Correct API Key Generation and Usage on Cloud
TLDR Tom faced 401 errors while creating keys via the Cloud API. Kishore Nallan clarified the correct syntax and mechanics, and identified a header mislabeling on Tom's part that caused the issue. They also discussed using scoped API keys.
2
1
Oct 12, 2022 (12 months ago)
Tom
12:22 PM"keys:create"
the correct API Key permission?Kishore Nallan
12:23 PMkey:create
permission but it does not work?Tom
12:24 PMkeys:create
) and I'm trying to make user scoped keys.Tom
12:24 PMkey
or keys
?Kishore Nallan
12:25 PMkeys
Kishore Nallan
12:26 PMTom
12:26 PM{
"description": "API key",
"actions": [
"documents:import",
"keys:create"
],
"collections": [
"*"
]
}
And I'd like to use CURL to make more keys like this for each user to use during their session:
{
"description": "Search key per user",
"actions": [ "documents:search" ],
"collections": [
// Some collections here
]
}
Tom
12:27 PMKishore Nallan
12:35 PMTom
12:35 PMKishore Nallan
12:36 PM1
Oct 13, 2022 (12 months ago)
Tom
12:17 PMKishore Nallan
12:58 PM% curl '' \
-X POST \
-H "X-TYPESENSE-API-KEY: abcd" \
-H 'Content-Type: application/json' \
-d '{"description": "", "value": "foobar","actions": ["keys:create"], "collections": ["*"]}'
{"actions":["keys:create"],"collections":["*"],"description":"","expires_at":64723363199,"id":0,"value":"foobar"}%
% curl '' \
-X POST \
-H "X-TYPESENSE-API-KEY: foobar" \
-H 'Content-Type: application/json' \
-d '{"description": "", "value": "amazing","actions": ["documents:search"], "collections": ["*"]}'
{"actions":["documents:search"],"collections":["*"],"description":"","expires_at":64723363199,"id":1,"value":"amazing"}%
Tom
01:00 PMKishore Nallan
01:00 PMfoobar
in the X-TYPESENSE-API-KEY
headerTom
01:01 PM"value": "foobar"
mean the API key generated will be foobar
rather than auto generated?Kishore Nallan
01:03 PMKishore Nallan
01:03 PM1
Tom
01:17 PMI've got a key like this:
{
"description": "Admin key",
"actions": [ "documents:import", "keys:create" ]
"collections": [
"*"
]
}
That I created via UI. I then took that API and tried to create more like this using HTTP. Heres the body:
{
"description":"Search key for user ykDG6Un4oNUs1UBxKqS5ae9HC9D3",
"actions":[
"documents:search"
],
"collections":[
"exercises",
"programs",
"programs"
]
}
But I get a 401 response.
401 Unauthorized from POST https://xxxxxxx.a1.typesense.net/keys
Kishore Nallan
01:20 PMcurl
?Tom
01:21 PM()
.uri("https://xxxxxxx.a1.typesense.net/keys")
.header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
.header("TYPESENSE-API-KEY", "xxxxxx")
.body(BodyInserters.fromValue(new TypeSenseGenerateKeyRequest(
"Search key for user %s".formatted(userId),
Collections.singletonList("documents:search"),
List.of(EXERCISES_COLLECTION_NAME,
PROGRAMS_COLLECTION_NAME,
HISTORY_COLLECTION_NAME))))
.retrieve()
.bodyToMono(TypeSenseGenerateKeyResponse.class)
.block()
Tom
01:21 PM{
"description": "Admin key",
"actions": [
"*"
],
"collections": [
"*"
]
}
Kishore Nallan
01:22 PMcurl
example I have above to see if it makes a difference? That will tell us where the issue is.Kishore Nallan
01:23 PM> .header("TYPESENSE-API-KEY", "xxxxxx")
Should be
X-TYPESENSE-API-KEY
Tom
01:24 PMTom
01:24 PM1
Tom
01:26 PMKishore Nallan
01:27 PMTom
01:27 PMKishore Nallan
01:29 PMTom
01:30 PMRight now I can create keys for our users, but they are not scoped.
Typesense
Indexed 2786 threads (79% resolved)
Similar Threads
Resolving Issues with Scoped API Keys in Typesense with Golang
Suvarna had problems with generating and using scoped API keys in Typesense with Golang. Several bugs misleading the user were found and fixed by Kishore Nallan.
Issues with Generating Scope API Keys in Python
Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.
API Key Permissions for Typesense Docsearch Scraper
JP asked about configuring API key actions for reindexing a site using Typesense. Kishore Nallan clarified the required permission. Then, JP and Jason discussed specific permission configurations, and JP made a documentation update to illustrate their findings.
Scoping API Key for All Permissions & Searches
James requests help to scope an API key for all searches and permissions. Jason suggests adding aliases:get and metrics:get. This suggestion doesn't resolve the issue; the thread is marked as unresolved.
Issue with API Key Expiry and Generation in Node.js
Sai is having trouble with API keys expiring and triggering a forbidden key error in Node.js. Despite trying to generate a new key after expiry, Sai gets the same error. Jason explains that the problem may be due to the expiration of parent API keys.