How to allow v4 admin users to visit /api/*?

Did you attached as Bearer token?