# APIs The **APIs** section of My Hub will contain the technical specifications and access controls for your APIs.

### Uploading APIs Use the **Upload APIs** button to upload API definition (OAS) files. Open API 2.0, 3.0 and 3.1 standards are supported. The API calls contained in your OAS file will be automatically parsed and displayed to consumers. {% hint style="info" %} YAML files are currently not supported, only JSON. {% endhint %} Expanding an API entry with the drop-down arrow will show you the Base URL, endpoints, and further details rendered from the OAS file.

{% hint style="info" %} Please note that only one Base URL will be used from the definition. Multiple servers in one API will not be handled by the gateway. If you have multiple servers in your OAS definition, the first one will be used. {% endhint %} You can now continue to **Assign Access Control**. This will bring you to the Access Controls tab where you specify authorization details used by your API. ### ### Access Control {% hint style="info" %} **Access Control** provides the authentication between the apinity marketplace and your API endpoint. It is **not shared with the consumers**. They will use their own [Consumer Clients](/step-by-step/subscribe-and-consume-a-service/consumer-clients.md) to authenticate to your service after they subscribed, and apinity will use your Access Control to forward their request to you. {% endhint %} * Access Control is optional. It allows for hands-off onboarding of consumers, leaving the authorization flow entirely to be handled by the marketplace. * If you skip Access Control, it is assumed that your API endpoint does not require authentication (e.g. a test or demo API), or that you provide the consumers with individual authorization tokens. * Access Controls can be freely assigned and unassigned to the uploaded APIs. * One access control can be assigned to one or multiple APIs. You can choose from the following authentication types and methods: | Static credentials | Token endpoint | | --------------------------------- | ----------------------------------------- | | Basic Auth | OAuth2 with grant type password | | Header with API Key | OAuth2 with grant type client credentials | | Header with Username and Password | HMAC | | | Header with authentication key | | | JSON payload | All your access controls will be listed in a table, and you can use the popup menu to **Edit** and **Assign them to an API**.

The assigning dialogue will highlight APIs that *already have access controls*. If you assign a new access control to these, it will replace their existing one. You may also see APIs flagged as *invalid*. These have incorrect or incomplete technical specification, and cannot have access control assigned at this point.

Once you successfully **uploaded an API** and decided your access control, you can use the API in a [Plan](/step-by-step/provide-a-service-on-the-marketplace/add-a-plan.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.apinity.io/step-by-step/provide-a-service-on-the-marketplace/add-an-api.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.