Typesense API Key and JWT Token Usage
TLDR Chetan asked about using the Typesense API key and JWT tokens. Jason clarified that search-only keys are exposed to the client side and shared data access control options.
Feb 26, 2023 (10 months ago)
• is this correct?
• is there a way i can use auth tokens / jwt tokens instead?
• if not, I may just have the client call my backend and my backend call typesense once it verifies authentication. is this the recommended path or is there another way I should do this?
While we don’t specifically support JWT, you can control access to particular collections, documents or even fields: https://typesense.org/docs/guide/data-access-control.html
Indexed 3015 threads (79% resolved)
Using Typesense Frontend and Protecting API Key
KARTHICK asked about using Typesense from frontend, Jason suggested both frontend and backend are possible but encourages frontend for performance. Marcos mentioned key exposure concerns, Kishore Nallan explained scoped API keys can provide protection.
Issues with Generating Scope API Keys in Python
Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.
Stefanie expressed concern over potential misuse of their typesense project key. Kishore Nallan proposed using a scoped API key with limitations for protection.