A number of API settings are available via MIDAS Admin Options → Manage Addons → API Access.

MIDAS API Settings
Enable API access?Enables or disables API access. If disabled, all API calls will return:
{"error":"not enabled"}
Read Only access?With this setting enabled, the API will operate in "read-only" mode and will be prevented from making any changes to your MIDAS. If you only intend to read data from MIDAS, and not write/make changes using the API, you should select this option.
Allow GET (as well as POST) method?By default, only http POST requests to the API are permitted, and http GET requests are automatically rejected. Enabling this setting will permit either GET or POST http requests to be made to the API. See also: Should I use GET or POST when making API calls?
Force HTTP Status 200 for all responses?If enabled, all API calls should return a standard http 200 (OK) status code.
If disabled, the http status code returned by the API may vary.
Successful API calls will return either a 200 (OK) or 201 (Created) status. 201 status codes are specifically for successful "add_*" and "gen_invoice" API calls.
API calls which don't successfully complete will return a 4xx or 5xx status code. For more information, please refer to Appendix C - Error Handling.
Enable JSONP support?Enables/Disables returning JSONP data in API responses.
API actions appear in Recent Activity log?By default when a user performs an action in MIDAS (such as adding a booking), the action is recorded in the Recent Activity log. This setting controls whether actions performed through the API that result in changes to data within MIDAS should also be included in the Recent Activity log.
API usage log retention
(Only available to self-hosted editions of MIDAS)
Sets how long API usage logs should be retained for.
Allowed ReferrersRestricts calls to your API to only those originating from certain domains/IP addresses (comma separated). If left blank, API calls will be allowed from any referrer. For calls from banned referrers, the API will return:
{"error":"referrer not allowed"}
Rotate API KeyClicking this button will generate and display a new API key, which can then be copied to the clipboard.
WARNING: Generating a new API key will immediately invalidate your previous API key. Therefore, after generating a new key, you will need to update your API calls to use the newly generated key.