This endpoint exchanges your API credentials for a JWT access token. The token is required as a Bearer token for all subsequent API calls.

How It Works

Compute an HMAC-SHA256 signature using your API key and secret (see Signature Generation)
Send the signature along with your API key and a timestamp
Receive a JWT accessToken with an expiry time

Headers

Header	Description	Example
`X-Api-Key`	Your API key	`nk_live_abc123`
`X-Api-Signature`	HMAC-SHA256 signature (hex)	`a1b2c3d4e5f6...`
`X-Timestamp`	Unix timestamp in milliseconds	`1770342000000`

Example Request

curl -X POST https://api.neutron.me/api/v2/authentication/token-signature \
  -H "Content-Type: application/json" \
  -H "X-Api-Key: YOUR_API_KEY" \
  -H "X-Api-Signature: YOUR_SIGNATURE" \
  -H "X-Timestamp: 1770342000000" \
  -d '{"test":"auth"}'

Example Response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiredAt": "2026-02-09T12:00:00.000Z",
  "accountId": "ne01-abc123def456"
}

Using the Token

Include the token as a Bearer token in all subsequent requests:

curl https://api.neutron.me/api/v2/account/YOUR_ACCOUNT_ID \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Token Lifecycle

Tokens have a limited validity period (returned in expiredAt)
Using an expired token returns 401 Unauthorized
Request a new token when the current one expires or is close to expiry
There is no refresh token flow — simply re-authenticate

📘
For signature computation details and code samples in Node.js, Python, Go, C#, and Java, see Signature Generation.