algolia-security-basics
Installation
SKILL.md
Algolia Security Basics
Overview
Algolia's security model is built around scoped API keys. Every Algolia app has three default keys (Admin, Search-Only, Monitoring). For production, create custom keys with minimal permissions and use Secured API Keys for per-user/per-tenant restrictions.
Key Types and Where to Use Them
| Key Type | ACL | Expose to Frontend? | Use Case |
|---|---|---|---|
| Admin | All operations | NEVER | Backend indexing, settings, key management |
| Search-Only | search only |
Yes (safe) | Frontend search widgets |
| Monitoring | Read monitoring data | No | Health checks, dashboards |
| Custom | You define ACL | Depends on ACL | Scoped backend services |
| Secured | Derived from parent key | Yes | Per-user filtered search |
Instructions
Step 1: Environment Variable Setup
Related skills