This section provides information on Axon's suite of REST APIs. The Axon REST APIs communicate over HTTPS and use JSON. The available methods are used for a variety of administration, investigative, and search functions.
To authorize third-party applications to communicate with the REST API, see API Keys. To remove access or temporarily disable a key, see Manage Existing API Keys.
The following Axon APIs are currently available:
The Axon APIs use a number of technologies to ensure the security and integrity of solutions built using the API:
- All communication is encrypted using HTTPS. Supported versions of TLS are 1.1 and 1.2.
- The APIs are secured with a JSON Web Token (JWT). JWTs are used for the authentication and authorization of the endpoints. JWTs have a limited lifespan and are signed so that Axon can validate the authenticity of the token.
- As a consumer of the API, you can also use a valid API Key that is internally converted to a JWT. It allows for the same user permissions that are associated with the API Key to be used. Internally, API Keys are hashed and not retrievable in clear text after creation.
- You can disable or delete the API Key to revoke access.
To issue a request using an Axon API, you must use the appropriate base URL for the region of your tenant, as shown in the table below:
|US West (Oregon)||https://api.na01.prod.boreas.cloud/|
|European Union (EU)|
Authorizing API Requests
To authorize an Axon API request, you must use an Axon API Key in the Authorization header of your request. For instructions on how to get an Axon API Key, see API Keys.
The Authorization header should not have a prefix. For example:
The permissions of an API Key match the permissions of the user who requested it.