Metadata API

Last updated 17 days ago

Was this helpful?

Metadata API

The Metadata API is in beta and is subject to changes including access.

The Metadata API (Beta) enables you to interact with your Xano workspace schema and content programmatically. The Metadata API includes a comprehensive collection of API endpoints designed to add and modify database tables, schemas, and more.

The Metadata API is also used in some cases to facilitate an integration with Xano by providing the integration partner with your Metadata API access token.

Getting Started with the Metadata API

Generate an Access Token

An access token is required for any request you send to the Metadata API.

Before you proceed

Generating an access token requires giving it specific permissions regarding what it can access. Make sure to review available scopes before proceeding. Token Scopes Reference

Click in the lower-left corner and choose Instances

Click next to your instance and choose Metadata API from the panel that opens

Click

Give your access token a name

Access tokens can have different scopes, or permissions, defined. Giving each access token a recognizable name is important for you to quickly recognize which access tokens are created for specific purposes.

Select the expiry for your access token

By default, Xano will revoke your Metadata API access token after 7 days, which means if you need to access the API again, you would have to generate a new token.

You can choose your own expiry duration; anything from 1 hour to never expire.

Use caution when defining extended expiry or setting tokens to never expire. Token rotation is good security practice.

You can always revoke a token at any time.

Define the scopes for your token

The scopes tell Xano what this token has access to. Each scope has 4 options:

C (Create) - Determines whether or not this token can create new data

R (Read) - Determines whether or not this token can read existing data

U (Update) - Determines whether or not this token can update existing data

D (Delete) - Determines whether or not this token can delete data.

Hint

You can hover over each permission to quickly add or remove all four types of scope.

Each scope has their own API endpoints associated with them. If you aren't sure which scopes you need for this token, use the reference below for additional information.

Scope

Description

Database

Access any of the content in your Xano database

Content

Access any content outside of the database or function stacks, such as branches, data sources, and realtime

Live Data Source

Access the data inside of your currently live data source

API Groups

Access API Groups and APIs

Functions

Access custom functions

Addons

Access addons

Task

Access background tasks

Files

Access file storage

Request History

Access request history

Once you've set up your token, click

You will be shown your new access token. Click the button to copy it to your clipboard.

You will only be shown this token once, so make sure to copy it and store it in a safe place.

If you lose the token, you should revoke it and create a new one.

Using your Access Token in Requests

The token should be sent as a header in the following format:

Authorization: Bearer your_token_here

Revoking an Access Token

When you access the metadata API panel, you can review all of your currently issued tokens and their scopes.

The Account API

The Account API allows you access to various settings and information about your Xano account.

Please use extreme caution when sharing your Metadata API access tokens, as they can provide access to all of your Xano data.

Account API Endpoints

Account Information

Instances

Snippets

The Instance API

The Instance API allows you to access data inside of your Xano instances, such as your database, files, and function stacks.

API Groups

APIs

Workspace

Tables

Functions

Tasks

Files

Realtime

The Metadata API is flexible regarding sending input values. You only need to send the values required to process your request. For example, if you are updating a schema and want to just update the name, then you only need to send the updated name and the other metadata of the schema will remain unchanged.

For partners wanting an easier way to integrate, it may be useful to start out with the Account API. This way the only prompt from the user will be to get their access token, and then you can use the Account API to get a list of the user's instances, leading to the Instance API for workspaces, tables, and APIs.

Last updated 17 days ago

Was this helpful?

Getting Started with the Metadata API

Generate an Access Token

Before you proceed

Click in the lower-left corner and choose Instances

Click next to your instance and choose Metadata API from the panel that opens

Click

Click

Give your access token a name

Select the expiry for your access token

Define the scopes for your token

Once you've set up your token, click

Using your Access Token in Requests

Revoking an Access Token

The Account API

Account API Endpoints

The Instance API

Getting Started with the Metadata API

Generate an Access Token

Before you proceed

Click in the lower-left corner and choose Instances

Click next to your instance and choose Metadata API from the panel that opens

Click

Click

Give your access token a name

Select the expiry for your access token

Define the scopes for your token

Once you've set up your token, click

Using your Access Token in Requests

Revoking an Access Token

The Account API

Account API Endpoints

The Instance API

Validate the Access Token and identify the account details.

browse instances

get instance

browse instances

list snippets owned by the authenticated user

get a specific snippet by ID

returns a list of tokens for a snippet

deletes a snippet token