Skip to main content
Metlo Logo

Secure Your API

Metlo is an open-source API security platform you can set up in under 15 minutes that inventories your endpoints, detects bad actors, and blocks malicious traffic in real time. API security breaches have increased by 200% in the last year alone, affecting companies like Uber, Meta, and Experian. Metlo provides enterprise-grade API security that you can self-host and get started with for free.

Key Capabilities

Real-Time Attack Detection

Passively monitor API traffic and tag malicious requests using patterns trained on known attack vectors

Automatic Blocking

Cloud detection engine identifies bad actors and blocks malicious requests at the agent level in real time

API Discovery

Automatically scan network traffic to create a complete inventory of every API endpoint

Sensitive Data Scanning

Detect PII data in endpoints and assign risk scores based on data sensitivity

Why Metlo?

Most API security solutions require lengthy sales processes or force you to send traffic to third-party clouds. Metlo is the first open-source API security platform that you can:
  • Self-host on your own infrastructure
  • Deploy in under 15 minutes
  • Start using for free right away
  • Scale to protect all your APIs

Quickstart

Get Metlo running with Docker in under 5 minutes

Architecture

Understand how Metlo components work together

Security Testing

Build tests for OWASP Top 10 vulnerabilities

Deploy to Production

Deploy to AWS, GCP, or Azure

Core Features

Endpoint Discovery

Metlo automatically scans network traffic and creates an inventory of every API endpoint in your infrastructure. No manual configuration required.

Attack Detection & Context

Our detection models are built on patterns of malicious requests to identify:
  • SQL Injection attempts
  • Broken Object Level Authorization (BOLA)
  • Broken Authentication
  • Cross-Site Scripting (XSS)
  • API-specific attacks
The UI provides full context around any attack to help you quickly fix vulnerabilities.

API Security Testing

Build security tests directly in Metlo with auto-generated tests for OWASP Top 10 vulnerabilities.
For tests that can’t be auto-generated, use our built-in YAML testing framework to achieve 100% security coverage on your highest-risk APIs: 
id: test-payment-processor-metlo.com-user-billing

meta:
  name: test-payment-processor.metlo.com/user/billing Test Auth
  severity: CRITICAL
  tags:
    - BROKEN_AUTHENTICATION

test:
  - request:
      method: POST
      url: https://test-payment-processor.metlo.com/user/billing
      headers:
        - name: Content-Type
          value: application/json
        - name: Authorization
          value: Bearer <token>
      data: |-
        { "ccn": "4111111111111111", "cc_exp": "12/25", "cc_code": "123" }
    assert:
      - key: resp.status
        value: 200
  - request:
      method: POST
      url: https://test-payment-processor.metlo.com/user/billing
      headers:
        - name: Content-Type
          value: application/json
      data: |-
        { "ccn": "4111111111111111", "cc_exp": "12/25", "cc_code": "123" }
    assert:
      - key: resp.status
        value: [ 401, 403 ]

CI/CD Integration

Integrate Metlo with your CI/CD pipeline to find security issues in development and staging environments before they reach production.

Open Source & Enterprise

This repository is entirely MIT licensed. Features like advanced user management, user roles, and attack protection require an enterprise license.
The core Metlo platform is completely free and open source. For enterprise features, contact us for more information.

Language Support

Metlo provides ingestors for multiple languages and frameworks:
  • Node.js - Express, Koa, Fastify
  • Python - Flask, Django, FastAPI
  • Go - Standard library, popular frameworks
  • Java - Spring Boot, Jakarta EE
  • Kubernetes - DAPR integration

Next Steps

Quick Start

Deploy locally with Docker

Architecture

Learn system components

GitHub Repository

View source code

Build docs developers (and LLMs) love

Get started for freeTalk to us