Avoid Disclosing the API Keys and Setting a Rate Limit

I would like to get clarifications on my doubts below.

  1. Is there a way to have the DOCSEARCH API keys configured on our website without disclosing them in the front-end browser code explicitly?
  2. How can we define and send a rate limit as a query parameter in the API call if we are using the open-source plan?

Hi there,

  1. The API keys used for DocSearch are public Search API keys, which means it’s not a concern if everyone can see it as they don’t have any other permissions than that. However, we recommend you to scope the API key to the index you want to search on, and make sure you only have Search ACL on it.

  2. By rate limit, would you want to reduce the number of requests while searching? If so, you could do it by implementing a debounced solution in your frontend: DocSearch v3 - Debounced search - CodeSandbox, in this example, the request will only be sent 5000ms after the query has been typed.

Hope this answers your questions!