# Managed APIs URL: /managed-apis Type: howto Description: Import an OpenAPI spec so Stylo can use your REST API as tools in workflows and AI experiences. Keywords: managed api, openapi, rest, tools, spec Managed APIs let you bring your own REST API into Stylo. You create a managed API, import its OpenAPI spec, then choose which operations or tool groups Stylo can use. This is useful when your team needs Stylo to look up data or take actions in a system that does not already have a built-in integration. {/* TODO(docs): Screenshot of the Managed APIs detail page showing the Configuration card, Operations tab, and Tool Groups tab. Tracked in public/images/README.md. */} What you can do with Managed APIs [#what-you-can-do-with-managed-apis] After setup, Stylo can turn your imported API into tools that are available to workflows and AI. * Import operations from an OpenAPI spec in JSON or YAML * Choose an authentication type for the API * Review imported operations one by one * Enable or disable groups of related operations * Limit what Stylo can call before the API is used in production Before you start [#before-you-start] Managed APIs are gated by plan. In the current product, the Managed APIs area is shown as a Professional feature, and your workspace can only create up to the number of managed API configurations allowed by your plan. Before you create one, make sure you have: * A valid base URL for the API * An OpenAPI specification for the endpoints you want Stylo to use * A clear list of which read actions and write actions should be exposed Create a managed API [#create-a-managed-api] 1. Go to **Integrations**. 2. Open the **Managed APIs** tab. 3. Click **Add API**. 4. Enter a **Name**. 5. Enter the API **Base URL**. 6. Select an **Auth Type**: * `None` * `Bearer` * `API Key` * `Basic` * `Custom Header` 7. Add an optional **Description**. 8. Click **Create API**. Stylo then opens the new managed API detail page, where you can import the OpenAPI spec and review what will be available as tools. Import an OpenAPI spec [#import-an-openapi-spec] 1. Open the managed API you created. 2. Click **Import OpenAPI**. 3. Paste the OpenAPI specification into the dialog. 4. Click **Import**. If the import succeeds, Stylo shows a result summary with: * Number of operations imported * Number of tool groups created * Number of operation-to-group mappings created If the spec cannot be parsed, the import fails with a validation error. {/* TODO(docs): GIF of importing an OpenAPI spec and reviewing the import result summary. Tracked in public/images/README.md. */} Review imported operations [#review-imported-operations] The **Operations** tab is the most direct way to control API access. For each imported operation, Stylo shows: * The HTTP method * The imported operation name * The operation description, when available * The detected resource, when available * An enable or disable switch You can also: * Filter the list by HTTP method * Enable or disable a single operation * Enable or disable all currently filtered operations This is the safest place to narrow access before you use the managed API in live workflows. Review tool groups [#review-tool-groups] The **Tool Groups** tab shows the grouped tools generated from the imported spec. Each group bundles related operations into a smaller set of tools that Stylo can choose from more easily. For each group, Stylo shows: * Group name * Group description, when available * Intent label * Sensitivity label * Number of mapped operations * An enable or disable switch Use tool groups when you want broader control over a whole category of actions. Use individual operation toggles when you need tighter control. Recommended rollout pattern [#recommended-rollout-pattern] For most teams, the safest rollout is: 1. Import the full OpenAPI spec. 2. Start by enabling only lookup or low-risk operations. 3. Review any write actions carefully before enabling them. 4. Test the managed API in a controlled workflow before wider rollout. 5. Expand access only after the results are predictable. This matters because managed APIs can expose real external actions, not just read-only lookups. Limits and safety [#limits-and-safety] * Managed APIs can be deleted from the list or detail page. * Deleting a managed API removes its operations and tool groups and cannot be undone. * Stylo flags some imported operations as write or sensitive actions — review those carefully before you enable them. * If your workspace reaches its managed API limit, you can't create another until you're on a higher plan. Maintain a managed API [#maintain-a-managed-api] You choose an authentication type when you create or edit a managed API. After that, you can: * Edit its name, base URL, auth type, or description * Re-import the OpenAPI spec to refresh the available operations * Revisit operations and tool groups to tighten or widen access * Delete the managed API when it's no longer needed {/* TODO(docs): the create/edit forms don't yet expose a step for entering or rotating the API's stored credentials, though the backend supports it. Document the credential setup flow once that surface is confirmed. */} Related [#related] * Start with [Integrations](/integrations) for the broader integrations model * Continue to [Response Workflows](/response-workflows) if you want to use imported tools in automation