Loading ...

Using the REST API | Axero Documentation

Home » axero documentation » Wiki » Documentation » REST API Overview » Using the REST API
Axero Documentation  Wiki
Public Space
Activity Stream Content
Version 9

Using the REST API

 /5
0 (0votes)

This guide covers the practical implementation of the Axero REST API, including Bearer token authentication, performance optimization, and security best practices. Whether you're migrating from legacy API keys or building new integrations, this documentation provides the essential knowledge for successful API implementation.

Authentication with Bearer Tokens

The Axero REST API uses Bearer tokens for secure authentication. These cryptographically signed tokens offer enhanced security compared to traditional API keys and adhere to industry standards.

Basic Authentication Format

After you create your Bearer token, include it in the Authorization header of all API requests:

πŸ“ Request Format

GET /api/users/me
Host: yoursite.axero.com
Authorization: Bearer YOUR_BEARER_TOKEN_HERE
Content-Type: application/json

Migrating from Legacy API Keys

The primary change involves updating the authorization header format in all your API requests:

❌ Legacy Format

rest-api-key: YOUR_LEGACY_KEY_HERE

βœ… New Bearer Token Format

Authorization: Bearer YOUR_BEARER_TOKEN_HERE

Implementation Examples

Here are practical examples showing how to implement Bearer token authentication in different programming languages and tools:

🌐 cURL Example:

curl -X GET "https://yoursite.axero.com/api/users/me" \
  -H "Authorization: Bearer YOUR_BEARER_TOKEN_HERE" \
  -H "Content-Type: application/json"

🟨 JavaScript Example:

fetch('https://yoursite.axero.com/api/users/me', {
  method: 'GET',
  headers: {
    'Authorization': 'Bearer YOUR_BEARER_TOKEN_HERE',
    'Content-Type': 'application/json'
  }
})
.then(response => {
  if (!response.ok) {
    throw new Error(`HTTP error! status: ${response.status}`);
  }
  return response.json();
})
.then(data => console.log(data))
.catch(error => console.error('API Error:', error));

🐍 Python Example:

import requests

headers = {
    'Authorization': 'Bearer YOUR_BEARER_TOKEN_HERE',
    'Content-Type': 'application/json'
}

try:
    response = requests.get('https://yoursite.axero.com/api/users/me', headers=headers)
    response.raise_for_status()  # Raises an HTTPError for bad responses
    data = response.json()
    print(data)
except requests.exceptions.RequestException as e:
    print(f"API Error: {e}")

⚠️ CRITICAL SECURITY WARNINGπŸ”—

DO NOT Embed API Keys or Bearer Tokens in Client-Side Code

When building widgets or content pages for your Axero site:

  • NEVER embed API keys or bearer tokens in widgets or content pages
  • NEVER include tokens in JavaScript code that runs in the browser
  • NEVER expose tokens in HTML source code or client-side applications

Security Risk: API keys and bearer tokens embedded in client-side code are discoverable by end users and create significant security vulnerabilities. Anyone can view page source, inspect network requests, or use browser developer tools to extract these credentials.

SECURE AUTHENTICATION APPROACHES

Internal API Usage (Within Your Axero Platform)

For widgets, content pages, and client-side JavaScript within your Axero site:

  • Do not include any authentication token - omit the Authorization header completely
  • Axero automatically authenticates using the current user's session
  • This approach is both secure and maintains proper user permissions

Example: API calls from JavaScript widgets automatically inherit the logged-in user's permissions without requiring explicit authentication.

External API Usage (Outside Your Axero Platform)

For server-to-server integrations, external applications, and third-party systems:

  • Always use Bearer tokens in the Authorization: Bearer {token} header
  • Store tokens securely in server environments with proper credential management
  • Ensure tokens are never accessible to end users or exposed in client-side code

Example: External applications connecting to your Axero API must authenticate with Bearer tokens to access data on behalf of specific users.

API Usage Guidelines and Best PracticesπŸ”—

Axero does not enforce hard rate limits on the REST API by default. However, to ensure consistent performance, reliability, and a seamless experience for all users, we recommend adhering to the best practices outlined below. These guidelines are intended to support high-performance, scalable integrations while preserving the responsiveness of your Axero environment. Please note that Axero may implement temporary rate restrictions if excessive API usage affects overall site performance.

⚑ Request Rate Guidelines

  • Maximum Request Rate: Do not exceed 5 API calls per second sustained
  • Concurrent Requests: Limit to 3 or fewer concurrent connections
  • Response Time Validation: Ensure API responses complete within 15 seconds during testing
  • Sequential Processing: Wait for request completion before sending the next request in automated workflows

πŸš€ Performance Optimization

  • Implement Intelligent Caching: Store frequently accessed data locally with appropriate TTL (Time To Live)
  • Use Efficient Pagination: Retrieve large datasets in manageable chunks using pagination parameters
  • Apply Smart Filtering: Use query parameters to request only the specific data you need
  • Optimize Request Timing: Schedule bulk operations during off-peak hours when possible

Common HTTP Status Codes

Status Code Meaning Action
200 Success Process the response data
401 Unauthorized Check token validity, refresh if expired
403 Forbidden User lacks permissions for this action
429 Too Many Requests Implement exponential backoff
500 Server Error Retry after delay, contact support if persistent

API CategoriesπŸ”—

The Axero REST API is organized into several categories, each providing specific functionality for different aspects of your community platform. Each category includes comprehensive endpoints for creating, reading, updating, and managing data:

Users API

Comprehensive user management capabilities for creating, updating, and managing user accounts and roles.

