Generating Scoped API Keys Through Web Portal
TLDR Shaun inquired about generating scoped API keys via web portal. Kishore Nallan and Jason clarified that it's currently not possible, but recommended generating them server-side in a trusted environment.


Mar 13, 2023 (6 months ago)
Shaun
10:31 AM
Kishore Nallan
10:40 AMBut I think it will be useful to have a UI for it as well.

Kishore Nallan
10:40 AMShaun
12:00 PMShaun
12:01 PMKishore Nallan
12:15 PMJason
07:07 PMThat’s correct. You want to use the parent search api key and generate a scoped API key on the server-side, send that scoped API key to the client-side and then have the client-side make calls to Typesense directly

Jason
07:07 PMShaun
10:11 PMShaun
10:12 PMShaun
10:12 PM
Typesense
Indexed 2764 threads (79% resolved)
Similar Threads
Correct API Key Generation and Usage on Cloud
Tom faced 401 errors while creating keys via the Cloud API. Kishore Nallan clarified the correct syntax and mechanics, and identified a header mislabeling on Tom's part that caused the issue. They also discussed using scoped API keys.


Issues with Generating Scope API Keys in Python
Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.
Resolving Issues with Scoped API Keys in Typesense with Golang
Suvarna had problems with generating and using scoped API keys in Typesense with Golang. Several bugs misleading the user were found and fixed by Kishore Nallan.



Trouble with Scoped Search API Keys in Flutter App
Shane struggled with scoped search API keys in Typesense library for a Flutter app, which returned a 401 error. Jason identified that the error may be a result of an invalid filter within the key, and instructed to create separate keys for different permissions. On implementation, the error was resolved.

Generate Multiple Scoped Search Keys with Typesense
Kian inquired if many `scoped search keys` could be generated for each user and prevent access to indexes unrelated to each user. Kishore Nallan confirmed this and explained filtering by 'user_id' in the API key would restrict record access.
