Add an API

An API is the technical representation of a product. APIs can belong to one or more Services.

The API Collection section of My Hub will contain the technical specifications and access controls for your APIs.

API Collection

Use the Upload APIs button to upload API definition (OAS) files. Open API 2.0 and 3.0 standards are supported. The API calls contained in your OAS file will be automatically parsed and displayed to consumers.

XML files are currently not supported, only JSON.

OpenAPI 3.1.x is currently not supported, only from 2.0 to 3.0.x

Expanding an API entry with the drop-down arrow will show you the Base URL, endpoints, and further details rendered from the OAS file.

Please note that only one Base URL will be used from the definition. Multiple servers in one API will not be handled by the gateway. If you have multiple servers in your OAS definition, the first one will be used.

You can now continue to Set up your Access Control. This will bring you to the Access Controls tab where you specify the technical authentication details used by your APIs.

Access Control

Access Control provides the authentication between the apinity marketplace and your API endpoint. It is not shared with the consumers. They will use their own Consumer Clients to authenticate to your service after they subscribed, and apinity will use your Access Control to forward their request to you.

  • Access Control is optional. It allows for hands-off onboarding of consumers, leaving the authorization flow entirely to be handled by the marketplace.

  • If you skip Access Control, it is assumed that your API endpoint does not require authentication (e.g. a test or demo API), or that you provide the consumers with individual authorization tokens.

  • Access Controls can be freely assigned and unassigned to the uploaded APIs.

  • One access control can be assigned to one or multiple APIs.

You can choose from the following authentication types and methods:

Static credentialsToken endpoint

Basic Auth

OAuth2 with grant type password

Header with API Key

OAuth2 with grant type client credentials

Header with Username and Password


Header with authentication key

JSON payload

All your access controls will be listed in a table, and you can use the popup menu to Edit and Assign them to an API.

The assigning dialogue will highlight APIs that already have access controls. If you assign a new access control to these, it will replace their existing one. You may also see APIs flagged as invalid. These have incorrect or incomplete technical specification, and cannot have access control assigned at this point.

Last updated