Skip to main content
The Endpoints API allows you to retrieve, update, and manage API endpoints that Metlo has discovered in your infrastructure.

List Endpoints

Retrieve a list of API endpoints with optional filtering.
cURL
curl 'https://<your-metlo-instance>/api/v1/endpoints?limit=20&offset=0' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Query Parameters

hosts
string[]
Filter by hostnames
riskScores
enum[]
Filter by risk scores: HIGH, MEDIUM, LOW, NONE
methods
enum[]
Filter by HTTP methods: GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
dataClasses
string[]
Filter by detected data classes (e.g., email, ssn, credit_card)
resourcePermissions
string[]
Filter by resource permissions
searchQuery
string
Text search across endpoint paths and metadata
isAuthenticated
string
Filter by authentication status: true, false, or omit for all
hostType
enum
default:"ANY"
Filter by host type: ANY, EXTERNAL, INTERNAL
offset
number
default:"0"
Number of results to skip for pagination
limit
number
default:"10"
Maximum number of results to return

Response

endpoints
ApiEndpoint[]
Array of endpoint objects
Response Example
[
  {
    "uuid": "550e8400-e29b-41d4-a716-446655440000",
    "path": "/api/users/{id}",
    "host": "api.example.com",
    "method": "GET",
    "riskScore": "MEDIUM",
    "dataClasses": ["email", "phone_number"],
    "resourcePermissions": ["user:read"],
    "firstDetected": "2026-02-15T10:30:00.000Z",
    "lastActive": "2026-03-03T12:00:00.000Z",
    "isAuthenticatedDetected": true,
    "isAuthenticatedUserSet": false,
    "fullTraceCaptureEnabled": false,
    "isGraphQl": false,
    "openapiSpecName": "users-api-v1",
    "owner": "platform-team",
    "createdAt": "2026-02-15T10:30:00.000Z",
    "updatedAt": "2026-03-03T12:00:00.000Z"
  }
]

Get Endpoint Details

Retrieve detailed information about a specific endpoint.
cURL
curl 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Path Parameters

endpointId
uuid
required
The unique identifier of the endpoint

Response

uuid
string
Unique identifier for the endpoint
path
string
The endpoint path (e.g., /api/users/{id})
host
string
The hostname where the endpoint is located
method
string
HTTP method (GET, POST, PUT, PATCH, DELETE, etc.)
riskScore
enum
Security risk score: HIGH, MEDIUM, LOW, or NONE
dataClasses
string[]
Detected sensitive data classes in the endpoint
dataFields
DataField[]
Detailed information about data fields
alerts
Alert[]
Security alerts associated with this endpoint
traces
ApiTrace[]
Recent API traces captured for this endpoint
openapiSpec
object
OpenAPI specification for this endpoint (if available)
graphQlSchema
string
GraphQL schema (if this is a GraphQL endpoint)

Get Endpoint Usage

Retrieve usage statistics for an endpoint.
cURL
curl 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}/usage' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Response

dailyUsage
array
Array of daily usage statistics
last1MinCnt
number
Number of requests in the last minute
Response Example
{
  "dailyUsage": [
    { "day": "2026-03-01T00:00:00.000Z", "cnt": 1523 },
    { "day": "2026-03-02T00:00:00.000Z", "cnt": 1789 },
    { "day": "2026-03-03T00:00:00.000Z", "cnt": 894 }
  ],
  "last1MinCnt": 3
}

Update Endpoint Authentication Status

Manually set whether an endpoint is authenticated.
cURL
curl -X PUT 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}/authenticated' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
  -H 'Content-Type: application/json' \
  -d '{"authenticated": true}'

Request Body

authenticated
boolean
required
Whether the endpoint requires authentication

Response

"Success"

Enable Full Trace Capture

Enable or disable full trace capture for an endpoint.
cURL
curl -X PUT 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}/enable-full-trace-capture' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
  -H 'Content-Type: application/json' \
  -d '{"enabled": true}'

Request Body

enabled
boolean
required
Whether to enable full trace capture

Delete Endpoint

Delete a specific endpoint.
cURL
curl -X DELETE 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Response

