MyApi MyApi Join beta
DEVELOPER DOCS

Point an agent at MyApi.

Everything on this page is implementable today with the open beta. The full, machine-readable reference lives at /openapi.json (OpenAPI 3) and /llms.txt (agent instructions); this page is the human tour.

ON THIS PAGE
Quickstart — first call in five minutes Authentication — three ways in Scoped tokens — lifecycle & hierarchy REST — calling connected services MCP — one server, all your services Machine-readable discovery Workspaces, roles & teams

Quickstart

  1. Create an account (free during beta, no credit card).
  2. Connect a service — dashboard → Services → pick one of the 121 supported services → approve the OAuth consent or paste an API key. The credential goes into the encrypted vault.
  3. Create a scoped token — dashboard → Access Tokens → choose scopes (e.g. services:gmail:read) → copy the token. This is what your agent holds; it is shown once and stored hashed.
  4. Make the first call:
curl https://www.myapiai.com/api/v1/services \
  -H "Authorization: Bearer $MYAPI_TOKEN"

You'll get every connected service with its status. From there, GET /api/v1/tokens/me/capabilities tells any agent exactly what its token allows.

Authentication

Three ways in, all ending at the same gateway. All requests use Authorization: Bearer <token> unless noted.

MethodBest forHow
Dashboard tokenScripts, server-side agents, CIMint in dashboard → Access Tokens with explicit scopes; pass as Bearer header.
Ed25519 device key (ASC)MCP clients, long-lived agentsAgent generates a keypair and signs every request; owner approves the device once at /dashboard/devices. No bearer secret to leak — see /auth.md.
OAuth 2.0 + PKCEThird-party apps acting for a MyApi userStandard authorization-code flow; discovery at /.well-known/oauth-authorization-server (RFC 8414).

Agents with no credentials at all can request access via the no-auth handshake flow (POST /api/v1/handshakes) and poll until the owner approves — details in /llms.txt.

Scoped tokens

Scope hierarchy

admin:* > services:* > services:{name}:write > services:{name}:read. Write implies read. Per-service scopes are standaloneservices:gmail:read works without any global grant, and grants nothing else.

Lifecycle

A scoped token is never a provider credential: revoking it cannot break the underlying service connection, and it cannot be used to read vault secrets. More on the security model: /security/.

REST — calling connected services

One proxy endpoint reaches every connected service. The path is the provider's own REST path; MyApi attaches the sealed credential server-side:

# List Gmail messages through the gateway
curl -X POST https://www.myapiai.com/api/v1/services/gmail/proxy \
  -H "Authorization: Bearer $MYAPI_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "path": "/gmail/v1/users/me/messages",
        "method": "GET",
        "query": { "maxResults": 5 } }'

The complete endpoint surface (knowledge base, personas, memory, skills, automations, AFP file access) is in /openapi.json.

MCP

The MCP server surfaces every connected service, your knowledge base, and personas as tools — already scoped by the credential it runs under.

# Claude Code
claude mcp add myapi -- npx myapi-asc-mcp

# Any MCP client (stdio)
npx myapi-asc-mcp

On first run it generates an Ed25519 device keypair and registers it with your account; you approve the device once at /dashboard/devices and the keypair becomes the permanent credential — no token ever sits in the agent's config. Re-running enrollment replaces the old key and revokes it server-side.

Machine-readable discovery

EndpointWhat it is
/openapi.jsonFull OpenAPI 3 specification
/llms.txtAgent instructions incl. handshake flow & approval rules
/auth.mdAgent registration & authentication guide
/.well-known/api-catalogRFC 9727 API catalog linkset
/.well-known/oauth-authorization-serverRFC 8414 OAuth metadata
/.well-known/mcp/server-card.jsonMCP server card
/.well-known/agent-skills/index.jsonAgent Skills discovery index

Workspaces, roles & teams

Something missing or wrong on this page? Say so on Discord — docs bugs get fixed like code bugs.