Developers can access ASC using the REST based API. API endpoints are a limited subset and secured using a simplistic authentication token - by design. All API's can be reviewed and tested using the Swagger API documentation available at the URL: /api/v1/docs

The subset of APIs accessible for integration purposes are primarily limited to GET based methods.

API calls need to include a access_token query string parameter e.g. /api/v1/apps?access_token=ABC123

Each application has its own authentication token, this is to ensure each app can only access its own data. You can find this token using the Administration UI, you will need to be listed as a AppOwner or Developer for the application to view the token.

These are specified in the .env file. These tokens are allowed to access any applications data. They can be used for more generic API access and is used by the Portal UI.