Discussion on the Security Risks of Exposed Search API Key
TLDR Sachyya inquired about potential security risks of an exposed search API key. Kishore Nallan clarified that there was no risk as the search key is meant to be exposed.


Oct 20, 2022 (11 months ago)
Sachyya
10:57 AMKishore Nallan
11:03 AM

Sachyya
11:14 AMThank you for the info.
Typesense
Indexed 2764 threads (79% resolved)
Similar Threads
Securing Typesense Search API Key
sonu was concerned about securing typesense API key while all data are searchable. Jason suggested using the 'limit_hits' parameter to secure the data.
Generate Multiple Scoped Search Keys with Typesense
Kian inquired if many `scoped search keys` could be generated for each user and prevent access to indexes unrelated to each user. Kishore Nallan confirmed this and explained filtering by 'user_id' in the API key would restrict record access.

Using Typesense Frontend and Protecting API Key
KARTHICK asked about using Typesense from frontend, Jason suggested both frontend and backend are possible but encourages frontend for performance. Marcos mentioned key exposure concerns, Kishore Nallan explained scoped API keys can provide protection.

