Introduction #

All requests require a valid API key. You may create as many API keys as you wish (e.g. one per project) and apply optional domain restrictions which is recommended for front-end usage (see Security).

Managing your keys #

You can manage your keys by logging into your account and visiting Settings > API Keys. Here you can add new keys, view existing keys and delete keys you no longer need.

Security #

If using a front-end library such as Algolia's Autocomplete it's important to remember your key can be easily obtained as these are user-facing solutions. It is therefore recommended you put in place some limitations to prevent abuse:

Set a key expiry

When creating a key you can define how long until it expires and ceases to function. If unspecified or empty, this setting defaults to 'never expire'.

Restrict usage per IP

When creating a key you can define the maximum number of searches an IP address can peform per hour. If unspecified or empty, this setting defaults to 'no limit'.

Restrict usage to domains

When creating a key you can define a list of referrers / domains that are authorised to query the API with a given key. If unspecified or empty, this setting defaults to any referrer.

You can target referrers by matching a prefix or a suffix using the * wildcard, for example:

Restrict access to all referrers starting with https://example.com:

https://example.com/*
        

Restrict access to all referrers ending with .example.com:

*.example.com
        

Allow access for the full example.com domain:

*example.com/*
        

For further details please visit Algolia's guide to security best practices.