"Success"

Delete Multiple Endpoints

Delete multiple endpoints based on their UUIDs.
cURL
curl -X DELETE 'https://<your-metlo-instance>/api/v1/endpoints' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
  -H 'Content-Type: application/json' \
  -d '{
    "uuids": [
      "550e8400-e29b-41d4-a716-446655440000",
      "6ba7b810-9dad-11d1-80b4-00c04fd430c8"
    ]
  }'

Request Body

uuids
string[]
required
Array of endpoint UUIDs to delete

Get Suggested Paths

Get suggested path normalizations for an endpoint.
cURL
curl 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}/suggested-paths' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Response

Returns an array of suggested path patterns based on observed traffic.

Update Endpoint Paths

Update the path pattern for an endpoint.
cURL
curl -X POST 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}/update-paths' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
  -H 'Content-Type: application/json' \
  -d '{"paths": ["/api/users/{userId}"]}'

Request Body

paths
string[]
required
Array of path patterns to use

GraphQL Endpoints

Upload GraphQL Schema

Upload a GraphQL schema for an endpoint.
cURL
curl -X PUT 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}/graphql-schema' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
  -F '[email protected]'

Delete GraphQL Schema

Remove the GraphQL schema from an endpoint.
cURL
curl -X DELETE 'https://<your-metlo-instance>/api/v1/endpoint/{endpointId}/graphql-schema' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Get Hosts

Retrieve a list of all hosts.
cURL
curl 'https://<your-metlo-instance>/api/v1/hosts?limit=20&offset=0' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Query Parameters

searchQuery
string
Text search for host names
hostType
enum
default:"ANY"
Filter by type: ANY, EXTERNAL, INTERNAL
sortBy
enum
default:"NUM_ENDPOINTS"
Sort by field: NUM_ENDPOINTS, NAME, etc.
sortOrder
enum
default:"DESC"
Sort order: ASC or DESC
offset
number
default:"0"
Pagination offset
limit
number
default:"10"
Results limit

Response

[
  {
    "host": "api.example.com",
    "numEndpoints": 45,
    "isPublic": true
  }
]

Delete Hosts

Delete multiple hosts and all their endpoints.
cURL
curl -X DELETE 'https://<your-metlo-instance>/api/v1/hosts' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
  -H 'Content-Type: application/json' \
  -d '{"hosts": ["api.example.com", "old-api.example.com"]}'

Request Body

hosts
string[]
required
Array of hostnames to delete

Get Hosts Graph

Retrieve a graph visualization of host relationships.
cURL
curl 'https://<your-metlo-instance>/api/v1/hosts-graph' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Response

hosts
object
Map of hostnames to their metadata
edges
array
Array of connections between hosts

New Detections

Get newly detected endpoints and data fields.
cURL
curl 'https://<your-metlo-instance>/api/v1/new-detections?start=2026-03-01&end=2026-03-03&detectionType=ENDPOINT' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Query Parameters

start
string
Start date for detection range (ISO 8601)
end
string
End date for detection range (ISO 8601)
detectionType
enum
default:"ENDPOINT"
Type of detection: ENDPOINT or DATA_FIELD
detectionRiskScores
enum[]
default:"[]"
Filter by risk scores
detectionHosts
string[]
default:"[]"
Filter by hosts
detectionOffset
number
default:"0"
Pagination offset
detectionLimit
number
default:"10"
Results limit (max 50)

Get New Detections Aggregate

Get aggregated new detection statistics.
cURL
curl 'https://<your-metlo-instance>/api/v1/new-detections-agg' \
  -H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

Response

[
  {
    "day": "2026-03-01",
    "numEndpoints": 5,
    "numFields": 12
  },
  {
    "day": "2026-03-02",
    "numEndpoints": 3,
    "numFields": 8
  }
]

Error Responses

404 Not Found

"Endpoint does not exist."
Returned when the specified endpoint UUID is not found.

400 Bad Request

{
  "type": "ZOD",
  "message": "Invalid parameters",
  "err": {}
}
Returned when query parameters or request body fail validation.

Build docs developers (and LLMs) love

Get started for freeTalk to us