> ## Documentation Index
> Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt
> Use this file to discover all available pages before exploring further.

# Access Manager API overview

<Tip>
  **This section is intended for developers.** If you're looking for a business-level overview of Access Manager, see [Access Manager](/en/platform/access-manager/access-manager).
</Tip>

Access Manager provides two services that work together to handle authentication, authorization, and identity management across the Lerian ecosystem.

Use these APIs to authenticate users, manage M2M connections, and control access permissions programmatically.

## API architecture

***

Access Manager is built on two core services, each with its own APIs:

<Columns cols={2}>
  <Card title="Auth APIs" icon="user-unlock" href="/en/reference/access-manager/am-auth-apis">
    Manages authentication flows, tokens, and session control.
  </Card>

  <Card title="Identity APIs" icon="user-tag" href="/en/reference/access-manager/am-identity-apis">
    Manages users, groups, applications, providers, application-provider links, and MFA configuration.
  </Card>

  <Card title="Error list" icon="exclamation-triangle" href="/en/reference/access-manager/access-manager-error-list">
    Review Auth and Identity error codes.
  </Card>
</Columns>

## API requirements

***

<Danger>
  Once Access Manager is enabled, protected product APIs require authentication.

  Every request must include an `Authorization` header with a valid Bearer token, or it will be rejected with a `401 Unauthorized` response.
</Danger>

### Request headers

All authenticated requests must include:

```http theme={null}
Authorization: Bearer {access_token}
Content-Type: application/json
```

### Token expiration

* Access tokens expire after **3600 seconds (1 hour)**
* Refresh tokens expire after **24 hours**
* Plan token refresh before expiration to avoid service interruption

## Endpoint groups

***

Use these overview pages to find the endpoint you need:

* [Auth APIs](/en/reference/access-manager/am-auth-apis) — token requests, token refresh, logout, user information, permission checks, and MFA login challenges.
* [Identity APIs](/en/reference/access-manager/am-identity-apis) — users, groups, applications, providers, provider links, and MFA management.
* [Access Manager error list](/en/reference/access-manager/access-manager-error-list) — error codes returned by Auth and Identity.

## Next steps

***

* Review the [Using Access Manager](/en/platform/access-manager/using-access-manager) guide for workflow examples.
* Learn about [Access Manager Components](/en/platform/access-manager/am-components) architecture.
* Check [Best Practices](/en/platform/access-manager/am-best-practices) for security recommendations.
