Skip to main content

REST API

Leverage MetaLocator's powerful, modern REST API for application and data integration automation

Written by Michael Fatica
Updated today

Introduction to the MetaLocator REST API

The MetaLocator REST API provides developers with a flexible and secure way to interact programmatically with their MetaLocator account data and features. It is designed to power integrations, automate workflows, and extend MetaLocator’s functionality beyond the standard web interface.

Whether you’re building a custom search interface, synchronizing data from another system, or embedding MetaLocator features into your own platform, the REST API gives you direct access to key data and operations.

What You Can Do with the REST API

The MetaLocator REST API supports a wide range of use cases, including but not limited to:

  • Synchronizing Locations and Data: Automatically push or pull location, category, or lead data between MetaLocator and external databases or CRMs.

  • Building Custom Locator Interfaces: Search locations, categories and custom fields to display results within your own applications.

  • Automating Tasks: Create, read, update, and delete records programmatically instead of using the web interface.

  • Integration with Third-Party Systems: Connect MetaLocator to systems such as marketing automation platforms, ERP tools, or mobile apps.

All API endpoints return data in JSON format, making it easy to integrate with virtually any modern programming environment.

Authentication Model

MetaLocator uses a key-based authentication model designed to balance convenience and security. Every API request must include a valid API key as part of the request headers. MetaLocator supports two types of API keys: public and private.

Public API Keys

Public API keys are intended for client-side integrations, such as embedding data into a website or JavaScript application. They are limited in scope and can only perform public-facing actions, such as retrieving locations, categories, or search results. Public keys can only access published data, and access the same "public" functions already exposed via MetaLocator Interfaces, such as creating a new lead or leaving a review.

Public keys are ideal for:

  • Embedding MetaLocator search results in your own app.

  • Fetching location data for display.

  • Reproducing functionality available in public Interfaces, such as creating new Leads, leaving a review.

  • Client-side integrations where sensitive operations are not required.

Public API Endpoint

API calls for the Public API should be directed at https://api.metalocator.com/api/v1

Private API Keys

Private API keys are designed for server-to-server communication or secure backend integrations. They allow full read/write access to your account, including the ability to create, update, or delete data.

Private API keys should never be exposed in client-side code or shared publicly.


They are ideal for:

  • Automated data synchronization tasks.

  • Secure integrations with CRMs or external databases.

  • Managing leads, categories, and records programmatically.

Private API Endpoint

API calls for the Private API should be directed at https://admin-api.metalocator.com/api/v1

Making Requests

The API follows standard REST conventions. Each endpoint corresponds to a specific resource (e.g., /data, /categories, /leads) and supports common HTTP verbs:

HTTP Method

Action

Example

GET

Retrieve data

GET /data

POST

Create a new record

POST /data

PUT

Update an existing record

PUT /data/{id}

DELETE

Remove a record

DELETE /data/{id}

All endpoints return standard REST HTTP response codes to indicate success or failure.

Security Best Practices

  • Always store private keys securely on the server.

  • Never disclose private keys in client-side code

  • Use HTTPS for all API requests to protect your credentials.

  • Rotate keys periodically or when team members change.

  • Restrict key access based on role or environment when possible (e.g., separate staging and production keys).

  • Restrict public keys to specific domains by providing allowed origins.

Rate Limiting

API methods employ rate limiting measures to protect our infrastructure and enforce quota limits. The API will return a 429 HTTP response code when rate limits are exceeded.

Rate limits vary based on subscription plan, API endpoint and method. Be sure to author your integration in a manner that expects and supports rate limiting.

Getting Started

  1. Log in to your MetaLocator account.

  2. Navigate to My User Profile → API Keys.

  3. Generate a Public and/or Private API key as needed.

  4. Review the API Reference Guide for endpoint details and request examples.

  5. Leverage the Sample Applications for complete examples

Frequently Asked Questions

  • I have a correct API key, but I'm receiving an "Invalid credentials" response. Keys marked as public cannot be used to call private API endpoints.

  • I see a network error when testing the API in Swaggerhub.
    Private methods do not have CORS support and cannot be invoked from a Web page.

  • I lost my API key, can you retrieve it? No, API keys are displayed once and then stored internally as an encrypted hash.

Next Steps

Related Articles
Importing Location Data from Yext
MetaLocator Teams Guide
Using Google Maps with MetaLocator
Webhook Security
Agency Sandbox Accounts
Did this answer your question?