Access Manager API Reference

Access Manager provides two services that work together to handle authentication, authorization, and identity management across the Lerian ecosystem. Whether you’re authenticating users, managing M2M connections, or controlling access permissions, these APIs give you full programmatic control over your security infrastructure.

API architecture

Access Manager is built on two core services, each with its own APIs:

Auth APIs

Manages authentication flows, tokens, and session control.

Identity APIs

Manages users, groups, and application credentials.

API requirements

Once Access Manager is enabled, all API requests to Midaz and its plugins require authentication.Every request must include an Authorization header with a valid Bearer token, or it will be rejected with a 401 Unauthorized response.

Request headers

All authenticated requests must include:

Authorization: Bearer {access_token}
Content-Type: application/json

Token expiration

Access tokens expire after 3600 seconds (1 hour)
Refresh tokens expire after 24 hours
Plan token refresh before expiration to avoid service interruption

Next steps

Review the Using Access Manager guide for workflow examples.
Learn about Access Manager Components architecture.
Check Best Practices for security recommendations.

Introduction

Auth APIs

Identity APIs

​API architecture

Auth APIs

Identity APIs

​API requirements

​Request headers

​Token expiration

​Next steps

API architecture

API requirements

Request headers

Token expiration

Next steps