When protecting your instance with a master key, you can ensure only authorized users can carry out sensitive tasks such as adding documents or altering index settings. Meilisearch gives you fine-grained control over which users can access which indexes, endpoints, and routes. We strongly recommend you only use the master key when managing API keys. Since the master key is not an API key, it cannot be configured and listed through the /keys endpoints.Įxposing your master key can give malicious users complete control over your Meilisearch instance. The master key is the only key with access to endpoints for creating and deleting API keys. While API keys are designed to have limited permissions, the master key grants users full control over an instance. When you launch an instance for the first time, Meilisearch creates two default API keys: Default Search API Key and Default Admin API Key. They can be configured by using the /keys route.įor most of your day-to-day operations, you should use API keys when communicating with a protected instance. You can also configure them to expire after a certain date. Though both types of keys help you protect your instance and your data, they serve distinct purposes and are managed in different ways.ĪPI keys grant users access to a specific set of indexes, routes, and endpoints. Meilisearch currently has two types of security keys: one master key and any number of API keys. Differences between the master key and API keys They can be retrieved, modified, or deleted the same way as user-created keys. Both default API keys have access to all indexes in an instance and do not have an expiry date.
0 Comments
Leave a Reply. |