This documentation is for a deprecated version of Ruby API client .
Some features and settings may be missing or their usage may have changed.
Refer to the documentation for the
latest version of Ruby API client for up-to-date information.
Generate a secured API key without any call to our servers.
When you need to restrict the scope of an API key, you should use secured API keys.
You can only generate a secured API key from your search-only API keys: you can’t use Admin API keys, or other secured API keys.
You shouldn’t generate secured API keys from your frontend. If you do, users can modify the code and remove restrictions, which can expose hidden, sensitive data.
You can define a number of restrictions (valid until, restrict indices, etc.).
Keep in mind that the more limitations you set, the longer the key. You might face network limitations with a key longer than 500 characters, so consider this when adding restrictions.
If you want to rate-limit a secured API key, the key that you used to generate it must also be rate-limited. You can create a rate-limited key via the dashboard, or using either the Add API Key or Update API Key methods of an API client.
Examples
Generate a secured API key containing a filter
Copy
1
2
3
4
5
6
7
8
// generate a public API key for user 42. Here, records are tagged with:// - 'user_XXXX' if they are visible by user XXXX$public_key=\Algolia\AlgoliaSearch\SearchClient::generateSecuredApiKey('YourSearchOnlyApiKey',['filters'=>'_tags:user_42']);
1
2
3
# generate a public API key for user 42. Here, records are tagged with:# - 'user_XXXX' if they are visible by user XXXXpublic_key=Algolia.generate_secured_api_key('YourSearchOnlyApiKey',{filters: '_tags:user_42'})
1
2
3
4
5
6
7
8
9
10
11
12
// Only available on Node - CommonJS build// generate a public API key for user 42. Here, records are tagged with:// - 'user_XXXX' if they are visible by user XXXXconstpublicKey=client.generateSecuredApiKey('YourSearchOnlyApiKey',{filters:'_tags:user_42'});console.log(publicKey);
1
2
3
4
5
6
7
8
# generate a public API key for user 42. Here, records are tagged with:
# - 'user_XXXX' if they are visible by user XXXX
fromalgoliasearch.search_clientimportSearchClientpublic_key=SearchClient.generate_secured_api_key('YourSearchOnlyApiKey',{'filters':'_tags:user_42'})
1
2
3
4
5
6
7
8
9
// generate a public API key for user 42. Here, records are tagged with:// - 'user_XXXX' if they are visible by user XXXXletparentAPIKey=APIKey("SearchOnlyApiKeyKeptPrivate")letrestriction=SecuredAPIKeyRestriction().set(\.query,to:Query().set(\.filters,to:"_tags:user_42"))letpublicKey=client.generateSecuredApiKey(parentApiKey:parentAPIKey,with:restriction)
1
2
3
4
5
6
7
8
9
// generate a public API key for user 42. Here, records are tagged with:// - 'user_XXXX' if they are visible by user XXXXSecuredApiKeyRestrictionrestriction=newSecuredApiKeyRestriction{Query=newQuery{Filters="_tags:user_42"},};client.GenerateSecuredApiKeys("YourSearchOnlyApiKey",restriction);
1
2
3
4
5
6
7
8
9
10
11
12
13
// Sync & Async version// generate a public API key for user 42. Here, records are tagged with:// - 'user_XXXX' if they are visible by user XXXXSecuredApiKeyRestrictionrestriction=newSecuredApiKeyRestriction().setQuery(newQuery().setFilters("_tags:user_42"));StringpublicKey=client.generateSecuredApiKey("YourSearchOnlyApiKey",restriction);
// generate a public API key for user 42. Here, records are tagged with:// - 'user_XXXX' if they are visible by user XXXXvalpublicKey=client.generateSecuredApiKey("YourSearchOnlyApiKey",Query(filters=Some("_tags:user_42")))
Generate a secured API key with an expiration date
Copy
1
2
3
4
5
6
7
8
// generate a public API key that is valid for 1 hour:$validUntil=time()+3600;$public_key=\Algolia\AlgoliaSearch\SearchClient::generateSecuredApiKey('YourSearchOnlyApiKey',['validUntil'=>$validUntil]);
1
2
3
# generate a public API key that is valid for 1 hour:valid_until=Time.now.to_i+3600public_key=Algolia.generate_secured_api_key('YourSearchOnlyApiKey',{validUntil: valid_until})
1
2
3
4
5
6
7
8
9
10
// Only available on Node - CommonJS build// generate a public API key that is valid for 1 hour:constvalidUntil=Math.floor(Date.now()/1000)+3600;constpublicKey=client.generateSecuredApiKey('YourSearchOnlyApiKey',{validUntil});
