Authentication

Neon CRM uses API keys and the organization's Org ID to authenticate access to its API. How these credentials are used is different depending on the version of the Neon CRM API you are using.

Support for OAuth 2.0

Neon CRM does not currently support OAuth for authenticating system users. Integrated apps must be use API keys and org IDs for authentication. For authenticating constituent users with OAuth, see Authenticating Constituents.

Org ID

An Org ID is the unique identifier for an organization's Neon CRM system.

To find your org ID, go to the Settings cog > Organization Profile

Locate the Account Information section and find Organization ID.

API Key

An API key is associated with a user in Neon CRM, and they inherit all the same permissions that their associated user has in the Neon CRM UI.

We recommend creating a new user for each integration you want to connect to Neon CRM, and limiting the permissions of that user to minimum required to perform the functions of the integration. This will make it easier to manage access to your Neon CRM and to deactivate an integration without affecting other apps connected to your system.

To obtain an API key, go to the Settings cog > User Management

Go to an existing user record or create a new user. On the user page, enable API Access and copy the API key.

User Sessions v1 only

The Neon CRM API v1 uses sessions to authenticate all requests, except the initial login request. You must request a userSessionId by submitting your credentials to the login endpoint. You must then use the session ID for all subsequent requests to the API.

API v1 Login Flow
API v1 Login Flow

HTTP Basic Authentication v2 only

The Neon CRM API v2 uses the Basic HTTP authentication scheme for authenticating access to all API requests. Construct your request authorization header using your org ID and API key for the username and password respectively.

  • Username: (Your org ID)
  • Password: (Your API key)

API Reference

API methods related to authentication.

API v1

Sessions

API v2

(None – Use HTTP Basic auth for all requests)