API Authentication

Learn how to authenticate with the Neo Service Layer API to access its resources securely.

Information

This is a basic version of the authentication documentation. It will be expanded with more detailed content in future updates.

API Keys

Neo Service Layer uses API keys for authentication. Each API key is associated with a specific account and has a set of permissions that determine what resources it can access.

Obtaining API Keys

You can create and manage API keys through the Neo Service Layer Dashboard:

Log in to your Neo Service Layer account
Navigate to the API Settings page
Click on "Create API Key"
Configure the key's permissions and expiration
Store the generated key securely - it will only be shown once

Security Warning

Treat your API keys like passwords. Do not share them, check them into version control, or expose them in client-side code. If an API key is compromised, revoke it immediately and create a new one.

Using API Keys

To authenticate your API requests, include your API key in the Authorization header:

1Authorization: Bearer YOUR_API_KEY

Example Authenticated Request

1curl -X GET "https://api.neoservicelayer.com/v1/functions" \
2  -H "Authorization: Bearer YOUR_API_KEY"

1// Using fetch
2const apiKey = 'YOUR_API_KEY';
3
4fetch('https://api.neoservicelayer.com/v1/functions', {
5  method: 'GET',
6  headers: {
7    'Authorization': `Bearer ${apiKey}`,
8    'Content-Type': 'application/json'
9  }
10})
11.then(response => response.json())
12.then(data => console.log(data))
13.catch(error => console.error('Error:', error));

1// Using the JavaScript SDK
2import { NeoServiceLayer } from 'neo-service-layer-sdk';
3
4const serviceLayer = new NeoServiceLayer({
5  apiKey: 'YOUR_API_KEY',
6  network: 'mainnet', // or 'testnet'
7});
8
9// The SDK handles authentication automatically
10async function getFunctions() {
11  const functions = await serviceLayer.functions.list();
12  console.log(functions);
13}
14
15getFunctions();

Examples of making authenticated API requests

Token Expiration and Renewal

API keys can be set to expire after a certain period for enhanced security. When an API key expires, all requests using that key will be rejected with a 401 Unauthorized response.

To prevent service disruption, monitor your API key expiration dates and create new keys before the old ones expire.

API Key Permissions

When creating an API key, you can specify what operations it can perform:

Permission	Description
Read	Can view resources but not modify them
Write	Can create and update resources
Execute	Can invoke functions and trigger automation
Admin	Full access to all operations including deletion

Tip

Follow the principle of least privilege when creating API keys. Only grant the minimum permissions necessary for the intended use case.

Authentication Error Handling

When authentication fails, the API returns an error response with a 401 (Unauthorized) or 403 (Forbidden) status code:

1{
2  "error": {
3    "code": "UNAUTHORIZED",
4    "message": "Invalid API key provided"
5  }
6}

Next Steps

Now that you understand how to authenticate with the API, explore the specific API endpoints for each service: