Typesense API Key and JWT Token Usage

TLDR Chetan asked about using the Typesense API key and JWT tokens. Jason clarified that search-only keys are exposed to the client side and shared data access control options.

Photo of Chetan
Chetan
Sun, 26 Feb 2023 14:55:57 UTC

from the documentation, it seems like i should just have the client hard code the typesense api key and call the backend. A few questions here: • is this correct? • is there a way i can use auth tokens / jwt tokens instead? • if not, I may just have the client call my backend and my backend call typesense once it verifies authentication. is this the recommended path or is there another way I should do this?

Photo of Jason
Jason
Sun, 26 Feb 2023 21:10:28 UTC

The Search-only API keys are indeed designed to be exposed to the client side. While we don’t specifically support JWT, you can control access to particular collections, documents or even fields:

Photo of Jason
Jason
Sun, 26 Feb 2023 21:10:55 UTC

That article above talks about all the available options ^

Photo of Chetan
Chetan
Sun, 26 Feb 2023 21:34:18 UTC

awesome - thank you!