#community-help

Discussion on the Security Risks of Exposed Search API Key

TLDR Sachyya inquired about potential security risks of an exposed search API key. Kishore Nallan clarified that there was no risk as the search key is meant to be exposed.

11mo

Join the chat

Oct 20, 2022 (11 months ago)

Photo of md5-3b78e17280dd19e5eca44e22ee940b76

Sachyya

10:57 AM

Is there any security risk if the search api key is exposed?

Photo of md5-4e872368b2b2668460205b409e95c2ea

Kishore Nallan

11:03 AM

No, since the search key is scoped to only the search end-point, it's meant to be exposed so that the search requests can be made directly from the browser.

Sachyya

11:14 AM

Okay.
Thank you for the info.

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 2764 threads (79% resolved)

Join Our Community Manage subscription

Similar Threads

Securing Typesense Search API Key

sonu was concerned about securing typesense API key while all data are searchable. Jason suggested using the 'limit_hits' parameter to secure the data.

26mo

Generate Multiple Scoped Search Keys with Typesense

Kian inquired if many `scoped search keys` could be generated for each user and prevent access to indexes unrelated to each user. Kishore Nallan confirmed this and explained filtering by 'user_id' in the API key would restrict record access.

11mo

Using Typesense Frontend and Protecting API Key

KARTHICK asked about using Typesense from frontend, Jason suggested both frontend and backend are possible but encourages frontend for performance. Marcos mentioned key exposure concerns, Kishore Nallan explained scoped API keys can provide protection.

6mo