Typesense API Key and JWT Token Usage
TLDR Chetan asked about using the Typesense API key and JWT tokens. Jason clarified that search-only keys are exposed to the client side and shared data access control options.
1
1
Feb 26, 2023 (10 months ago)
Chetan
02:55 PM• is this correct?
• is there a way i can use auth tokens / jwt tokens instead?
• if not, I may just have the client call my backend and my backend call typesense once it verifies authentication. is this the recommended path or is there another way I should do this?
Jason
09:10 PMWhile we don’t specifically support JWT, you can control access to particular collections, documents or even fields: https://typesense.org/docs/guide/data-access-control.html
1
Jason
09:10 PMChetan
09:34 PM1
Typesense
Indexed 3015 threads (79% resolved)
Similar Threads
Using Typesense Frontend and Protecting API Key
KARTHICK asked about using Typesense from frontend, Jason suggested both frontend and backend are possible but encourages frontend for performance. Marcos mentioned key exposure concerns, Kishore Nallan explained scoped API keys can provide protection.
Issues with Generating Scope API Keys in Python
Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.
Protecting Typesense Key in Javascript Project
Stefanie expressed concern over potential misuse of their typesense project key. Kishore Nallan proposed using a scoped API key with limitations for protection.