[Presale] security, access to the index

Hi there,

as all the identification part to access an index (AppID, ApiKey; indexname) is in the js file anybody can access the data in readonly mode, correct?
is there a way to secure this? i don’t want my users “suck” all my data.


Hi @jeanlouis

You’re correct. Thought, I believe Algolia API has a limit to never send more than 1000 hits to prevent sucking data too easily as you said. Using a full custom server-side script to hit Algolia’s API would allow you to reduce that amount but huge work for low gain in my opinion.

Plus, every data that you put in Algolia should be public has they’ll be use to improve your user’s search.

Plus, Algolia’s only send objects in return of typing query so use it to get your content would NOT be the most efficient way to get 100,00% of your content.

My point being, if someone really wants to suck your content - there is a tons of way to do it in a much more efficient maner . Algolia won’t be any more or less secure to that.

May be @Algolia has some more securities I’m not aware of of course :wink:

Hi @jeanlouis, and thanks @pierre.aurele.martin for your initial response!

I wanted to add that if you are worried about your data being crawled, you can always create a custom API key with a rate limit (Max API calls/IP/hour in the dashboard).

You can also create API keys with custom index restrictions, or generate secured API keys with filter restrictions or expiration dates on the fly, if you want to further restrict what data an API key has access to.

Merci à tous les deux pour votre réponse.