I am new in Elastic product. I am actually an Android and iOS developer. so I have limited knowledge about backend.
I have tried to read app search authentication documentation in here , it seems I can directly make a query directly from my Android/iOS app, by using this
curl -X GET 'https://[HOST_IDENTIFIER].api.swiftype.com/api/as/v1/engines/[ENGINE]/documents'
-H 'Content-Type: application/json'
-H 'Authorization: Bearer [API_KEY]' \
If use that endpoint and use public search key for the [API_KEY], is it safe to use Elastic App Search just like that ?
search key is read-only access, so malicious users can't delete my documents, but if the endpoint is exposed in my mobile app like that, I am worried that will be a malicious user that can make millions of requests in short period of time and it will make my elastic app search down.
can I prevent this ?