Metabase API
Metabase is an open-source business intelligence platform with a REST API that allows agents to programmatically manage databases, execute queries, create and retrieve dashboards and cards, and administer users and permissions.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
API keys introduced in v47 improve agent security posture by avoiding credential-based session auth. Self-hosted deployments must configure TLS independently — no enforcement out of box. Permission model is collection/group-based rather than fine-grained endpoint scopes. Session token leakage provides full account access.
⚡ Reliability
Best When
An agent needs to retrieve or create BI content (charts, dashboards, query results) from an existing Metabase deployment, or automate reporting workflows against connected databases.
Avoid When
You need a semantic metrics layer with governed definitions, real-time data, or need to write data back to databases.
Use Cases
- • Executing saved questions or ad-hoc queries against connected databases and retrieving results as JSON for downstream processing
- • Programmatically creating new dashboards and cards (charts/tables) to automate report generation workflows
- • Fetching dashboard and card metadata to build agent tools that summarize or explain existing BI content
- • Managing database connections and syncing database schema metadata to keep Metabase aware of new tables
- • Administering users, groups, and permissions programmatically in multi-tenant Metabase deployments
Not For
- • Real-time streaming data — Metabase queries run on-demand against connected databases; it has no streaming query capability
- • Write operations on underlying data — Metabase is read-only analytics; it does not write back to the connected database
- • Teams needing a governed semantic/metrics layer — Metabase executes raw or saved SQL, it does not enforce a centralized metrics definition layer
Interface
Authentication
Authentication uses a session token obtained via POST /api/session with username/password credentials. Metabase also supports API key authentication (x-api-key header) introduced in newer versions for programmatic access. Session tokens expire and must be refreshed. For agent use, API keys are strongly preferred over session tokens to avoid credential management complexity.
Pricing
Most agent integrations use self-hosted Metabase (free). Cloud paid tiers add managed hosting, support, and enterprise features. Self-hosted Pro license unlocks SSO and advanced embedding without full Cloud subscription.
Agent Metadata
Known Gotchas
- ⚠ The Metabase API is considered internal/unofficial — Metabase has historically changed endpoints between versions without deprecation warnings, so agents must pin to a specific Metabase version or monitor for breaking changes.
- ⚠ Session tokens expire (default 14 days) and must be refreshed via re-authentication; agents using session tokens need token refresh logic, whereas API keys (available in v47+) do not expire.
- ⚠ Query execution via POST /api/dataset is synchronous and blocks until results return — very long queries can time out with no intermediate progress; there is no async job pattern for ad-hoc queries.
- ⚠ The database_id required for query execution must be discovered first via GET /api/database — agents cannot assume database IDs are stable across Metabase instances or upgrades.
- ⚠ Permissions are enforced at the collection and table level — an API key or session tied to a user with restricted permissions will silently return empty result sets rather than a clear permission error for some query types.
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Metabase API.
Scores are editorial opinions as of 2026-03-06.