#community-help

Issues with Generating Scope API Keys in Python

TLDR Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.

17mo

Join the chat

Jun 09, 2022 (17 months ago)

Photo of md5-7cbfa86cff2f773b5dcbeba890c1227a

Danny

04:27 PM

hello can you help me, I am generating scope api keys with excluded fields, this process I do it in a graphql server in python that sends it to a frontend to be used in the client with instant-search, but the api key that generates me is not valid and has this format
b'YVZidxxxxxxxx4MDk4fQ=='"
try deleting the weird fields like the b, the single quotes and the equals signs, but it still gives me an error.
I was guided by this documentation
https://typesense.org/docs/0.23.0/api/api-keys.html#generate-scoped-search-key

Photo of md5-8813087cccc512313602b6d9f9ece19f

Jason

04:33 PM

That sounds strange. Could you post a post a code snippet that replicates the issue?

Danny

04:37 PM

of cuourse this is the code

class TypesenseService(TypeSenseBase):

    def __init__(self):
        super().__init__()
        self.__search_api_key = TYPESENSE_ADMIN_API_KEY

    def get_api_key_limited_by_configuration(self, configuration):
        result = self.typesense_client.keys.generate_scoped_search_key(self.__search_api_key, configuration)
        return result

04:38

Danny

04:38 PM

i use this configuration

{
    "exclude_fields": "person",
    "expires_at": expiration_date
}

04:45

Danny

04:45 PM

and this is my configuration of typesense client

class TypeSenseBase(object):
    typesense_client = None

    def __init__(self):
        self.typesense_client = typesense.Client({
            'nodes': [{
                'host': TYPESENSE_HOST,
                'port': TYPESENSE_PORT,
                'protocol': 'http'
            }],
            'api_key': TYPESENSE_ADMIN_API_KEY,
            'connection_timeout_seconds': 2
        })

Jason

04:48 PM

On a side note, you want to use a search-only api key (not the admin key) to generate the scoped search api key

04:49

Jason

04:49 PM

Could you print the value of result and see what it shows you server-side?

Danny

04:50 PM

I changed to the ADMIN-API-KEY because I didn't know if it was that but I generated the api key with the SEARCH-API-KEY and the error is the same.

04:54

Danny

04:54 PM

b'K0lNZnpzVDFnbHdFWjdBYy9LYmZVK293LzcwWlBBNklEYmU3OGcvRHlDTT1JdHB4eyJleGNsdWRlX2ZpZWxkcyI6ICJwZXJzb24iLCAiZXhwaXJlc19hdCI6IDE2NTQ4ODAwNTQuODUyNzk0fQ=='

04:55

Danny

04:55 PM

this the result value

04:56

Danny

04:56 PM

and i change generate this with the SEARCH-API-KEY

05:45

Danny

05:45 PM

the frontend send this api-key

b%27Y21rWnlsUE1tbGxMckRWV1ZmZGczeTVUNFRGcEROOFhBc05uQm5KOXFyUT1JdHB4eyJmaWx0ZXJfYnkiOiAiYWNjZXNzaWJsZVRvQ29tcGFueUlkczokMTIzMzMiLCAiZXhwaXJlc19hdCI6IDE2NTQ4ODI5MTMuMTQyMzE4fQ%3D%3D%27

and use this name x-typesense-api-key

Jason

05:56 PM

Hmm, I'm not too familiar with Python, but I suspect there's some string encoding issue going on. Kishore Nallan any thoughts on this ^

06:05

Jason

06:05 PM

May be this helps: https://stackoverflow.com/a/64888651/123545

Danny

06:13 PM

aaaa ok this service return bytes ???

Jason

06:15 PM

Looks like it... Let me know if the StackOverflow answer works, may be we should update the library to return a string, it could have also been a recent change that broke the return type.

Danny

06:17 PM

now return without b' but the ==sign still continue and the frontend still showing this error message
message: "Forbidden - a valid x-typesense-api-key header must be sent."