πŸ”§ Key Features

  • Retrieve user profiles and account information
  • Create and manage user accounts
  • Assign and update user roles and permissions
  • Search and filter users by various criteria
  • Manage user membership in spaces and groups
  • Update user points and recognition metrics

πŸ’Ό Common Use Cases

  • User Synchronization: Import users from existing HR systems or databases
  • Automated Onboarding: Create user accounts when new employees join
  • Role Management: Update user roles when employees change positions
  • Directory Integration: Sync user information with Active Directory or LDAP
πŸ“š Documentation: REST API: Users 

Content API

Powerful content management tools for creating, retrieving, and managing all types of content within your community.

πŸ”§ Key Features

  • Create and publish articles, blog posts, and other content types
  • Retrieve content lists with filtering and sorting options
  • Manage content categories and tags
  • Handle file uploads and attachments
  • Access workflow and approval queues
  • Manage content permissions and visibility

πŸ’Ό Common Use Cases

  • Content Syndication: Display community content on external websites or digital signage
  • Automated Publishing: Create content from external systems or feeds
  • Content Migration: Import existing content from other platforms
  • Custom Dashboards: Build personalized content views and recommendations
πŸ“š Documentation: REST API: Content 

Spaces API

Complete space management functionality for organizing your community into departments, teams, or project areas.

πŸ”§ Key Features

  • Create and configure new spaces
  • Retrieve space information and metadata
  • Manage space membership and access controls
  • Assign and update space-specific roles
  • Configure space settings and permissions
  • Organize spaces in hierarchical structures

πŸ’Ό Common Use Cases

  • Organizational Structure: Mirror your company's department structure in digital spaces
  • Project Management: Create temporary spaces for specific projects or initiatives
  • Access Control: Manage who can access sensitive or department-specific information
  • Automated Provisioning: Create spaces automatically based on external triggers
πŸ“š Documentation: REST API: Spaces 

Chat API

Real-time messaging capabilities for integrating chat functionality with external systems and workflows.

πŸ”§ Key Features

  • Send and receive chat messages
  • Create and manage chat threads
  • Add participants to conversations
  • Retrieve message history and thread information
  • Manage chat notifications and settings

πŸ’Ό Common Use Cases

  • Workflow Integration: Trigger chat notifications from external systems
  • Customer Support: Route support requests to appropriate chat channels
  • Automated Messaging: Send system notifications or reminders via chat
  • Cross-Platform Communication: Bridge conversations between different systems
πŸ“š Documentation: REST API: Chat 

Comments API

Engagement tools for managing comments and discussions across all content types in your community.

πŸ”§ Key Features

  • Create and post comments on content
  • Retrieve comment threads and individual comments
  • Edit and update existing comments
  • Delete comments and manage moderation
  • Set comment status and approval workflows
  • Manage comment permissions and visibility

πŸ’Ό Common Use Cases

  • Feedback Collection: Gather input and opinions on proposals or ideas
  • Moderation Automation: Implement automated comment filtering and approval
  • Engagement Analytics: Track discussion patterns and user engagement
  • Content Enhancement: Add contextual information or updates via comments
πŸ“š Documentation: REST API: Comments 

Permissions API

Security and access control tools for managing user permissions and role-based access throughout your community.

πŸ”§ Key Features

  • Check user permissions for specific actions or content
  • Update role permissions and access levels
  • Validate access rights before performing operations
  • Manage permission inheritance and overrides
  • Audit permission changes and access patterns

πŸ’Ό Common Use Cases

  • Access Validation: Verify user permissions before displaying content or features
  • Role Management: Programmatically update permissions when organizational roles change
  • Security Auditing: Track and report on permission usage and changes
  • Custom Authorization: Implement complex permission logic in external applications
πŸ“š Documentation: REST API: Permissions 

Recognition API

Employee recognition and gamification tools for building engagement and celebrating achievements.

πŸ”§ Key Features

  • Award badges and recognition to users
  • Retrieve recognition programs and available badges
  • Access challenge and leaderboard data
  • Get user-specific recognition insights and achievements
  • Manage recognition workflows and approvals

πŸ’Ό Common Use Cases

  • External Integration: Award recognition when users complete tasks in other systems
  • Performance Tracking: Integrate recognition data with HR or performance management systems
  • Automated Recognition: Trigger awards based on specific behaviors or milestones
  • Gamification: Build custom leaderboards and achievement systems
πŸ“š Documentation: REST API: Recognition 

Analytics API

Comprehensive analytics and reporting capabilities for understanding community engagement and content performance.

πŸ”§ Key Features

  • Retrieve content engagement metrics and analytics
  • Access user activity and participation data
  • Get space-specific analytics and usage patterns
  • Track trending content and popular topics
  • Monitor community health and engagement metrics

πŸ’Ό Common Use Cases

  • Custom Dashboards: Build executive dashboards with community metrics
  • Content Strategy: Identify trending topics and high-performing content
  • User Engagement: Track and reward the most active community members
  • ROI Reporting: Measure community impact and business value
πŸ“š Documentation: REST API: Analytics 

Getting Help

If you need assistance, open a support case and include the following information:

  • API Endpoint: The specific endpoint and HTTP method (e.g., GET /api/users/me)
  • Request Headers: Include all headers, but redact your actual token
  • Request Body: Include the request payload if applicable
  • Error Response: Complete error message with HTTP status code
  • Network Environment: Any firewalls, proxies, or network restrictions

Wiki Index

Pages