#community-help

Protecting Typesense Key in Javascript Project

TLDR Stefanie expressed concern over potential misuse of their typesense project key. Kishore Nallan proposed using a scoped API key with limitations for protection.

Powered by Struct AI

1

3
10mo
Solved
Join the chat
Feb 01, 2023 (10 months ago)
Stefanie
Photo of md5-00f91c63576fa0220bc89f6c359f956f
Stefanie
09:30 AM
Morning guys and girls ๐Ÿ‘‹ , weโ€™re using typesense for our projects on a javascript client. we use the api inside of the builded javascript, which is the search only api with keys. weโ€™re wondering if someone got ahold of our key, what damage could they really do? are there any restrictions build in to prevent xx calls over a certain amount of time to prevent the quote from being ski high?
Kishore Nallan
Photo of md5-4e872368b2b2668460205b409e95c2ea
Kishore Nallan
10:09 AM
If you are worried about search only key being too permissive, you can use a scoped API key and bake in some limitations like limit_hits inside it. See: https://typesense.org/docs/guide/data-access-control.html#scraping-protection
Stefanie
Photo of md5-00f91c63576fa0220bc89f6c359f956f
Stefanie
11:50 AM
thank you Kishore Nallan

1