Scoped API Keys with Collection Alias Names
TLDR Daniel asked if they could use an alias name for collection in scoped API keys. Kishore Nallan explained that it's not supported to avoid accidental security risks. Daniel agreed and opted for using a unique prefix with a wildcard for users' collections.
Mar 13, 2023 (7 months ago)
Daniel
11:54 AM{
'description': 'Search-only key',
'actions': ['documents:search'],
'collections': ['collection-alias-name']
}
Kishore Nallan
12:50 PMKishore Nallan
12:53 PMDaniel
08:33 PMIn our case the API users’ collections will be prefixed with a particular string unique to their user; we’ll make sure to limit access to this prefix followed by a wildcard.
Thanks again for your help with this.
Typesense
Indexed 2779 threads (79% resolved)
Similar Threads
Understanding Alias Usage in API Collections and Environment Security
gab sought clarity on when collection aliases would be used, if they are public and how they handle different environments. Kishore Nallan explained their purpose and suggested using distinct API keys for each environment for privacy and customization. They also directed gab on how to generate these keys per collection.
On Aliasing Collections with Same Names
Aljosa suggested allowing an alias to have the same name as a collection. Jason explained the technical limitations for such a feature and future plans on alias functionality.
Comparing Performance and Security of Different Data Collection Methods
bnfd asked about differences in performance and memory usage between a single, large data collection and multiple smaller collections. Kishore Nallan explained that the latter is faster, suggested 100 collections sharded by user_id, and informed about the use and security of scoped API keys.