06:18

Danny

06:18 PM

i will try to do this with typescript maybe it can be the python library

06:20

Danny

06:20 PM

I have this result with python library and making decode in the string

c1JGZGRVdmJMeDFSVzNKSytYUlZ4YU1SbnRMNXhMQzVSRlZQajBzaVViOD1JdHB4eyJleGNsdWRlX2ZpZWxkcyI6ICJwZXJzb24iLCAiZXhwaXJlc19hdCI6IDE2NTQ4ODQ4MTEuNzgxMjMxfQ==

Jason

06:24 PM

Could you try result.decode('utf-8')?

06:24

Jason

06:24 PM

(Btw, the = sign at the end is ok)

Danny

06:35 PM

no I keep getting the same error

06:36

Danny

06:36 PM

the length of the api key thats correct ???

Jason

06:48 PM

The scoped API key length will vary based on the embedded params, so there's no fixed length

Danny

06:51 PM

i should set something configuration in typesense cloud ???

06:52

Danny

06:52 PM

beacuse i generate a new key with the typescritp client and get this api key

a09YSmRHZHcrVWl2eXA3clVCTWtLbVZvdnpCTEJUcHFSWXdhWTRMMFkwcz1JdHB4eyJleGNsdWRlX2ZpZWxkcyI6InBlcnNvbiIsImV4cGlyZXNfYXQiOjE2NTQ4ODU1NDJ9

but I still have the same error

Jason

06:54 PM

Are you on Typesense Cloud or are you self-hosting Typesense?

06:55

Jason

06:55 PM

The Typesense logs should have more information. If you're on Typesense Cloud, if you can DM me your cluster ID, I can check for you

Danny

06:56 PM

I use Typesense Cloud

Jason

07:00 PM

Found the issue in the logs:

Parent key does not allow queries against queried collection. Key prefix: Itpx

07:01

Jason

07:01 PM

I also see this:

Scoped API keys can only be used for searches.

Danny

07:06 PM

i can show the logs in typesense cloud ???

Jason

07:09 PM

No... Usually logs are mainly useful for managing Typesense infrastructure, so we don't expose it and the API response shows all the errors. In this case, we don't show specific auth errors in the API response for security reasons.

Danny

07:14 PM

ok i understand perfectly, well i will check the documentation and my code maybe i am doing something wrong. thank you very much for everything.

Jason

07:17 PM

You want to make sure the parent search API key you're using has permissions to search through this particular collection

Danny

07:22 PM

i use the search only api key generated by typesense cloud

Jason

07:22 PM

Hmmm, that has permissions to search through all collections

Danny

07:22 PM

and this api key can acces to this collections [ "*" ]

07:23

Danny

07:23 PM

yes, that's why I don't know what's wrong

Jason

07:27 PM

Could you DM me the exact JS code snippet you used to generate the scoped API key (along with the API Keys) and the code snippet you used to generate the search request? I can then run it locally to see what's going on.

You can rotate the API Keys you share with me once we finish debugging.

Danny

07:27 PM

Jason

07:59 PM

Summary: this worked with the JS library, but not the Python library for some reason.

CC: Kishore Nallan

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 2776 threads (79% resolved)

Join Our Community Manage subscription

Similar Threads

Resolving Issues with Scoped API Keys in Typesense with Golang

Suvarna had problems with generating and using scoped API keys in Typesense with Golang. Several bugs misleading the user were found and fixed by Kishore Nallan.

158

26mo

Correct API Key Generation and Usage on Cloud

Tom faced 401 errors while creating keys via the Cloud API. Kishore Nallan clarified the correct syntax and mechanics, and identified a header mislabeling on Tom's part that caused the issue. They also discussed using scoped API keys.

12mo

Trouble with Scoped Search API Keys in Flutter App

Shane struggled with scoped search API keys in Typesense library for a Flutter app, which returned a 401 error. Jason identified that the error may be a result of an invalid filter within the key, and instructed to create separate keys for different permissions. On implementation, the error was resolved.

3mo

Issue with API Key Expiry and Generation in Node.js

Sai is having trouble with API keys expiring and triggering a forbidden key error in Node.js. Despite trying to generate a new key after expiry, Sai gets the same error. Jason explains that the problem may be due to the expiration of parent API keys.

Resolving Typesense Server Connection with Correct API Keys and Paths

Rubai had trouble creating a working API key for Typesense and understanding number_hits versus num_documents. Jason provided clarification and correct code for generating a search-only API Key and using correct server configurations.

2mo