#community-help

Protecting Typesense Key in Javascript Project

TLDR Stefanie expressed concern over potential misuse of their typesense project key. Kishore Nallan proposed using a scoped API key with limitations for protection.

Powered by Struct AI

1

3
10mo
Solved
Join the chat
Feb 01, 2023 (10 months ago)
Stefanie
Photo of md5-00f91c63576fa0220bc89f6c359f956f
Stefanie
09:30 AM
Morning guys and girls 👋 , we’re using typesense for our projects on a javascript client. we use the api inside of the builded javascript, which is the search only api with keys. we’re wondering if someone got ahold of our key, what damage could they really do? are there any restrictions build in to prevent xx calls over a certain amount of time to prevent the quote from being ski high?
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
10:09 AM
If you are worried about search only key being too permissive, you can use a scoped API key and bake in some limitations like limit_hits inside it. See: https://typesense.org/docs/guide/data-access-control.html#scraping-protection
Stefanie
Photo of md5-00f91c63576fa0220bc89f6c359f956f
Stefanie
11:50 AM
thank you Kishore Nallan

1