1
2
3
4
5
6
7
8
9
10
importtimefromalgoliasearch.search_clientimportSearchClient# generate a public API key that is valid for 1 hour:
valid_until=time.time()+3600public_key=SearchClient.generate_secured_api_key('YourSearchOnlyApiKey',{'validUntil':valid_until})
1
2
3
4
5
6
7
// generate a public API key that is valid for 1 hour:letparentAPIKey=APIKey("SearchOnlyApiKeyKeptPrivate")letrestriction=SecuredAPIKeyRestriction().set(\.validUntil,to:Date().addingTimeInterval(.hour).timeIntervalSince1970)letpublicKey=client.generateSecuredApiKey(parentApiKey:parentAPIKey,with:restriction)
// generate a public API key that is valid for 1 hour:intvalidUntil=(int)(System.currentTimeMillis()/1000+3600);SecuredApiKeyRestrictionrestriction=newSecuredApiKeyRestriction().setQuery(newQuery().setValidUntil(validUntil));StringpublicKey=client.generateSecuredApiKey("YourSearchOnlyApiKey",restriction);
1
2
3
4
5
// Generate a public API key that is valid for 1 hourkey,err:=search.GenerateSecuredAPIKey("YourSearchOnlyApiKey",opt.Filters("_tags:user_42"),)
Generate a secured API key with indices restriction
Copy
1
2
3
4
5
6
7
8
// generate a public API key that is restricted to 'index1' and 'index2':$public_key=\Algolia\AlgoliaSearch\SearchClient::generateSecuredApiKey('YourSearchOnlyApiKey',['restrictIndices'=>'index1,index2']);
1
2
# generate a public API key that is restricted to 'index1' and 'index2':public_key=Algolia.generate_secured_api_key('YourSearchOnlyApiKey',{restrictIndices: 'index1,index2'})
1
2
3
4
5
6
7
8
9
10
// Only works in Node// generate a public API key that is restricted to 'index1' and 'index2':constpublicKey=client.generateSecuredApiKey('YourSearchOnlyApiKey',{restrictIndices:'index1,index2'});
1
2
3
4
5
6
7
fromalgoliasearch.search_clientimportSearchClient# generate a public API key that is restricted to 'index1' and 'index2':
public_key=SearchClient.generate_secured_api_key('YourSearchOnlyApiKey',{'restrictIndices':'index1,index2'})
1
2
3
4
5
6
7
// generate a public API key that is restricted to 'index1' and 'index2':letparentAPIKey=APIKey("SearchOnlyApiKeyKeptPrivate")letrestriction=SecuredAPIKeyRestriction().set(\.restrictIndices,to:["index1","index2"])letpublicKey=client.generateSecuredApiKey(parentApiKey:parentAPIKey,with:restriction)
// generate a public API key that is restricted to "index1" and "index2":SecuredApiKeyRestrictionrestriction=newSecuredApiKeyRestriction().setRestrictIndices(Arrays.asList("index1","index2"))StringpublicKey=client.generateSecuredApiKey("YourSearchOnlyApiKey",restriction);
1
2
3
4
5
6
// Generate a public API key that is restricted to `index1` and `index2`key,err:=search.GenerateSecuredAPIKey("YourSearchOnlyApiKey",opt.RestrictIndices("index1","index2"),)
1
2
3
4
5
// generate a public API key that is restricted to 'index1' and 'index2':valpublicKey=client.generateSecuredApiKey("YourSearchOnlyApiKey",Query(restrictIndices=Some(Seq("index1","index2")))
Generate a secured API key with a network restriction
Copy
1
2
3
4
5
6
7
# generate a public API key that is restricted to '192.168.1.0/24':$public_key=\Algolia\AlgoliaSearch\SearchClient::generateSecuredApiKey('YourSearchOnlyApiKey',['restrictSources'=>'192.168.1.0/24']);
1
2
# generate a public API key that is restricted to '192.168.1.0/24':public_key=Algolia.generate_secured_api_key('YourSearchOnlyApiKey',{restrictSources: '192.168.1.0/24'})
1
2
3
4
5
6
7
8
// Only works in Node// generate a public API key that is restricted to '192.168.1.0/24':constpublicKey=client.generateSecuredApiKey('YourSearchOnlyApiKey',{restrictSources:'192.168.1.0/24'});
1
2
3
4
5
6
7
fromalgoliasearch.search_clientimportSearchClient# generate a public API key that is restricted to '192.168.1.0/24':
public_key=SearchClient.generate_secured_api_key('YourSearchOnlyApiKey',{'restrictSources':'192.168.1.0/24'})
1
2
3
4
5
6
7
// generate a public API key that is restricted to '192.168.1.0/24':letparentAPIKey=APIKey("SearchOnlyApiKeyKeptPrivate")letrestriction=SecuredAPIKeyRestriction().set(\.restrictSources,to:["192.168.1.0/24"])letpublicKey=client.generateSecuredApiKey(parentApiKey:parentAPIKey,with:restriction)
