Summary API
The Summary API provides high-level metrics and statistics for your Metlo dashboard.
Get Dashboard Summary
Retrieve overall statistics including endpoints, alerts, and traffic metrics.
curl 'https://<your-metlo-instance>/api/v1/summary' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Response
Total number of discovered API endpoints
Number of endpoints with high risk scores
Total number of active alerts
Total number of detected PII data fields
Total number of detected attacks
Most common alert types
Number of alerts of this type
Example Response
{
"ok": true,
"data": {
"numEndpoints": 247,
"numHighRiskEndpoints": 12,
"numAlerts": 34,
"numPIIDataFields": 89,
"numAttacks": 5,
"topAlertTypes": [
{ "type": "PII_DATA_DETECTED", "count": 15 },
{ "type": "UNAUTHENTICATED_ENDPOINT", "count": 10 },
{ "type": "HIGH_ERROR_RATE", "count": 9 }
]
}
}
Get Endpoint Tracking Status
Check whether specific endpoints are being tracked by Metlo.
curl 'https://<your-metlo-instance>/api/v1/summary/endpoint-tracked' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Get Sensitive Data Summary
Retrieve a summary of sensitive data findings across all endpoints.
curl 'https://<your-metlo-instance>/api/v1/sensitive-data-summary' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Response
Returns aggregate statistics about sensitive data detected in your APIs, organized by data class and severity.
Instance Settings API
Manage global configuration settings for your Metlo instance.
Get Instance Settings
Retrieve current instance configuration.
curl 'https://<your-metlo-instance>/api/v1/instance-settings' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Response
Unique instance identifier
Whether attack blocking is enabled globally
Whether to skip already resolved issues during scans
Email address for update notifications
API key for Metlo cloud services (if using enterprise features)
Example Response
{
"ok": true,
"data": {
"uuid": "550e8400-e29b-41d4-a716-446655440000",
"blockingEnabled": true,
"skippedResolved": false,
"updateEmail": "[email protected]",
"metloAPIKey": null
}
}
Update Instance Settings
Modify instance configuration settings.
curl -X PUT 'https://<your-metlo-instance>/api/v1/instance-settings' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
-H 'Content-Type: application/json' \
-d '{
"blockingEnabled": true,
"skippedResolved": false,
"updateEmail": "[email protected]"
}'
Request Body
Enable or disable attack blocking globally
Whether to skip resolved issues in scans
Email for update notifications
Metlo cloud services API key (enterprise)
Disabling blockingEnabled will turn off attack blocking across your entire infrastructure. Use with caution.
OpenAPI Spec Management
Metlo provides endpoints to manage OpenAPI specifications for your APIs.
Upload OpenAPI Spec
Upload or update an OpenAPI specification.
curl -X POST 'https://<your-metlo-instance>/api/v1/spec' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
-H 'Content-Type: application/json' \
-d '{
"name": "users-api-v1",
"spec": "{ ... OpenAPI spec JSON ... }",
"hosts": ["api.example.com"]
}'
List OpenAPI Specs
Get all uploaded OpenAPI specifications.
curl 'https://<your-metlo-instance>/api/v1/specs' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Get OpenAPI Spec
Retrieve a specific OpenAPI specification by name.
curl 'https://<your-metlo-instance>/api/v1/spec/users-api-v1' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Delete OpenAPI Spec
Remove an OpenAPI specification.
curl -X DELETE 'https://<your-metlo-instance>/api/v1/spec/users-api-v1' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Download Specs as ZIP
Download all OpenAPI specifications as a ZIP archive.
curl 'https://<your-metlo-instance>/api/v1/specs/zip' \
-H 'Authorization: metlo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' \
-o specs.zip
OpenAPI specifications help Metlo validate actual API behavior against documented contracts and detect drift.
Next Steps
Endpoints API
Manage discovered endpoints
Alerts API
Configure and manage alerts