Using Secure API Keys for a large amount of users

I’m wondering how to handle a situation where I’m using Secure API Keys for a large number of users.

For example the de-duplicated data for our records:

[
  {
    "ObjectID": 1,
    "title": "ABC 1",
    "url": "/post/abc1",
    "content": "something 1",
    "viewable_by": [100, 230... 1000 other users]
  },
  {
    "ObjectID": 2,
    "title": "ABC 1",
    "url": "/post/abc1",
    "content": "something 2",
    "viewable_by": [100, 230... 1000 other users]
  }
]

If the user IDs start at 0 and increment by 1 then the size of the viewable_by would be equivalent to (even more if JSON numbers sent as string):

  • 50 users: 91b
  • 100 users: 192b
  • 500 users: 2kb
  • 1000 users: 4kb
  • 5000 users: 19kb
  • 10000 users: 47kb
  • 50000 users: 282kb
  • 100000 users: 575kb

Each record has a maximum size of 10kb. Just the viewable_by field can use or surpass that limit.

An alternative I thought about would be to combine users with the same access types into “fake” groups. For example, say users 1, 5, 232, and 3722 have access to ObjectID 1 and ObjectID 2, then they would be part of a group. Then viewable_by could be the group IDs. When creating the secure api key I would add an OR filter for all the groups the user has access to. I’m just not yet sure how I would generate the groups.

Two questions:

  1. Is the viewable_by with secure API keys generally how private records are handled?
  2. Does anyone else generate “fake” group of users to reduce record size?

Hi there,

  1. Yes secured API Key are the way to go.
  2. the 10k limit is mainly a pricing limit but it is also a limit to avoid having users sending unnecessary data.
    In your case it’s definitely a valid use case. On business and enterprise plan the record size limit can be increased to handle such usecase per user. On community/essential plans fake group would be what I recommend in order to stay under the 10kb limit.
1 Like