I was testing the mechanism for generating and using Search Signed API keys.
The documentation says the following:
Signed search keys are created using one of our clients. They require an existing Private API key with read access.
However, I tried generating the signed key with a public search key (rather than a private API key with read access) and it worked. Since ultimately the signed key is going to be used in the front end to perform search only requests (e.g. not reading settings, etc), I wanted to use the most restrictive key.
- Which key should I use then to generate the signed key ?
- Why does the documentation states that only a private API key with read access should be used?
Thanks in advance.