Metronome’s API uses bearer tokens to authenticate requests. This page walks through how to create and manage tokens.

Create a token

API tokens can be created through the Metronome app.
  1. Click on Connections in the navigation bar.
  2. Click on API tokens & webhooks in the horizontal navigation bar on the resulting page.
  3. Click on the + Add button.
  4. Enter a descriptive name for the token and click Create new token.
  5. Copy the token string to a secure location before clicking Done.
SAVE YOUR TOKENBe sure to save the token you create. You cannot view the full token again.
Create as many tokens as is useful, providing descriptive names for each. The token’s name is associated with API calls made using it, which can be helpful when tracking changes and requests in the Metronome audit log [link].

Using tokens

When making API calls, provide the token using the Authorization header. If using the SDK, the SDK will look for the API key under the environment variable METRONOME_BEARER_TOKEN by default. See SDK documentation for more details. [insert code snippet for authentication in each language - pull from SDK doc]. If your token is valid, you’ll receive a JSON payload from the API—either data (if the endpoint returns records) or a 404 JSON error object if no resources are found. If your token is invalid, you’ll receive a 401 or 403 error. See API status codes for more detail.

Postman Setup

If you use Postman:
  1. Import the Metronome OpenAPI spec.
  2. In the collection settings, set Authorization to Bearer Token and use {{api_token}} as the token.
  3. Add api_token to your Postman environment variables.
See our Postman guide for step-by-step instructions.

Permissions

By default, Metronome API tokens will retain the same permissions as the user that created them. Metronome API tokens can also be limited in scope to reduce risk and follow the principle of least privilege. Metronome supports scoping by:
  • Access level (e.g., read-only)
  • Environment (e.g., sandbox only)
  • Endpoint (e.g., only getCustomers)
To adjust permissions, contact your Metronome representative.

Archiving tokens

Metronome enables archiving tokens that are no longer in use. To do this, simply hit the Trash icon next to the relevant token in the Metronome UI. This action cannot be undone.
BEST PRACTICESFollow security best practices by removing unused tokens and regularly rotating tokens in use.