> ## Documentation Index
> Fetch the complete documentation index at: https://docs.metlo.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Welcome to Metlo
> Effortless API Security
Metlo is an open source API security tool you can **setup in \< 15 minutes**
that inventories your endpoints, **detects bad actors** and **blocks malicious traffic**
in real time.
With Metlo you can:
* **Detect API attacks in real time.**
* **Automatically block malicious actors.**
* **Create an Inventory of all your API Endpoints and Sensitive Data.**
* **Proactively test your APIs before they go into production.**
## Features
* **Endpoint Discovery** - Metlo scans network traffic and creates an inventory
of every single endpoint in your API.
* **Sensitive Data Scannning** - Each endpoint is scanned for PII data and
given a risk score.
* **Vulnerability Discovery** - Get Alerts for issues like unauthenticated
endpoints returning sensitive data, No HSTS headers, PII data in URL params,
Open API Spec Diffs and more
* **API Security Testing** - Build security tests directly in Metlo with a
simple HTTP Request editor and javascript assertions.
* **CI/CD Integration** - Integrate with your CI/CD to find issues in
development and staging.
* **Attack Detection** - Our ML Algorithms build a model for baseline API
behavior. Any deviation from this baseline is surfaced to your security team
as soon as possible.
* **Attack Context** - Metlo’s UI gives you full context around any attack to
help quickly fix the vulnerability.
## API Testing
* Metlo’s suite of automated tests and our security testing framework let you
find vulnerabilities in development.
* Our built in testing framework helps you get to 100% Security Coverage on your
highest risk APIs
* Integrates directly with your CI/CD
## We're Hiring!
We would love for you to come help us make Metlo better.
[Come join us at Metlo!](mailto:akshay@metlo.com)
## Open-source vs. paid
This repo is entirely MIT licensed. Features like user management, user roles
and attack protection require an enterprise license.
[Contact us](mailto:akshay@metlo.com) for more information.
## Development
Checkout our [development guide](/contribute/development-guide) for more info on how to
develop Metlo locally.
Metlo is an open source API security tool you can **setup in \< 15 minutes**
that inventories your endpoints, **detects bad actors** and **blocks malicious traffic**
in real time.
With Metlo you can:
* **Detect API attacks in real time.**
* **Automatically block malicious actors.**
* **Create an Inventory of all your API Endpoints and Sensitive Data.**
* **Proactively test your APIs before they go into production.**
## Features
* **Endpoint Discovery** - Metlo scans network traffic and creates an inventory
of every single endpoint in your API.
* **Sensitive Data Scannning** - Each endpoint is scanned for PII data and
given a risk score.
* **Vulnerability Discovery** - Get Alerts for issues like unauthenticated
endpoints returning sensitive data, No HSTS headers, PII data in URL params,
Open API Spec Diffs and more
* **API Security Testing** - Build security tests directly in Metlo with a
simple HTTP Request editor and javascript assertions.
* **CI/CD Integration** - Integrate with your CI/CD to find issues in
development and staging.
* **Attack Detection** - Our ML Algorithms build a model for baseline API
behavior. Any deviation from this baseline is surfaced to your security team
as soon as possible.
* **Attack Context** - Metlo’s UI gives you full context around any attack to
help quickly fix the vulnerability.
## API Testing
* Metlo’s suite of automated tests and our security testing framework let you
find vulnerabilities in development.
* Our built in testing framework helps you get to 100% Security Coverage on your
highest risk APIs
* Integrates directly with your CI/CD
## We're Hiring!
We would love for you to come help us make Metlo better.
[Come join us at Metlo!](mailto:akshay@metlo.com)
## Open-source vs. paid
This repo is entirely MIT licensed. Features like user management, user roles
and attack protection require an enterprise license.
[Contact us](mailto:akshay@metlo.com) for more information.
## Development
Checkout our [development guide](/contribute/development-guide) for more info on how to
develop Metlo locally.