Hey, I think I have read this in the docs, just wanted to confirm. Is it safe to use scoped read-only API keys on the frontend? Is this the current best practise or is there more we can do please? Thank you!

Yes it's perfectly safe. The key cannot be tampered since we sign it with the filter used and verify signature in the backend.

Thanks! Are there any options on potencionaly banning specific IPs that would try to connect and DDOS the server? We are using Typesense Cloud

We recommend using Cloudflare for this. They have DDOS protection available. It's a bit of a specialised task which CF is based placed to solve.

@Kishore Nallan thank you! Can you point me to some relevant piece of documentation/GitHub issue for this? I couldn't find anything

Here's a Slack thread on this topic: https://typesense-community.slack.com/archives/C01P749MET0/p1643993514137789?thread_ts=1643992951.867889&channel=C01P749MET0&message_ts=1643993514.137789