Enabling API Access | Axero Documentation

Before users can create Bearer tokens and access the Axero REST API, an administrator must enable API access and configure appropriate security settings. This guide walks through the complete setup process, from enabling Bearer token support to configuring security levels that match your organization's requirements.

📋 Prerequisites: You must have site administrator privileges to configure REST API settings. These changes affect all users in your organization and should be planned accordingly.

Step 1: Enable Bearer Token Support

To enable Bearer token authentication and unlock advanced security options, you need to configure specific system properties:

1. Navigate to System Properties: Go to Control Panel > System > System Properties
2. Configure Bearer Token Settings: Set the following properties to enable Bearer token functionality:
   • EnableLegacyAPIKey = false - Disables legacy API key creation in user preferences
   • EmulateLegacyAPIKey = true - Enables Bearer token management in the Integrations section
3. Save Changes: Apply the configuration to activate Bearer token support

Step 2: Configure Security Level

After enabling Bearer token support, you'll need to choose the appropriate security level for your organization. This decision determines which authentication methods are available and how strictly API access is controlled.

Quick Reference: Which Security Level Should You Choose?

Navigate to REST API Settings and select one of the following security levels. Read each option carefully to understand the features and limitations:

🔁 Legacy Security (Transitional)

Maintains backward compatibility by supporting both legacy API keys and Bearer tokens during the migration period.

🔐 High Security (Recommended)

The recommended security level eliminates legacy API keys while maintaining compatibility for essential third-party integrations. This mode provides enhanced Bearer token management with configurable expiration controls.

⚠️ Migration Required: Before enabling High Security, ensure all applications using legacy API keys are updated to use Bearer tokens. Legacy API keys will immediately stop functioning.

Bearer Token Expiration Configuration

High Security mode provides granular control over token expiration policies:

• Default Expiration: Set a default expiration period that pre-fills when users create new tokens (e.g., 1 year, 6 months)
• Maximum Expiration: Enforce an organizational maximum for token duration to maintain security compliance
• Allow Unexpiring Tokens: Optionally permit tokens without expiration dates for specific use cases (use with caution)

🔒 Extra High Security (Maximum Protection)

The highest security level that provides maximum protection by requiring Bearer tokens for all API access. This mode completely disables username/password authentication, ensuring all API requests use cryptographically signed tokens.

Step 3: Enable User Role Permissions

After configuring security levels, ensure that user roles have the appropriate REST API permissions:

1. Navigate to Role Management: Go to Control Panel > Users > Roles
2. Select User Roles: Choose the roles that should have REST API access
3. Enable API Permissions: Grant "REST API Access" permission to selected roles
4. Save Changes: Apply the permission changes

🔑 Permission Note: Users without REST API permissions will not see the Authorizations section in their account settings and cannot create Bearer tokens.

Once Bearer token support is enabled and user permissions are configured, users can create their own Bearer tokens: Generating Bearer Tokens

Next Steps

After completing the REST API setup:

1. Test Configuration: Verify that authorized users can access the Authorizations section
2. Create Test Tokens: Have users create test Bearer tokens to validate functionality
3. Update Documentation: Inform your team about the new token creation process
4. Monitor Usage: Track token creation and usage patterns for security compliance