diff --git a/build.gradle b/build.gradle
index d50801bd207f4..2a75ea9d12dac 100644
--- a/build.gradle
+++ b/build.gradle
@@ -159,8 +159,8 @@ task verifyVersions {
  * the enabled state of every bwc task. It should be set back to true
  * after the backport of the backcompat code is complete.
  */
-final boolean bwc_tests_enabled = true
-final String bwc_tests_disabled_issue = "" /* place a PR link here when committing bwc changes */
+final boolean bwc_tests_enabled = false
+final String bwc_tests_disabled_issue = "https://github.com/elastic/elasticsearch/pull/38687" /* place a PR link here when committing bwc changes */
 if (bwc_tests_enabled == false) {
   if (bwc_tests_disabled_issue.isEmpty()) {
     throw new GradleException("bwc_tests_disabled_issue must be set when bwc_tests_enabled == false")
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
index f615fbd0b5306..a9054f18f5487 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
@@ -22,6 +22,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
     private static final String ROLES_XFIELD = "roles";
     private static final String ROLE_MAPPING_XFIELD = "role_mapping";
     private static final String SSL_XFIELD = "ssl";
+    private static final String TOKEN_SERVICE_XFIELD = "token_service";
+    private static final String API_KEY_SERVICE_XFIELD = "api_key_service";
     private static final String AUDIT_XFIELD = "audit";
     private static final String IP_FILTER_XFIELD = "ipfilter";
     private static final String ANONYMOUS_XFIELD = "anonymous";
@@ -29,6 +31,8 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
     private Map<String, Object> realmsUsage;
     private Map<String, Object> rolesStoreUsage;
     private Map<String, Object> sslUsage;
+    private Map<String, Object> tokenServiceUsage;
+    private Map<String, Object> apiKeyServiceUsage;
     private Map<String, Object> auditUsage;
     private Map<String, Object> ipFilterUsage;
     private Map<String, Object> anonymousUsage;
@@ -39,6 +43,10 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException {
         realmsUsage = in.readMap();
         rolesStoreUsage = in.readMap();
         sslUsage = in.readMap();
+        if (in.getVersion().onOrAfter(Version.V_8_0_0)) { // TODO change the version to V_7_1_0 on backporting
+            tokenServiceUsage = in.readMap();
+            apiKeyServiceUsage = in.readMap();
+        }
         auditUsage = in.readMap();
         ipFilterUsage = in.readMap();
         if (in.getVersion().before(Version.V_6_0_0_beta1)) {
@@ -52,12 +60,15 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException {
     public SecurityFeatureSetUsage(boolean available, boolean enabled, Map<String, Object> realmsUsage,
                                    Map<String, Object> rolesStoreUsage, Map<String, Object> roleMappingStoreUsage,
                                    Map<String, Object> sslUsage, Map<String, Object> auditUsage,
-                                   Map<String, Object> ipFilterUsage, Map<String, Object> anonymousUsage) {
+                                   Map<String, Object> ipFilterUsage, Map<String, Object> anonymousUsage,
+                                   Map<String, Object> tokenServiceUsage, Map<String, Object> apiKeyServiceUsage) {
         super(XPackField.SECURITY, available, enabled);
         this.realmsUsage = realmsUsage;
         this.rolesStoreUsage = rolesStoreUsage;
         this.roleMappingStoreUsage = roleMappingStoreUsage;
         this.sslUsage = sslUsage;
+        this.tokenServiceUsage = tokenServiceUsage;
+        this.apiKeyServiceUsage = apiKeyServiceUsage;
         this.auditUsage = auditUsage;
         this.ipFilterUsage = ipFilterUsage;
         this.anonymousUsage = anonymousUsage;
@@ -69,6 +80,8 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeMap(realmsUsage);
         out.writeMap(rolesStoreUsage);
         out.writeMap(sslUsage);
+        out.writeMap(tokenServiceUsage);
+        out.writeMap(apiKeyServiceUsage);
         out.writeMap(auditUsage);
         out.writeMap(ipFilterUsage);
         if (out.getVersion().before(Version.V_6_0_0_beta1)) {
@@ -87,6 +100,8 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx
             builder.field(ROLES_XFIELD, rolesStoreUsage);
             builder.field(ROLE_MAPPING_XFIELD, roleMappingStoreUsage);
             builder.field(SSL_XFIELD, sslUsage);
+            builder.field(TOKEN_SERVICE_XFIELD, tokenServiceUsage);
+            builder.field(API_KEY_SERVICE_XFIELD, apiKeyServiceUsage);
             builder.field(AUDIT_XFIELD, auditUsage);
             builder.field(IP_FILTER_XFIELD, ipFilterUsage);
             builder.field(ANONYMOUS_XFIELD, anonymousUsage);
@@ -96,4 +111,5 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx
     public Map<String, Object> getRealmsUsage() {
         return Collections.unmodifiableMap(realmsUsage);
     }
+
 }
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java
index bc79fab0043aa..2e5832d0834e7 100644
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java
@@ -29,7 +29,9 @@
 import java.util.concurrent.atomic.AtomicReference;
 
 import static java.util.Collections.singletonMap;
+import static org.elasticsearch.xpack.core.XPackSettings.API_KEY_SERVICE_ENABLED_SETTING;
 import static org.elasticsearch.xpack.core.XPackSettings.HTTP_SSL_ENABLED;
+import static org.elasticsearch.xpack.core.XPackSettings.TOKEN_SERVICE_ENABLED_SETTING;
 import static org.elasticsearch.xpack.core.XPackSettings.TRANSPORT_SSL_ENABLED;
 
