The Metadata API is in beta and is subject to changes including access.
Getting Started with the Metadata API
Generate an Access Token
An access token is required for any request you send to the Metadata API.Before you proceed
Generating an access token requires giving it specific permissions regarding what it can access. Make sure to review available scopes before proceeding. Token Scopes Reference1
Click the profile icon in the lower-left corner and choose Instances
2
Click⚙️ next to your instance and choose Metadata API from the panel that opens
3
Click 'Manage Access Tokens'
4
Click 'New Access Token'
5
Give your access token a name
Access tokens can have different scopes, or permissions, defined. Giving each access token a recognizable name is important for you to quickly recognize which access tokens are created for specific purposes.
6
Select the expiry for your access token
By default, Xano will revoke your Metadata API access token after 7 days, which means if you need to access the API again, you would have to generate a new token.You can choose your own expiry duration; anything from 1 hour to never expire.
Use caution when defining extended expiry or setting tokens to never expire. Token rotation is good security practice.You can always revoke a token at any time.
7
Define the scopes for your token
The scopes tell Xano what this token has access to. Each scope has 4 options:C (Create) - Determines whether or not this token can create new dataR (Read) - Determines whether or not this token can read existing dataU (Update) - Determines whether or not this token can update existing dataD (Delete) - Determines whether or not this token can delete data.Each scope has their own API endpoints associated with them. If you aren’t sure which scopes you need for this token, use the reference below for additional information.
HintYou can hover over each permission to quickly add or remove all four types of scope.
| Scope | Description |
|---|---|
| Database | Access any of the content in your Xano database |
| Content | Access any content outside of the database or function stacks, such as branches, data sources, and realtime |
| Live Data Source | Access the data inside of your currently live data source |
| API Groups | Access API Groups and APIs |
| Functions | Access custom functions |
| Addons | Access addons |
| Task | Access background tasks |
| Files | Access file storage |
| Request History | Access request history |
8
Once you've set up your token, click button to copy it to your clipboard.
button to copy it to your clipboard.You will only be shown this token once, so make sure to copy it and store it in a safe place.If you lose the token, you should revoke it and create a new one.
Using your Access Token in Requests
The token should be sent as a header in the following format:Revoking an Access Token
When you access the metadata API panel, you can review all of your currently issued tokens and their scopes. By choosing a token and clicking
you can immediately revoke that token from use.
Using the APIs
For more information on using the APIs, please see the following pages:Account API
The account API allows you access to various settings and information about your Xano account and instances.
Instance API
The instance API allows you access to your workspaces, including all contents contained within them, such as tables, APIs, and more.