TypeError: client.generateSecuredApiKey is not a function

I’ve tried generate secured API key in algoliasearch 4, both not working on:

  • nodejs environment, and also
  • single-html using CDN (frontend)

the client initialized without .generateSecuredApiKey method. I’ve try console log(client) soon after initializing.

<script src="https://cdn.jsdelivr.net/npm/algoliasearch@4.3.0/dist/algoliasearch.umd.min.js"></script>
<script>
const client = algoliasearch('GD48H95KY2','searchkeyabc123');
console.log(client);

   // <- client.initIndex() and client.search() works fine if i try it here

const publicKey = client.generateSecuredApiKey('searchkeyabc123', {
  filters: '_tag:user42'
});
console.log(publicKey);  // <- code does not reach here due to error
</script>

and this is the output of the client from Firefox
image

is it an expected behaviour? (does the function exposed into browser anyway?)
can anyone point me any hint to make it work? Thanks in advance

Hi @billwill.onggo!

Indeed this is an expected behaviour. There are two reasons for that:

  1. You shouldn’t generate secured API keys from your front end. If you do, users can modify the code and remove restrictions, which can expose hidden, sensitive data.

  2. JS do not support natively the creation of HMAC sha256 . A polyfill for that in the browser would be massive. Therefore, it’s only available for builds that target node.

1 Like