Skip to main content
API Keys provide read-only access to published Metabind resources in production. While the Metabind web application uses JWT authentication for full administrative access, API Keys enable client applications (iOS, Android, React, web) to securely access published content without requiring user authentication.

Key Principles

Project Scoping

Each API key is scoped to a specific project and cannot access resources across projects. This provides a simplified permission model for client applications.

Read-Only Access

API keys provide read-only access to published content only:
  • Draft content requires JWT authentication with appropriate user roles
  • Keys can be revoked at any time
  • Designed specifically for production content delivery

Client Integration

API keys are designed for client-side applications:
  • Easily integrates with mobile and web applications
  • Used as header parameter (x-api-key) in API requests
  • No token refresh or expiration management required

Security

  • Cannot create or modify resources
  • Access limited to deployed/published content
  • No access to administrative functions
  • Activity is logged and monitored

The API Key Object

id
string
Unique identifier (UUID)
projectId
string
ID of the project this key belongs to
name
string
Descriptive name for the key (e.g., “iOS App Production”)
key
string
The actual API key value (only shown at creation time)
status
string
Status: active or revoked
lastUsed
string
Last time the key was used (ISO 8601 format)
createdBy
string
ID of the user who created the key
createdAt
string
Creation timestamp (ISO 8601 format)
updatedAt
string
Last update timestamp (ISO 8601 format)

Example Object

{
  "id": "afd8012b-d81e-41c6-92cd-eed0c6cb3676",
  "projectId": "70093272-90ef-43df-807b-b66dd0a0b322",
  "name": "iOS Production App",
  "key": "7zvFJw9L0qEoYdKx2mBt1sLpZj3nX7gW",
  "status": "active",
  "createdAt": "2024-03-20T10:00:00Z",
  "updatedAt": "2024-03-20T10:00:00Z",
  "lastUsed": "2024-03-21T15:30:00Z",
  "createdBy": "user456"
}
The API key value is only returned once during creation. Store it securely as it cannot be retrieved later.

Accessible APIs

API Keys provide access to the following read-only endpoints for published content:

Content Discovery

EndpointDescription
GET /saved-searchesList and execute saved searches
GET /saved-searches/:idGet specific saved search
POST /saved-searches/:id/executeExecute saved search (returns published content only)
GET /tagsList all tags for content categorization
GET /tags/:idGet specific tag information
GET /content-typesList published content types
GET /content-types/:idGet specific published content type

Content Access

EndpointDescription
GET /componentsAccess published components
GET /components/:idAccess published component versions
GET /packagesAccess published package information
GET /packages/:version/resolvedAccess resolved package with compiled components
GET /contentAccess published content
GET /content/:id/resolvedGet content with compiled code and dependencies
GET /assetsAccess published media assets

Real-time Updates

EndpointDescription
GET /eventsSubscribe to published resource updates
GET /:resourceType/eventsSubscribe to specific resource type updates
GET /:resourceType/:resourceId/eventsSubscribe to specific resource updates
All endpoints automatically filter to show only published/active content when accessed with API keys.

Using API Keys

Include the API key in the x-api-key header: 
curl -X GET "https://api.metabind.ai/api/v1/organizations/org123/projects/proj123/content" \
  -H "x-api-key: 7zvFJw9L0qEoYdKx2mBt1sLpZj3nX7gW"