Authentication

NeonCRM uses API keys and the organization's Org ID to authenticate access to its API. How these credentials are used is different depending on the version of the NeonCRM API you are using.

Support for OAuth 2.0

NeonCRM does not currently support OAuth for authenticating system users. Integrated apps must be use API keys and org IDs for authentication. For authenticating constituent users with OAuth, see Authenticating Constituents.

Org ID

An Org ID is the unique identifier for an organization's NeonCRM system.

To find your org ID, go to the Settings cog > Organization Profile

Locate the Account Information section and find Organization ID.

API Key

An API key is associated with a user in NeonCRM, and they inherit all the same permissions that their associated user has in the NeonCRM UI.

We recommend creating a new user for each integration you want to connect to NeonCRM, and limiting the permissions of that user to minimum required to perform the functions of the integration. This will make it easier to manage access to your NeonCRM and to deactivate an integration without affecting other apps connected to your system.

To obtain an API key, go to the Settings cog > User Management

Go to an existing user record or create a new user. On the user page, enable API Access and copy the API key.

User Sessions v1 only

The NeonCRM API v1 uses sessions to authenticate all requests, except the initial login request. You must request a userSessionId by submitting your credentials to the login endpoint. You must then use the session ID for all subsequent requests to the API.

API v1 Login Flow
API v1 Login Flow

HTTP Basic Authentication v2 only

The NeonCRM API v2 uses the Basic HTTP authentication scheme for authenticating access to all API requests. Construct your request authorization header using your org ID and API key for the username and password respectively.

  • Username: (Your org ID)
  • Password: (Your API key)

API Reference

API methods related to authentication.

API v1

Sessions

API v2

(None – Use HTTP Basic auth for all requests)