Go to MAINTENANCE –> Settings –> API SETTINGS tab

• Allow API globally – should we enable API globaly? When it is disabled, all settings below are also disabled and not editable.
• Allow GET API – should we allow GET method to be used for API? Good for testing - but do not use in production! It is unsafe.
• API Secret Key – key to generate Hash
• XML API Extension – send XML output with HTML tag - this is used for broken .Net support, keep it unchecked if everything works for you.
• Allow API Login Redirect – if login is successful the customer will be redirected to MOR billing Main site.
• Disable hash checking – When it is on API functions can be used without sending hash. Default value: off.
• Uniquehash – admin's unique hash. Reseller can see it by going to SETTINGS -> Registration.

NOTE that M2 does not allow you to enable Allow API if API Secret Key is not entered. In such case you will get a message Invalid API secret key. Enter API Secret Key in order to fix this.

See also

• M4 API