#community-help

Monthly Cloud Product Billing and Usage Concerns

TLDR gab asked about monthly billing, usage restrictions, and potential security for the Typesense Cloud product. Kishore Nallan and Jason addressed these concerns, detailing how to control usage limits, avoid potential overcharges and suggested using Cloudflare DNS CNAMEs for DDOS protection. Bruno advised to use paging.

30mo

Join the chat

Aug 03, 2021 (30 months ago)

Photo of md5-8be2a24edf7a95c9c74abce4b1130c3e

gab

06:36 AM

Hi,
how can I be charged periodically monthly for the cloud product?

Photo of md5-4e872368b2b2668460205b409e95c2ea

Kishore Nallan

06:45 AM

Jason Can help in moving to a monthly billing later today.

Photo of md5-8813087cccc512313602b6d9f9ece19f

Jason

06:57 AM

gab Could you email [email protected] from the email address on file?

gab

06:58 AM

Ok I will send an email thanks

07:07

gab

07:07 AM

Another question, is there a way so I can set a maximum chargeable amount per month? Moreover, can we have a kind of charging folloup in the billing period like: 50% budget used, 100%, 150%?
I would like to avoid any undesirable usage.

Kishore Nallan

07:10 AM

Typesense does not have any usage based charges except for bandwidth which is unlikely to cause any dent. The cluster size has a fixed charge per month.

gab

07:32 AM

Ok i see, I will try to focus on undesirable bandwidth usage.
I'm not sure we can restrict api keys to some dedicated referers, isn't it ?
I'm currently attacking directly my Typesense api from the front application. It seems now a must to proxy those call from my server if I need to apply some basics restrictions like ensuring requests comes from my application.
It seems also I have to work on maxQuery by api keys or something like that.
Even if it highly depends on the Typesense integration and use cases it seems like basic security aspects concerning the api usage. Not sure how other are handling it.
Would you have any suggestions about those concerns?
Thanks

Kishore Nallan

08:51 AM

There's a parameter called "limit_hits" using which you can prevent more than X number of results from being returned. If you embed this parameter as part of a scoped API key, you can ensure that the limits are limited and cannot be scraped easily by fetching many results at one go.

That said, one easy way to get DDOS protection currently is to setup Cloudflare DNS CNAMEs for each of the Typesense Cloud hostnames and proxy your requests via Cloudflare.

Photo of md5-0ca37054c6c9042aa04fcfb92cc7d99c

Bruno

03:39 PM

Throwing in the suggestion to implement paging by default with as low a limit as practical

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 3015 threads (79% resolved)

Join Our Community

Similar Threads

Protecting Typesense Queries from DOS Attacks

Juri sought advice on securing typesense queries. Jason suggested use of Cloudflare for DOS attack protection and explained how to create user-specific API keys for data authorization. Ricardo endorsed Cloudflare for protection.

33mo

DDoS Protection for Typesense Cloud using Cloudflare

Nikhil requested a feature to restrict Typesense Cloud hostname/IP access, with only Cloudflare access allowed. Jason acknowledged and stated that IP-based restriction is planned.

4mo

Validating Client Side Search Adapter Effectiveness and Tips

Keith asked Jason about enumeration attacks and IP blocking. Jason suggested using Cloudflare for IP-blocking, using limited API keys, and shared a method to proxy through Cloudflare to Typesense. Keith also shared a resource about Cloudflare workers.

23mo

Discussing Typesense Cloud's SSDs, NVMe, and Resources Needed

A asked about Typesense's storage type and configuration possibilities. Jason shared that they use SSDs and suggested NVMe SSDs for high-availability instances. They discussed server resources needed for specific user cases and briefly touched on DDoS protection via Cloudflare.

31mo

Legalities of Data Transfer for Typesense Cloud in EU

Viktor had concerns about data transfers outside of the EU when using Typesense Cloud. Jason explained that the Standard Contractual Clauses cover this use-case under GDPR or suggested purchasing an enterprise support plan or self-hosting Typesense.

9mo