Base URL
All API endpoints are served from your Metlo instance:Authentication
All API requests must be authenticated using an API key. See the Authentication page for details on how to obtain and use API keys.Response Format
Success Response
Successful requests return HTTP status200 with the response payload:
Error Response
Failed requests return appropriate HTTP status codes with error messages:HTTP Status Codes
The Metlo API uses standard HTTP status codes:| Status Code | Description |
|---|---|
200 | Success |
400 | Bad Request - Invalid parameters or validation error |
401 | Unauthorized - Missing or invalid API key |
404 | Not Found - Resource does not exist |
409 | Conflict - Resource already exists |
422 | Unprocessable Entity - Request cannot be processed |
500 | Internal Server Error - Something went wrong on the server |
Validation Errors
When request parameters fail validation, you’ll receive a400 status with details:
Pagination
Many list endpoints support pagination usingoffset and limit parameters:
Number of items to skip
Maximum number of items to return
Filtering
Most list endpoints support filtering by various criteria. Common filters include:- Risk Scores: Filter by security risk level (HIGH, MEDIUM, LOW, NONE)
- Hosts: Filter by hostname
- Status: Filter by status (RESOLVED, IGNORED, etc.)
- Search Query: Text search across relevant fields
API Sections
The Metlo API is organized into the following sections:Endpoints API
Manage and query your API endpoints
Alerts API
View and manage security alerts
Data Classes API
Access data classification information
Testing API
Generate and manage API tests
Rate Limiting
Currently, there are no enforced rate limits on the Metlo API. However, we recommend implementing client-side rate limiting to avoid overloading your instance.Need Help?
If you encounter issues or have questions about the API:- Check the specific endpoint documentation
- Review error messages for validation details
- Contact support with your request details