Clarifying Key Creation Permissions in Coding
TLDR Ricardo asked if a non-bootstrap key can generate keys. Jason affirmed and clarified the role of "actions * " and "collections * ". Ricardo suggested adding this info to the documentation.
Jun 01, 2021 (30 months ago)
Ricardo
05:45 PMkey = client.keys.create({
"description": "Admin key.",
"actions": ["*"],
"collections": ["*"]
})
This can't create keys right?
is the bootstrap key the only key that can create keys?
one key to rule them all?
Jason
05:49 PMJun 02, 2021 (30 months ago)
Jason
05:14 AMRicardo
05:37 AMJason
05:45 AMRicardo
07:33 AMIs it an action or a collection? I'm guessing the action * ?
key = client.keys.create({
"description": "Almost Admin key.",
"actions": ["collections:*"],
"collections": ["*"]
})
So from my understanding this key can do every action on collections, but not create new keys?
Jason
05:52 PMThe key generated with the snippet above shouldn't allow you to create new keys...
Jun 03, 2021 (30 months ago)
Ricardo
01:55 AMJason
01:56 AMTypesense
Indexed 2776 threads (79% resolved)
Similar Threads
Resolving Issues with Scoped API Keys in Typesense with Golang
Suvarna had problems with generating and using scoped API keys in Typesense with Golang. Several bugs misleading the user were found and fixed by Kishore Nallan.
Correct API Key Generation and Usage on Cloud
Tom faced 401 errors while creating keys via the Cloud API. Kishore Nallan clarified the correct syntax and mechanics, and identified a header mislabeling on Tom's part that caused the issue. They also discussed using scoped API keys.
API Key Permissions for Typesense Docsearch Scraper
JP asked about configuring API key actions for reindexing a site using Typesense. Kishore Nallan clarified the required permission. Then, JP and Jason discussed specific permission configurations, and JP made a documentation update to illustrate their findings.
Assigning an API Key for Backend Indexing Operations
Ross inquired about assigning an API key for backend service. After some confusion, Jason clarified that the `documents:upsert`, `documents:update`, `documents:create`, and `documents:delete` actions were necessary for document-only operations.
Issue with API Key Expiry and Generation in Node.js
Sai is having trouble with API keys expiring and triggering a forbidden key error in Node.js. Despite trying to generate a new key after expiry, Sai gets the same error. Jason explains that the problem may be due to the expiration of parent API keys.