This is where account admins will establish defaults for the API settings.
Require password change for auto-verified users - you may force your users to change their password after they're invited through API with already verified email addresses.
Allow passing API key as a parameter - disable if you want to block users from passing API key as a parameter when using API.
Hide personal API key in User object - this option allows hiding user API key, so it isn't disclosed to other users.