#community-help

Typesense API Key and JWT Token Usage

TLDR Chetan asked about using the Typesense API key and JWT tokens. Jason clarified that search-only keys are exposed to the client side and shared data access control options.

Powered by Struct AI

1

1

Feb 26, 2023 (10 months ago)
Chetan
Photo of md5-f5bf390d5711f8a2f96bd93d1bc97d20
Chetan
02:55 PM
from the documentation, it seems like i should just have the client hard code the typesense api key and call the backend. A few questions here:
• is this correct?
• is there a way i can use auth tokens / jwt tokens instead?
• if not, I may just have the client call my backend and my backend call typesense once it verifies authentication. is this the recommended path or is there another way I should do this?
Jason
Photo of md5-8813087cccc512313602b6d9f9ece19f
Jason
09:10 PM
The Search-only API keys are indeed designed to be exposed to the client side.

While we don’t specifically support JWT, you can control access to particular collections, documents or even fields: https://typesense.org/docs/guide/data-access-control.html

1

09:10
Jason
09:10 PM
That article above talks about all the available options ^
Chetan
Photo of md5-f5bf390d5711f8a2f96bd93d1bc97d20
Chetan
09:34 PM
awesome - thank you!

1