When a user queries your index using InstantSearch, they can retrieve anything from this index. This includes:
- Your application ID, used on the front end, visible in code and network requests
- Your search API key, used on the front end, visible in code and network requests
- The index name, used on the front end, visible in code and network requests
- The index content (records) returned from the API, visible in network requests
So, for example, let’s say you’re indexing users of a forum, with personal information such as their IP address. If you provide a search experience for users to search through other users, they can access the IP address, even if you don’t display it on the UI. This is why it’s crucial for you to ensure that anything you index in Algolia isn’t sensitive or confidential (or you need to use
unretrievableAttributes, see below).
Note that even when an attribute in your records isn’t searchable, it still appears in the API response. If you want to use attributes but make them unretrievable (e.g., have an attribute
total_number_of_sales for ranking purposes but hide it from the API response), you can use
unretrievableAttributes at indexing time.
As a rule of thumb, unless a sensitive piece of information is necessary for search (as in the example above), you shouldn’t index it.
For more best practices, you can head over to our documentation: