Limiting API Key Access by Domain
TLDR Loic wanted to limit API key access to a specific domain. Jason clarified this limitation, discussing how Google achieves it via their VPN-like service.
Jan 28, 2023 (10 months ago)
It would be nice to be able to limit the API key from a specific web domain only
Indexed 3011 threads (79% resolved)
Validating Client Side Search Adapter Effectiveness and Tips
Keith asked Jason about enumeration attacks and IP blocking. Jason suggested using Cloudflare for IP-blocking, using limited API keys, and shared a method to proxy through Cloudflare to Typesense. Keith also shared a resource about Cloudflare workers.
Protecting Typesense Queries from DOS Attacks
Juri sought advice on securing typesense queries. Jason suggested use of Cloudflare for DOS attack protection and explained how to create user-specific API keys for data authorization. Ricardo endorsed Cloudflare for protection.
Querying Limit to API Keys in a Cluster
Iulian asked about the limit of API keys in a cluster. Kishore Nallan clarified there is no limit but the key listing end point lacks pagination for easy browsing.