Secured api key filters not working

Hi guys,

I am trying to limit users to only see posts that were not deleted. I have a primary index called Posts and a replica called Posts_public. Posts have a _$indexingMeta property which is an object containing a deleted key. I want to use this property to force all users to receive the subset of Posts where deleted != true;

For each user, I generate a secured API key with the following filter:

client.generateSecuredApiKey(parentApiKey, {
  // NOT is used so that documents that don't contain 
  // _$indexingMeta are not ignored.
  filters: "NOT _$indexingMeta.deleted:true",
  userToken: userId,
  ...
});

// This is how the indexes are created:
primaryIndex.setSettings({
  attributesForFaceting: [
    ....
    "_$indexingMeta.deleted"
  ];
}, { forwardToReplicas: true });

replicaIndex.setSettings({
  attributesForFaceting: [
    ....
    "_$indexingMeta.deleted"
  ]
});

I have tried various things, and regardless of what I do, either all or none of the documents are returned. Also, because I noticed that the secured API Key does not change when I change the filters property used to generate it, I have been testing by generating api keys with different userTokens to verify that the key used in the query was generated using the correct filters.

Does anyone know what I’m doing wrong?

Hi netbkb,

I’m curious as to why you are looking to introduce the additional complexity of secured API keys rather than simply specifying the filter at query time?