#community-help

Typesense API Key Expiry and Management

TLDR Pradyuman inquired about garbage collection for expired Typesense API keys. Kishore Nallan stated that no garbage collection takes place but advised running a cron job to delete expired keys and recommended using short-lived scoped API keys.

Powered by Struct AI
10
22mo
Solved
Join the chat
Nov 27, 2021 (22 months ago)
Pradyuman
Photo of md5-d7f4aa44e3d4866e8b7a38eceb9af762
Pradyuman
04:18 AM
Hi! Does Typesense perform any garbage collection of expired API Keys? For security reasons, we'd like to create short lived API Keys on demand, but aren't sure if there will be issues at a later time if there are millions of expired API keys on our instance.
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
05:03 AM
👋 Pradyuman We don't garbage collection of expired keys but the keys stop working once they expire. You can run a cron job to delete expired keys periodically.
Pradyuman
Photo of md5-d7f4aa44e3d4866e8b7a38eceb9af762
Pradyuman
05:11 AM
Is there an easy way to query for all expired keys? We aren't keeping track of key ids currently.
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
05:12 AM
There are no filtering options available on the /keys end-point. You have to list and loop through.
Pradyuman
Photo of md5-d7f4aa44e3d4866e8b7a38eceb9af762
Pradyuman
05:14 AM
Ok, thanks! I assume that scoped search keys aren't stored in the database right? So it would make sense for us to push as much of this as possible into scoped api keys that have their own expiry.
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
05:14 AM
Yup, scoped keys are entirely client side generated.
05:15
Kishore Nallan
05:15 AM
The expiry will be linked to the parent key from which they are generated from.
05:16
Kishore Nallan
05:16 AM
Meaning, the scoped key can have lower expiry than parent but parent's expiry is supreme. If parent key's expiry timestamp is smaller, it takes precedence.
Pradyuman
Photo of md5-d7f4aa44e3d4866e8b7a38eceb9af762
Pradyuman
05:18 AM
Makes sense. I'm thinking that we'll have a single parent key per collection that is rotated periodically and then create short lived scoped API keys that have really tight expiries.
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
05:20 AM
Yup that will work.