Skip to main content
API Keys provide read-only access to published Metabind resources in production. While the Metabind web application uses JWT authentication for full administrative access, API Keys enable client applications (iOS, Android, React, web) to securely access published content without requiring user authentication.

Key Principles

Project Scoping

Each API key is scoped to a specific project and cannot access resources across projects. This provides a simplified permission model for client applications.

Read-Only Access

API keys provide read-only access to published content only:
  • Draft content requires JWT authentication with appropriate user roles
  • Keys can be revoked at any time
  • Designed specifically for production content delivery

Client Integration

API keys are designed for client-side applications:
  • Easily integrates with mobile and web applications
  • Used as header parameter (x-api-key) in API requests
  • No token refresh or expiration management required

Security

  • Cannot create or modify resources
  • Access limited to deployed/published content
  • No access to administrative functions
  • Activity is logged and monitored

The API Key Object

id
string
Unique identifier (UUID)
projectId
string
ID of the project this key belongs to
name
string
Descriptive name for the key (e.g., “iOS App Production”)
key
string
The actual API key value (only shown at creation time)
status
string
Status: active or revoked
lastUsed
string
Last time the key was used (ISO 8601 format)
createdBy
string
ID of the user who created the key
createdAt
string
Creation timestamp (ISO 8601 format)
updatedAt
string
Last update timestamp (ISO 8601 format)

Example Object

{
  "id": "afd8012b-d81e-41c6-92cd-eed0c6cb3676",
  "projectId": "70093272-90ef-43df-807b-b66dd0a0b322",
  "name": "iOS Production App",
  "key": "7zvFJw9L0qEoYdKx2mBt1sLpZj3nX7gW",
  "status": "active",
  "createdAt": "2024-03-20T10:00:00Z",
  "updatedAt": "2024-03-20T10:00:00Z",
  "lastUsed": "2024-03-21T15:30:00Z",
  "createdBy": "user456"
}
The API key value is only returned once during creation. Store it securely as it cannot be retrieved later.

Client API Endpoints

For the complete list of endpoints accessible via API keys, see the Client API Endpoints section in the Authentication documentation.

Using API Keys

Include the API key in the x-api-key header: 
curl -X GET "https://api.metabind.ai/api/v1/organizations/org123/projects/proj123/content" \
  -H "x-api-key: 7zvFJw9L0qEoYdKx2mBt1sLpZj3nX7gW"
For detailed integration examples including iOS, Android, and React implementations, see Using API Keys.