Create a token
API tokens can be created through the Metronome app.- Click on Connections in the navigation bar.
- Click on API tokens & webhooks in the horizontal navigation bar on the resulting page.
- Click on the + Add button.
- Enter a descriptive name for the token and click Create new token.
- Copy the token string to a secure location before clicking Done.
SAVE YOUR TOKENBe sure to save the token you create. You cannot view the full token again.
Using tokens
When making API calls, provide the token using theAuthorization header. If using the SDK, the SDK will look for the API key under the environment variable METRONOME_BEARER_TOKEN by default. See SDK documentation for more details.
[insert code snippet for authentication in each language - pull from SDK doc].
If your token is valid, you’ll receive a JSON payload from the API—either data (if the endpoint returns records) or a 404 JSON error object if no resources are found.
If your token is invalid, you’ll receive a 401 or 403 error. See API status codes for more detail.
Postman Setup
If you use Postman:- Import the Metronome OpenAPI spec.
- In the collection settings, set Authorization to Bearer Token and use
{{api_token}}as the token. - Add
api_tokento your Postman environment variables.
Permissions
By default, Metronome API tokens will retain the same permissions as the user that created them. Metronome API tokens can also be limited in scope to reduce risk and follow the principle of least privilege. Metronome supports scoping by:- Access level (e.g., read-only)
- Environment (e.g., sandbox only)
- Endpoint (e.g., only getCustomers)
Archiving tokens
Metronome enables archiving tokens that are no longer in use. To do this, simply hit the Trash icon next to the relevant token in the Metronome UI. This action cannot be undone.BEST PRACTICESFollow security best practices by removing unused tokens and regularly rotating tokens in use.