Indexing best practices

Hey folks,

We have a collection of records under a model called Assets that we’d like to make searchable with Algolia.

These need to be searchable on a per user basis (i.e. a user shouldn’t be able to view the Assets that don’t belong to them).

Currently, I’m solving this problem by creating a separate index for each user (i.e. assets_1, assets_2, etc.)

Is that okay behavior? We then programmatically set the index settings every time a new asset is created.

Hi @nima :wave:

This can indeed work. However, there are two main issues with this solution:

  1. If there are assets that are shared between users, this will results in duplicated records and a higher overall records usage
  2. If this assets_${ID} index is queried directly from the frontend (as we recommend), then there is a security issue since users could just change the requested index and query another users’ data

Alternatively, you can store all the assets in the same index, and add a _tags array with the user IDs to each record. You can then use the filters search param to restrict by a given tag. Obviously this is still not very secure, because users could just change the filter value and see other users’ assets. To make this more secure, instead of using the filters query param, you can use secured API keys which will embed the tag filter restriction. You would generate this API key on the backend, and pass it to the frontend, and it won’t be possible for users to tinker with it to try and access other users’ data.

Let me know if you have any further questions!

Thanks! We currently don’t query from the front-end but plan on doing it in the next couple of weeks.

I’ll start using the _tags array instead when we do that :slight_smile: