Scoped API Keys with Collection Alias Names

TLDR Daniel asked if they could use an alias name for collection in scoped API keys. Kishore Nallan explained that it's not supported to avoid accidental security risks. Daniel agreed and opted for using a unique prefix with a wildcard for users' collections.

Powered by Struct AI
Join the chat
Mar 13, 2023 (7 months ago)
Photo of md5-4b2080bc5889919d06604638ee9178b7
11:54 AM
Good morning, when creating scoped API keys can the collection name in the scope definition be an alias’ name rather than a collection name?

  'description': 'Search-only key',
  'actions': ['documents:search'],
  'collections': ['collection-alias-name']

Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
12:50 PM
That's an interesting question. I don't think we support this.
Kishore Nallan
12:53 PM
It's a bit dangerous to support that though because it can accidentally lead to a wrong collection getting the permissions. We would rather keep this explicit.
Photo of md5-4b2080bc5889919d06604638ee9178b7
08:33 PM
Thanks Kishore, that’s very good to know and an excellent point about the security of the linked collection belonging to an alias.
In our case the API users’ collections will be prefixed with a particular string unique to their user; we’ll make sure to limit access to this prefix followed by a wildcard.

Thanks again for your help with this.