Comment on page
Metadata API (beta)
The Metadata API is in beta and is subject to changes including access.
The Metadata API (Beta) enables you to interact with your Xano workspace schema and content programmatically. The Metadata API includes a comprehensive collection of API endpoints designed to add and modify database tables, schemas, and more.
To find the Metadata API Swagger Documentation, select the style to open the Instance settings panel and select Metadata API.
Open Instance settings.
Select Metadata API.
It can be accessed by entering your Instance domain appended by /api:meta. For example:
Instance domain:
https://xabc-1yz2-abcd.xano.io
Metadata API Swagger documentation:
https://xabc-1yz2-abcd.xano.io/api:meta
Using the Metadata API will update your Xano database in real time. For example, if you modify content in a database table via the Metadata API, the change will be reflected immediately without needing to refresh.
The Metadata API is flexible regarding sending input values. It allows you to not need to send everything when making an update. For example, if you are updating a schema and want to just update the name then you can only send the updated name and the other metadata of the schema will remain unchanged.
For implementations wanting an easier way to integrate, it may be useful to start out with the Master Metadata API below. This way the only prompt from the user will be to get their access token, and then you use the Master Metadata API to get the Metadata API for the chosen instance.
The Master Metadata API is useful for listing Instances of an account in a UI. It has the ability to browse Instances or retrieve a specific Instance. The Swagger documentation can be accessed at the following URL:
https://app.xano.com/api:meta
Master Metadata API for browsing and retrieving Instances.
The Metadata API requires a Personal Access Token to authenticate.
You can create up to 10 Personal Access Tokens, which can be given different scopes to create, read, update, or delete via the Metadata API. Personal Access Tokens will also obey permissions from RBAC settings (premium add-on). For example, if you don't have access to the database via RBAC then neither will your Personal Access Token. A read-only scope is available, which is especially useful for a 3rd party application you want to give access to but need to restrict edits, deleting, or creating content.
Personal Access Tokens represent your account. Make sure use the appropriate scopes are used. Do not give out Personal Access Tokens without ensuring proper intent for them to be used.
Select Manage Access Tokens from the Account page.
Next, click + New Access Token.
Create a New Access Token.
Provide the token with a name and optionally deactivate scopes. Scopes are like permissions for the tokens, by default, the token will have full access.
Optional scopes for the token.
Once created, the token will be shown. The token will only be shown once, so be sure to copy it and store it securely.
Copy the token and secure it in a safe place.
Scopes are like permissions for the token. They define what access the token has with the Metadata API. By default, all scopes are selected meaning the token has full access. The scopes can be customized for the following objects:
Workspace Content - Database records. (API Endpoints in the table/content group.)
Workspace Database - Database tables, schema, and indexes.
Workspace Files - Files and media.
Workspace Request History - API Request History.
The scope permissions for each object include:
- Create - permission for the token to create the specified object.
- Read - permission for the token to read the specified object.
- Update - permission for the token to update or modify the specified object.
- Delete - permission for the token to delete the specified object.
Once you have an access token, use the Authorize button in Swagger to enter the token and authenticate in order to use the Metadata API.
Enter the token and select Authorize.
When setting up the calls to the various API Endpoints of the Metadata API outside of Swagger, authentication follows the Authorization: Bearer method in the request header. For example:
Authorization: Bearer <PERSONAL_ACCESS_TOKEN>
Validate the Access Token and identify the account details.
Interacts with the files and media of a workspace.
Interacts with the API Request History of a workspace.
Interacts with the content (database records) of a database table.
Interacts with the indexes of a database table.
Interacts with database tables of a workspace.
Creates the various schema types available for a workspace table.
Reads, updates, and deletes the schema of a database table.
The following subpages are various examples of how to leverage the Metadata API.
Last modified 30d ago