TLDR Chetan asked about using the Typesense API key and JWT tokens. Jason clarified that search-only keys are exposed to the client side and shared data access control options.
from the documentation, it seems like i should just have the client hard code the typesense api key and call the backend. A few questions here:
• is this correct?
• is there a way i can use auth tokens / jwt tokens instead?
• if not, I may just have the client call my backend and my backend call typesense once it verifies authentication. is this the recommended path or is there another way I should do this?
The Search-only API keys are indeed designed to be exposed to the client side.
While we don’t specifically support JWT, you can control access to particular collections, documents or even fields:
That article above talks about all the available options ^
awesome - thank you!
Indexed 3051 threads
Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI