I’m using algolia to facilitate text search across data that is stored in firebase. I’m not a security expert, but firebase stresses the fact that front end api keys are vulnerable and authentication based access controls should be in place for the data they are used to search.
Some of the data I’m using algolia to search is sensitive and should not be accessible to anyone except the authenticated user that it belongs to, but I’d like to use frontend search in my application for improved speed. What is the best practice for ensuring that this data and the api key is not exposed? I’ve read about dynamically fetching the algolia keys before performing the search and not hardcoding them, but is this enough?