Access Control for Search

Build secure search experiences with ease

API keys

Read, Write or Admin Keys

Don't compromise on security with a single point of failure. Create multiple keys, each with specific intent.

API keys

Role Based Access Control

Segment users by roles specific to your use-case. Each role can be paired with an API key.

RBAC works with JWTs and provides a secure search experience.
Integrate with Identity providers such as Auth0, Firebase, AWS Cognito, and Azure AD.
RBAC image

Restrict by IPs and HTTP Referers

Each API key allows whitelisting IP sources (using CIDR format) and HTTP Referers (using regex patterns).

Whenever possible, IP sources whitelisting can ensure secure access to your search app.
While not full-proof by itself, using HTTP Referers can enhance your existing security.
security controls

Use ACLs

Each API key can enable access and set rate limits for a category of API endpoints.

ACLs

Field Level Filtering

Hide sensitive and irrelevant data from appearing in search results to enhance security and performance.

Use Include filter to whitelist data to be returned in search results.
Use Exclude filter to blacklist data. This won't be returned in search results.
fields filtering

Collaborate With Your Team

Provide specific access policies for your team members.

filters