By default, Metlo redacts your API trace request and response bodies, headers and query parameters. If you enable “Full Trace Capture” the whole API trace is sent to our servers but its end-to-end encrypted. The flow looks like this:
- A public/private key pair is generated locally in your web browser.
- You download your private key and the public key is sent to Metlo’s backend.
- In your own cloud, for endpoints that have “Full Trace Capture” enabled, Metlo pulls the public key from our backend and encrypts the traces before sending them.
- When viewing traces encrypted data is sent to your browser and your local private key is used to decrypt them.
Most of your data is redacted befor its sent to Metlo’s servers. All of our processing and attack detection happens in your servers in our agent. The only data we recieve is the following metadata:
- Trace Paths
- [If Enabled] The User ID a request is associated with
- The shape of your request and response bodies (parameter names and types)
- Detected Attacks
If you do enable “Full Trace Capture” for any specific endpoint we will send the whole trace to our servers but the data will be end-to-end encrypted.
Most metadata sent to Metlo is deleted after 7 days. Some metadata is kept in backups, which are deleted after 30 days.