 /**
@@ -93,6 +95,8 @@ public Map<String, Object> nativeCodeInfo() {
     @Override
     public void usage(ActionListener<XPackFeatureSet.Usage> listener) {
         Map<String, Object> sslUsage = sslUsage(settings);
+        Map<String, Object> tokenServiceUsage = tokenServiceUsage(settings);
+        Map<String, Object> apiKeyServiceUsage = apiKeyServiceUsage(settings);
         Map<String, Object> auditUsage = auditUsage(settings);
         Map<String, Object> ipFilterUsage = ipFilterUsage(ipFilter);
         Map<String, Object> anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings));
@@ -103,9 +107,9 @@ public void usage(ActionListener<XPackFeatureSet.Usage> listener) {
         final CountDown countDown = new CountDown(3);
         final Runnable doCountDown = () -> {
             if (countDown.countDown()) {
-                listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(),
-                        rolesUsageRef.get(), roleMappingUsageRef.get(),
-                        sslUsage, auditUsage, ipFilterUsage, anonymousUsage));
+                listener.onResponse(new SecurityFeatureSetUsage(available(), enabled(), realmsUsageRef.get(), rolesUsageRef.get(),
+                        roleMappingUsageRef.get(), sslUsage, auditUsage, ipFilterUsage, anonymousUsage, tokenServiceUsage,
+                        apiKeyServiceUsage));
             }
         };
 
@@ -152,6 +156,14 @@ static Map<String, Object> sslUsage(Settings settings) {
         return map;
     }
 
+    static Map<String, Object> tokenServiceUsage(Settings settings) {
+        return singletonMap("enabled", TOKEN_SERVICE_ENABLED_SETTING.get(settings));
+    }
+
+    static Map<String, Object> apiKeyServiceUsage(Settings settings) {
+        return singletonMap("enabled", API_KEY_SERVICE_ENABLED_SETTING.get(settings));
+    }
+
     static Map<String, Object> auditUsage(Settings settings) {
         Map<String, Object> map = new HashMap<>(2);
         map.put("enabled", XPackSettings.AUDIT_ENABLED.get(settings));
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java
index a8b2bf4b5350d..146dc78698eca 100644
--- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java
+++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java
@@ -96,6 +96,24 @@ public void testUsage() throws Exception {
         settings.put("xpack.security.http.ssl.enabled", httpSSLEnabled);
         final boolean transportSSLEnabled = randomBoolean();
         settings.put("xpack.security.transport.ssl.enabled", transportSSLEnabled);
+
+        boolean configureEnabledFlagForTokenService = randomBoolean();
+        final boolean tokenServiceEnabled;
+        if (configureEnabledFlagForTokenService) {
+            tokenServiceEnabled = randomBoolean();
+            settings.put("xpack.security.authc.token.enabled", tokenServiceEnabled);
+        } else {
+            tokenServiceEnabled = httpSSLEnabled;
+        }
+        boolean configureEnabledFlagForApiKeyService = randomBoolean();
+        final boolean apiKeyServiceEnabled;
+        if (configureEnabledFlagForApiKeyService) {
+            apiKeyServiceEnabled = randomBoolean();
+            settings.put("xpack.security.authc.api_key.enabled", apiKeyServiceEnabled);
+        } else {
+            apiKeyServiceEnabled = httpSSLEnabled;
+        }
+
         final boolean auditingEnabled = randomBoolean();
         settings.put(XPackSettings.AUDIT_ENABLED.getKey(), auditingEnabled);
         final boolean httpIpFilterEnabled = randomBoolean();
@@ -185,6 +203,12 @@ public void testUsage() throws Exception {
                 assertThat(source.getValue("ssl.http.enabled"), is(httpSSLEnabled));
                 assertThat(source.getValue("ssl.transport.enabled"), is(transportSSLEnabled));
 
+                // check Token service
+                assertThat(source.getValue("token_service.enabled"), is(tokenServiceEnabled));
+
+                // check API Key service
+                assertThat(source.getValue("api_key_service.enabled"), is(apiKeyServiceEnabled));
+
                 // auditing
                 assertThat(source.getValue("audit.enabled"), is(auditingEnabled));
                 if (auditingEnabled) {
@@ -218,6 +242,8 @@ public void testUsage() throws Exception {
             } else {
                 assertThat(source.getValue("realms"), is(nullValue()));
                 assertThat(source.getValue("ssl"), is(nullValue()));
+                assertThat(source.getValue("token_service"), is(nullValue()));
+                assertThat(source.getValue("api_key_service"), is(nullValue()));
                 assertThat(source.getValue("audit"), is(nullValue()));
                 assertThat(source.getValue("anonymous"), is(nullValue()));
                 assertThat(source.getValue("ipfilter"), is(nullValue()));