yes right, I mean the secured API Keys. Regarding the questions:
What would be the issue if one of my tenants leaked their secured API Key? How problematic would it be for them? For your service? Maybe it is fine if the API Keys live forever, maybe it’s better if they have a short TTL.
Yes, would be a big Issue.
Do they need to know their Algolia API Key? If they do, how practical would it be to have one dedicated API Key that they can save on their end compared to ephemeral keys?
No, they just use the search like in an B2C app, they should just see only their content
Are there other features that you would like to leverage from secured API Keys, such as rate limits, etc?
At the moment not, but in future this could be relevant.
So my approach at the moment is to generate a secured API key and set a filter for the tenantId.
Thanks and Best,