Don't compromise on security with a single point of failure. Create multiple keys, each with specific intent. Read keys are suited for search interface, write keys are suited for backend processes and admin keys should be reserved for admin APIs and monitoring purposes.
Restrict by IPs, HTTP Referers
Each API key allows whitelisting IP sources (using CIDR format) and HTTP Referers (using regex patterns). You can also dynamically update these using our REST API.
Whenever possible, IP sources whitelisting can ensure secure access to your search app.
While not full-proof by itself, using HTTP Referers can enhance your existing security.
Each API credential can set ACLs (aka access control lists), which allows granular control over API endpoints that can be accessed.
IP Rate Limits
IP based rate limits prevent potential misuse of the API key by malicious scripts.
Prevent scraping scripts from stealing your data.
Field Level Filtering
Hide sensitive and irrelevant data from appearing in search results to enhance security and performance.
Use Include filter to whitelist data to be returned in search results.
Use Exclude filter to blacklist data. This won't be returned in search results.