The Axero REST API allows you to access data, automate tasks, and integrate your platform with other tools or services, providing extensive customization and flexibility. You can learn more about functionalities, guidelines, and best practices in the REST API Overview.
The REST API key is tied to the user’s roles and permissions in Axero, which ensures that access to content and functions in the REST API is controlled based on the user’s permissions. If you're looking to perform administrative functions through the REST API, instead of replicating a specific person's experience, it is common to create a master system user account with the Site Administrator role.
Role-based access is supported in both Basic and Advanced configurations, allowing you to tailor permissions as needed. Once the REST API is enabled for the desired role, API keys can be generated and managed. To learn more about creating and managing API keys, refer to the REST API Management.
Note: Advanced Settings are currently in beta.
To access all security levels on the REST API Settings page, ensure the system properties EnableLegacyAPIKey is set to false and EmulateLegacyAPIKey is set to true.
With Advanced REST API enabled, key management tasks are now centralized on the Integrations page with the simple REST API key management removed from the Preferences page. This is where new keys will be created. While these keys can only be viewed once for security purposes, they can be revoked and recreated as needed. Learn more about REST API Management.
Choose from three distinct security levels, each designed to provide different degrees of protection and functionality based on your organization's needs. After enabling the roles and selecting the security levels, API keys can be generated in the Authorizations section on the Integrations page.
The REST API settings include three security levels, each providing different degrees of protection and functionality:
This security level continues to support existing legacy API tokens to ensure backward compatibility with older integrations, facilitating a smoother transition for organizations dependent on legacy integrations.
Note When Legacy security mode is removed in 2025, sites set to Legacy mode will be automatically upgraded to High Security.
This security level enhances safeguards by eliminating legacy API keys and improving token management controls. It is tailored for organizations that prioritize strengthened security measures but still require some flexibility in API interactions.
Advanced Integrations: Third-party integrations that use inputted username and password for authentication are still supported at this security level, providing an extra degree of flexibility not available at the Extra High level.
Note Legacy REST API keys will no longer function so make sure new authentications have been created for legacy applications. New tokens, complete with expiry settings, will be available on the Integrations page.
Token Expiration Settings (Applicable to High and Extra High Security Levels)
Default Token Expiration: Admins can set the default expiration period for newly created personal authorization tokens. This setting determines how long tokens remain valid unless specified otherwise during their creation on the Integrations page. For example, if the default expiration period is set to 1 year, when a new authorization is created it will start with a 1 year expiration period.
Maximum Token Expiration: Admins can set the maximum allowable duration for personal authorization tokens. While creating tokens on the Integrations page, the expiration time that can be set cannot exceed this value.
Allow Unexpiring Tokens: Admins can decide whether users can create tokens without an expiration date. If this option is enabled, users have the option to set tokens to not expire.
This security level provides the highest level of security but also limits the range of integrations that are possible.
Implications: Third-party integrations requiring username and password for authentication will not function. This level restricts API usage to prevent unauthorized data access.
Mobile App Compatibility: The official mobile app, which relies on the username and password method, will be non-operational under this setting until updated to align with new security protocols.
REST API Management
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/350/rest-api-settings
Your session has expired. You are being logged out.