#community-help

Protecting Typesense Key in Javascript Project

TLDR Stefanie expressed concern over potential misuse of their typesense project key. Kishore Nallan proposed using a scoped API key with limitations for protection.

10mo

Join the chat

Feb 01, 2023 (10 months ago)

Photo of md5-00f91c63576fa0220bc89f6c359f956f

Stefanie

09:30 AM

Morning guys and girls 👋 , we’re using typesense for our projects on a javascript client. we use the api inside of the builded javascript, which is the search only api with keys. we’re wondering if someone got ahold of our key, what damage could they really do? are there any restrictions build in to prevent xx calls over a certain amount of time to prevent the quote from being ski high?

Photo of md5-4e872368b2b2668460205b409e95c2ea

Kishore Nallan

10:09 AM

If you are worried about search only key being too permissive, you can use a scoped API key and bake in some limitations like limit_hits inside it. See: https://typesense.org/docs/guide/data-access-control.html#scraping-protection

Stefanie

11:50 AM

thank you Kishore Nallan

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 3005 threads (79% resolved)

Join Our Community

Similar Threads

Using Typesense Frontend and Protecting API Key

KARTHICK asked about using Typesense from frontend, Jason suggested both frontend and backend are possible but encourages frontend for performance. Marcos mentioned key exposure concerns, Kishore Nallan explained scoped API keys can provide protection.

8mo

Securing Typesense Search API Key

sonu was concerned about securing typesense API key while all data are searchable. Jason suggested using the 'limit_hits' parameter to secure the data.

31mo

Issues with Generating Scope API Keys in Python

Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.

19mo