What's the recommended way of avoiding to expose the searchKey in the front-end react code?
I was thinking to build a service to return the searchKey but I think using the same searchKey for all end users is not ideal. I came across the signed keys but they don't seem to be natively supported by the native connector in GitHub - elastic/search-ui: Search UI. Libraries for the fast development of modern, engaging search experiences.
Is it possible to use signed keys without building a custom connector?
You should be fine exposing the public search key within the frontend. Its only the private API key which should not be exposed publicly. See here for more information on the topic Search guide | Elastic App Search Documentation [7.16] | Elastic
If its still important for you to hide the searchkey, you could proxy the search API call through your server, forwarding on the call to app search with the public key included.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.