API Reference

Authentication

NeuronEdge uses API keys to authenticate requests. You can manage your API keys from the dashboard.

API Keys

API keys are prefixed with ne_ to distinguish them from LLM provider keys. There are two types of keys:

  • ne_live_ - Production keys for live environments
  • ne_test_ - Test keys for development (coming soon)

Security: API keys are hashed using bcrypt before storage. We only show the full key once at creation time. Treat your API keys like passwords—never share them or commit them to version control.

Using API Keys

Include your API key in the Authorization header as a Bearer token:

http
Authorization: Bearer ne_live_your_api_key

Two-Key Authentication

NeuronEdge requires two keys for LLM proxy requests:

  1. NeuronEdge API Key - Authenticates your request to NeuronEdge
    Authorization: Bearer ne_live_...
  2. Provider API Key - Your key for the LLM provider (OpenAI, Anthropic, etc.)
    X-Provider-API-Key: sk-...
bash
curl -X POST https://api.neuronedge.ai/v1/openai/chat/completions \
  -H "Authorization: Bearer ne_live_your_api_key" \
  -H "X-Provider-API-Key: sk-your-openai-key" \
  -H "Content-Type: application/json" \
  -d '{"model": "gpt-5.2", "messages": [{"role": "user", "content": "Hello"}]}'

Managing API Keys

You can create, list, and revoke API keys through the dashboard or the API.

List Keys

json
GET /api/keys

# Response
{
  "keys": [
    {
      "id": "key_abc123",
      "name": "Production API Key",
      "prefix": "ne_live_abc",
      "created_at": "2024-12-15T10:00:00Z",
      "last_used_at": "2024-12-16T14:30:00Z"
    }
  ]
}

Create Key

json
POST /api/keys
Content-Type: application/json

{
  "name": "My New API Key"
}

# Response
{
  "id": "key_xyz789",
  "name": "My New API Key",
  "key": "ne_live_xyz789...",  // Only shown once!
  "created_at": "2024-12-16T15:00:00Z"
}

Revoke Key

json
DELETE /api/keys/{key_id}

# Response
{
  "success": true,
  "message": "API key revoked successfully"
}

Dashboard Authentication

Dashboard and management API endpoints use Clerk JWT authentication. When making requests from a logged-in dashboard session, the JWT is automatically included in the request cookies.

For programmatic access to management APIs, use API key authentication as shown above.

Security Best Practices

  • Use environment variables to store API keys, never hardcode them
  • Create separate API keys for different environments (dev, staging, prod)
  • Rotate keys periodically and revoke unused keys
  • Never commit API keys to version control—use .gitignore
  • Use the minimum required permissions for each key
  • Monitor key usage in the dashboard to detect anomalies