// Generate a public API key that is restricted to `192.168.1.0/24`key,err:=search.GenerateSecuredAPIKey("YourSearchOnlyApiKey",opt.RestrictSources("192.168.1.0/24"),)
Generate a secured API key with a rate limiting applied per user
Copy
1
2
3
4
5
6
7
8
// The rate limit will be based on the passed user token$public_key=\Algolia\AlgoliaSearch\SearchClient::generateSecuredApiKey('YourSearchOnlyApiKey',['userToken'=>'user_42']);
1
2
# The rate limit will be based on the passed user tokenpublic_key=Algolia.generate_secured_api_key('YourSearchOnlyApiKey',{userToken: 'user_42'})
1
2
3
4
5
6
7
8
9
// Only works in Node// The rate limit will be based on the passed user tokenconstpublicKey=client.generateSecuredApiKey('YourSearchOnlyApiKey',{userToken:'user_42'});
1
2
3
4
5
6
7
fromalgoliasearch.search_clientimportSearchClient# The rate limit will be based on the passed user token
public_key=SearchClient.generate_secured_api_key('YourSearchOnlyApiKey',{'userToken':'user_42'})
1
2
3
4
5
6
7
8
9
10
11
// generate a public API key for user 42. Here, records are tagged with:// - 'user_XXXX' if they are visible by user XXXXletparentAPIKey=APIKey("SearchOnlyApiKeyKeptPrivate")letrestriction=SecuredAPIKeyRestriction().set(\.query,to:Query().set(\.filters,to:"_tags:user_42").set(\.userToken,to:"42"))letpublicKey=client.generateSecuredApiKey(parentApiKey:parentAPIKey,with:restriction)
1
2
3
4
5
6
7
8
// The rate limit will be based on the passed user tokenSecuredApiKeyRestrictionrestriction=newSecuredApiKeyRestriction{UserToken="42"};client.GenerateSecuredApiKeys("YourSearchOnlyApiKey",restriction);
1
2
3
4
5
6
7
8
9
10
11
12
// Sync & Async version// The rate limit will be based on the passed user tokenSecuredApiKeyRestrictionrestriction=newSecuredApiKeyRestriction().setQuery(newQuery().setUserToken("42"));StringpublicKey=client.generateSecuredApiKey("YourSearchOnlyApiKey",restriction);
1
2
3
4
5
6
// The rate limit will be based on the passed user tokenkey,err:=search.GenerateSecuredAPIKey("YourSearchOnlyApiKey",opt.UserToken("user_42"),)
1
2
3
4
5
// The rate limit will be based on the passed user tokenvalpublicKey=client.generateSecuredApiKey("YourSearchOnlyApiKey",Query(userToken=Some("42")))
1
2
3
4
5
6
7
8
// The rate limit will be based on the passed user tokenvalparentAPIKey=APIKey("SearchOnlyApiKeyKeptPrivate")valrestriction=SecuredAPIKeyRestriction(userToken=UserToken("42"))ClientSearch.generateAPIKey(parentAPIKey,restriction)
Parameters
apiKey
type: string
Required
The API key that your new secured API key inherits restrictions from.
filters
type: string
default: ""
Optional
Filters that apply to every search made with the secured API key.
You can add extra filters at search time with the filters query parameter.
For example, if you set the filter group:admin on your generated API key, and you add groups:press OR groups:visitors with the filters query parameter, your final search filter is equivalent to groups:admin AND (groups:press OR groups:visitors).
validUntil
type: integer
default: no expiration date
Optional
A Unix timestamp used to set the expiration date of the API key.
restrictIndices
type: list
default: all indices
Optional
List of index names that can be queried.
restrictSources
type: string
default: no restricted sources
Optional
IPv4 network allowed to use the generated key.
This is used for more protection against API key leaking and reuse.
Note that you can only provide a single source, but you can specify a range of IPs (e.g., 192.168.1.0/24).
userToken
type: string
default: users' IP address
Optional
Specify a unique user identifier.
This can be useful when you want impose a rate limit on specific users.
By default, we set rate limits based on the IP address.
This can become an issue when several users search from the same IP address.
To avoid this, you can set a unique userToken for each user when generating their API key.
This lets you restrict each user to a maximum number of API calls per hour, even if they share their IP with another user.
In this section we document the JSON response returned by the API.
Each language will encapsulate this response inside objects specific to the language and/or the implementation.
So the actual type in your language might differ from what is documented.