API Reference / API Methods / API keys / Add API Key

Add API Key

Required API Key: Admin
Method signature
$client->addApiKey(array acl, [
  // All the following parameters are optional
  'validity'                => integer,
  'maxQueriesPerIPPerHour'  => integer,
  'maxHitsPerQuery'         => integer,
  'indexes'                 => array,
  'referers'                => array,
  'queryParameters'         => string,
  'description'             => string,
])

About this method

You are currently reading the documentation of the JavaScript API Client v4. Read our migration guide to learn how to upgrade from v3 to v4. You can still access the v3 documentation.

Add a new API Key with specific permissions/restrictions.

Examples

Create API Key

1
2
3
4
5
6
// Creates a new API key that can only perform search actions
$res = $client->addApiKey(['search']);
echo 'key: ' . $res['key'] . "\n";

// To make sure the key is added
$res->wait();

Create API Key with advanced restrictions

1
2
3
4
5
6
7
8
9
10
11
12
13
14
// Creates a new index specific API key valid for 300 seconds
// with a rate limit of 100 calls per hour per IP and a maximum of 20 hits

$res = $client->addApiKey(['search'], [
  'indexes'                => ['dev_*'],
  'referers'               => ['algolia.com/*'],
  'queryParameters'        => 'ignorePlurals=false&restrictSources=192.168.1.0/24',
  'description'            => 'Limited search only API key for algolia.com',
  'validity'               => 300, // 300 seconds
  'maxQueriesPerIPPerHour' => 100,
  'maxHitsPerQuery'        => 20,
]);

echo 'key=' . $res['key'] . "\n";

Parameters

acl
type: list
default: no default
Required

Set of permissions associated with the key.

The possible ACLs are:

  • Search (search): allowed to perform search operations.
  • Browse Index (browse): allowed to retrieve all index data with the browse endpoint.
  • Add records (addObject): allowed to add or update a records in the index.
  • Delete records (deleteObject): allowed to delete an existing record.
  • List indices (listIndexes): allowed to get a list of all existing indices.
  • Delete index (deleteIndex): allowed to delete an index.
  • Get index settings (settings): allowed to read all index settings.
  • Set index settings (editSettings): allowed to update all index settings.
  • Use analytics API (analytics): allowed to retrieve data with the Analytics API.
  • Use recommendation API (recommendation): allowed to interact with the Recommendation API.
  • Use usage API (usage): allowed to retrieve data with the Usage API.
  • Access logs (logs): allowed to query the logs.
  • Get unretrievable attributes (seeUnretrievableAttributes): allowed to retrieve unretrievableAttributes for all operations that return records.
validity
type: integer
default: no expiration date
Optional

A Unix timestamp used to define the expiration date of the API key.

maxHitsPerQuery
type: integer
default: 0 (unlimited)
Optional

Specify the maximum number of hits this API key can retrieve in one call. This parameter can be used to protect you from attempts at retrieving your entire index contents by massively querying the index.

maxQueriesPerIPPerHour
type: integer
default: 0 (no rate limit)
Optional

Specify the maximum number of API calls allowed from an IP address per hour. Each time an API call is performed with this key, a check is performed. If the IP at the source of the call did more than this number of calls in the last hour, a 429 code is returned.

This parameter can be used to protect you from attempts at retrieving your entire index contents by massively querying the index.

indexes
type: list
default: [] (all indices)
Optional

Specify the list of targeted indices. You can target all indices starting with a prefix or ending with a suffix using the ‘*’ character. For example, “dev_*” matches all indices starting with “dev_” and “*_dev” matches all indices ending with “_dev”.

referers
type: list
default: [] (all referers)
Optional

Specify the list of referers. You can target all referers starting with a prefix, ending with a suffix using the ‘*’ character. For example, “https://algolia.com/*” matches all referers starting with “https://algolia.com/” and “*.algolia.com” matches all referers ending with “.algolia.com”. If you want to allow the domain algolia.com you can use “*algolia.com/*”.

queryParameters
type: string
default: "" (no query parameters)
Optional

Specify the list of query parameters. You can force the query parameters for a query using the url string format.

Example: typoTolerance=strict&ignorePlurals=false

You can also add a restriction on the IPv4 network allowed to use the generated key. This is used for more protection against API key leaking and reuse.

Note that you can only provide a single source, but you can specify a range of IPs (e.g., 192.168.1.0/24).

For security reasons, the creation of the key will fail if the server from which the key is created is not in the restricted network.

Example: typoTolerance=strict&restrictSources=192.168.1.0/24

description
type: string
default: ""
Optional

Specify a description of the API key. Used for informative purposes only. It has impact on the functionality of the API key.

requestOptions
type: key/value mapping
default: No request options
Optional

A mapping of request options to send along with the request.

Response

In this section we document the JSON response returned by the API. Each language will encapsulate this response inside objects specific to the language and/or the implementation. So the actual type in your language might differ from what is documented.

JSON format

1
2
3
4
{
  "key": "1eb37de6308abdccf9b760ddacb418b4",
  "createdAt": "2017-12-16T22:21:31.871Z"
}
key
string

The created key.

createdAt
string

The date at which the key has been created.

Did you find this page helpful?