What is Metlo?

Metlo is an open-source API security platform

  • Create an Inventory of all your API Endpoints and Sensitive Data.
  • Proactively test your APIs before they go into production.
  • Detect API attacks in real time.


Endpoint Discovery

  • Undocumented, legacy and shadow API endpoints are an unknown and unprotected attack surface.
  • Metlo scans network traffic and creates an inventory of every single endpoint in your API.
  • Each endpoint is scanned for PII data and given a risk score.

API Testing

  • Metlo’s suite of automated tests and our security testing framework let you find vulnerabilities in development.
  • Our built in testing framework helps you get to 100% Security Coverage on your highest risk APIs
  • Integrates directly with your CI/CD


  • Metlo alerts your security team as soon as anomalous API usage patterns are detected.
  • Our ML Algorithms build a model for baseline API behavior. Any deviation from this baseline is surfaced as soon as possible.
  • Metlo’s UI gives you full context around any attack to help quickly fix the vulnerability.

Did this page help you?