Good day! I need your help.

Im currently implementing an autocomplete search widget in Javascript. Everything seems perfect except for security. I am explicitly placing my APP_ID and API_KEY in the source js file. Is there any way I could hide this from the public? It is really risky to expose these details.

You’re definitely right, you should never use your admin API key in a production Front-end application since it would allow anyone to perform destructive action on your data.

​That said, in Algolia, you can safely include search-only API keys which restrict the usage to search operations:

​Let me know if you have further questions about API keys and Algolia!

Hey @gianluca.bargelli,

Thanks for the reply! So I have it now changed using the Search-Only API. My only concern left is is it safe to expose your APP ID? Will there be risks or?

It is safe to put APP ID in front code and codes samples from Algolia is doing that. APP ID is useless without a (search)-key :wink: