling

  • Store keys in environment variables
  • Use secrets management systems (Vault, AWS Secrets Manager)
  • Restrict access to authorized personnel only
  • Use .gitignore for .env files
  • Implement git-secrets to prevent commits

Access Control

  • Principle of Least Privilege: Assign minimum necessary permissions
  • Separate by Environment: Different keys for dev, staging, production
  • Regular Audits: Review usage and permissions quarterly
  • Monitor Activity: Track for suspicious patterns

Key Rotation

Configure automatic expiration and rotation: 
{
  "expiration": "2026-12-31T23:59:59Z",
  "rotation_policy": {
    "enabled": true,
    "days": 90
  }
}

Additional Security Measures

Limit API key usage to specific domains or IP addresses:
{
  "allowed_referrers": [
    "https://yourdomain.com/*",
    "https://app.yourdomain.com/*"
  ],
  "allowed_ips": [
    "203.0.113.0/24",
    "198.51.100.50"
  ]
}
Protect against abuse with rate limits:
{
  "rate_limit": {
    "requests_per_minute": 100,
    "requests_per_hour": 5000
  }
}
Prevent keys from being forwarded to upstream services:
{
  "hide_credentials": true
}

Monitoring and Logging

Usage Tracking

Monitor request volume and patterns

Audit Logs

Access comprehensive security logs

Alerts

Get notified of suspicious activity

Access Audit Logs

curl "https://api.neuroai.com/v1/api-keys/{key_id}/audit-log" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Configure Alerts

Monitor for:
  • Unusual request patterns
  • Multiple failed authentication attempts
  • Requests from unexpected locations
  • Access to sensitive endpoints

Troubleshooting

Common causes:
  • API key is incorrect or revoked
  • Missing or malformed Authorization header
  • Key lacks required permissions
Solution: Verify header format and key validity:
curl "https://api.neuroai.com/v1/auth/verify" \
  -H "Authorization: Bearer YOUR_API_KEY"
Common causes:
  • API key lacks required permissions
  • Resource access is restricted
  • Referrer restrictions are active
Solution: Review and update key permissions or use a key with appropriate access level.
Common causes:
  • Rate limit exceeded
  • Too many concurrent requests
Solution:
  • Implement exponential backoff retry logic
  • Review and optimize request patterns
  • Consider upgrading your plan for higher limits
Common causes:
  • Key has reached expiration date
  • Key was manually revoked
Solution: Create a new API key or extend expiration if possible.

Testing API Keys

Verify your API key is working: 
curl "https://api.neuroai.com/v1/auth/verify" \
  -H "Authorization: Bearer YOUR_API_KEY"
Expected response: 
{
  "valid": true,
  "key_id": "key_abc123",
  "name": "Production Key",
  "role": "developer",
  "expires_at": "2026-12-31T23:59:59Z"
}

API Reference

Create API Key

POST /v1/api-keys

List API Keys

GET /v1/api-keys

Update API Key

PATCH /v1/api-keys/key_id

Delete API Key

DELETE /v1/api-keys/key_id

Endpoints Summary

EndpointMethodDescription
/v1/api-keysPOSTCreate a new API key
/v1/api-keysGETList all API keys
/v1/api-keys/{key_id}GETGet API key details
/v1/api-keys/{key_id}PATCHUpdate API key
/v1/api-keys/{key_id}/rotatePOSTRotate API key
/v1/api-keys/{key_id}DELETEDelete API key
/v1/auth/verifyGETVerify API key validity

Migration Guide

From Username/Password

  1. Create API keys for all service accounts
  2. Update applications to use API key authentication
  3. Test thoroughly in staging environment
  4. Deploy to production with gradual rollout
  5. Monitor for issues during transition
  6. Deactivate legacy credentials after successful migration

FAQ

There is no strict limit on the number of API keys per account. However, we recommend creating only the keys you need and following the principle of least privilege.
While technically possible, it’s strongly discouraged. Use separate API keys for development, staging, and production environments for better security and access control.
Immediately revoke the compromised key through the dashboard or API. Create a new key with different credentials and update all applications. Review audit logs to assess potential unauthorized access.
By default, API keys do not expire unless you explicitly set an expiration date during creation. For enhanced security, consider setting expiration dates and implementing regular key rotation.
No, deleted API keys cannot be recovered. You must create a new API key if one is accidentally deleted.
Start with minimal permissions required for your use case. Test thoroughly and add permissions as needed. Review the permissions documentation for detailed information about each role.

Support

Documentation

Comprehensive guides and tutorials

Support Portal

Submit tickets and get help

API Status

Check real-time API status

Community

Join the discussion
Last Updated: January 2026
API Version: v1
Product: NeuroAI Platform