Skip to main content

Documentation Index

Fetch the complete documentation index at: https://metrion.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Provider API key storage

When you save a provider API key through Metrion, it is encrypted at rest using AEAD encryption (AES). The encryption key is stored separately from the database, so your key material is never accessible in plain text — even at the storage layer. Your keys are never written to logs at any point.

Proxy modes

Metrion’s proxy supports two modes, and both can be used simultaneously: Stored mode — You save your provider API key once through the Integrate page. Metrion stores it encrypted and retrieves it automatically on each request. In your SDK, you use your Metrion Key (sk-metrion-xxx) as the API key: 
Authorization: Bearer sk-metrion-xxx
Pass-through mode — You pass your provider key directly in the request. Metrion forwards it to the provider without storing it. The key is never written to your account or to any log. Metrion detects which mode to use automatically based on whether the key starts with sk-metrion-.

Data isolation

Your data is isolated by design. Row-level security ensures you only ever see your own requests, usage records, and logs — no other user’s data is accessible to you, and vice versa.

Metrion Key

Your Metrion Key has the format sk-metrion- followed by 32 random hexadecimal characters. Treat it like a password.
Never commit your sk-metrion-xxx token to version control. Use environment variables to inject it into your application at runtime.
If you suspect your token is compromised, go to Settings → Metrion Key in your dashboard and regenerate it immediately. The old token becomes invalid as soon as you regenerate.

Rate limiting and timeouts

To prevent abuse, Metrion enforces a limit of 100 requests per minute per Metrion token. Requests that exceed this limit receive a 429 Too Many Requests response. Each proxied request has a 30-second timeout. If the upstream provider does not respond within that window, the proxy returns an error.

CORS

Metrion enforces a strict CORS allowlist on its proxy endpoints. Only origins explicitly authorized for your deployment can make cross-origin requests to the proxy.

EU data hosting

Metrion’s database is hosted in Ireland (EU West). All request logs, usage records, and account data are stored within the European Union, supporting GDPR compliance.

GDPR

Export your data — You can download a full JSON export of your account data (usage records, request logs, alert rules, and account settings) at any time. Go to Settings and click the download link in the account section. Delete your account — You can permanently delete your account from your Profile page. Deletion requires OTP confirmation sent to your email. Once confirmed, all your data — including logs, usage records, provider keys, and billing information — is purged and your Stripe subscription (if any) is cancelled.

Data retention

PlanLog retention
Free7 days
Pro90 days
Logs older than your plan’s retention window are not accessible through the dashboard or API.