# Keys
The /keys
route allows you to create, manage, and delete API keys. To use these endpoints, you must first set the master key. Once a master key is set, you can access these endpoints by supplying it in the header of the request, or using API keys that have access to the keys.get
, keys.create
, keys.update
, or keys.delete
actions.
Learn more about managing keys and their rights.
# Get all keys
/keys
List the 20 most recently created keys. Expired keys are included in the response, but deleted keys are not. Results can be paginated by using the offset
and limit
query parameters.
See below for an explanation of returned fields.
# Query parameters
Query Parameter | Description | Default Value |
---|---|---|
offset | Number of keys to skip | 0 |
limit | Number of keys to return | 20 |
# Example
curl \
-X GET 'http://localhost:7700/keys?limit=3' \
-H 'Authorization: Bearer MASTER_KEY'
# Response: 200 Ok
{
"results": [
{
"name": null,
"description": "Manage documents: Products/Reviews API key",
"key": "d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4",
"uid": "6062abda-a5aa-4414-ac91-ecd7944c0f8d",
"actions": [
"documents.add",
"documents.delete"
],
"indexes": [
"products",
"reviews"
],
"expiresAt": "2021-12-31T23:59:59Z",
"createdAt": "2021-10-12T00:00:00Z",
"updatedAt": "2021-10-13T15:00:00Z"
},
{
"name": "Default Search API Key",
"description": "Use it to search from the frontend code",
"key": "0a6e572506c52ab0bd6195921575d23092b7f0c284ab4ac86d12346c33057f99",
"uid": "74c9c733-3368-4738-bbe5-1d18a5fecb37",
"actions": [
"search"
],
"indexes": [
"*"
],
"expiresAt": null,
"createdAt": "2021-08-11T10:00:00Z",
"updatedAt": "2021-08-11T10:00:00Z"
},
{
"name": "Default Admin API Key",
"description": "Use it for anything that is not a search operation. Caution! Do not expose it on a public frontend",
"key": "380689dd379232519a54d15935750cc7625620a2ea2fc06907cb40ba5b421b6f",
"uid": "20f7e4c4-612c-4dd1-b783-7934cc038213",
"actions": [
"*"
],
"indexes": [
"*"
],
"expiresAt": null,
"createdAt": "2021-08-11T10:00:00Z",
"updatedAt": "2021-08-11T10:00:00Z"
}
],
"offset":0,
"limit":3,
"total":7
}
NOTE
API keys are displayed in descending order based on their createdAt
date. This means that the most recently created keys appear first.
# Returned fields
Returns API keys in an array called results
, along with the following fields:
# offset
The number of keys skipped over.
# limit
The maximum number of keys to be returned by the request.
# total
The total number of API keys that can be browsed.
# The results
array
For each key, it returns:
# name
A human-readable name for the key. Default value is null
.
# description
A description for the key. Default value is null
.
# uid
A uuid v4 (opens new window) to identify the API key. If not specified, it is automatically generated by Meilisearch.
# key
An alphanumeric key value generated by Meilisearch by hashing the uid
and the master key on API key creation. Used for authorization when making calls to a protected Meilisearch instance.
This value is also used as the {key}
path variable to update, delete, or get a specific key.
NOTE
Since key
is a hash of the uid
and master key, key
values are deterministic between instances sharing the same configuration. This means if the master key changes, all key
values are automatically changed.
Since the key
field depends on the master key, it is computed at runtime and therefore not propagated to dumps and snapshots. As a result, even if a malicious user comes into possession of your dumps or snapshots, they will not have access to your instance's API keys.
# actions
An array of API actions permitted for the key. ["*"]
for all actions.
# indexes
An array of indexes the key is authorized to act on. ["*"]
for all indexes.
Only the key's permitted actions can be used on these indexes.
# expiresAt
Date and time when the key will expire, represented in RFC 3339 format. null
if the key never expires.
# createdAt
Date and time when the key was created, represented in RFC 3339 format.
# updatedAt
Date and time when the key was last updated, represented in RFC 3339 format.
# Get one key
/keys/{key_or_uid}
Get information on the specified key. Attempting to use this endpoint with a non-existent or deleted key will result in an error. A valid API key or uid is required.
# Example
curl \
-X GET 'http://localhost:7700/keys/6062abda-a5aa-4414-ac91-ecd7944c0f8d' \
-H 'Authorization: Bearer MASTER_KEY'
# Response: 200 Ok
{
"name": null,
"description": "Add documents: Products API key",
"key": "d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4",
"uid": "6062abda-a5aa-4414-ac91-ecd7944c0f8d",
"actions": [
"documents.add"
],
"indexes": [
"products"
],
"expiresAt": "2021-11-13T00:00:00Z",
"createdAt": "2021-11-12T10:00:00Z",
"updatedAt": "2021-11-12T10:00:00Z"
}
For an explanation of these fields, see the get all keys endpoint.
# Create a key
/keys
Create an API key with the provided description, permissions, and expiration date.
Only the indexes
, actions
, and expiresAt
fields are mandatory.
# Body
# name
Type: string
Default value: null
A human-readable name for the key.
# uid
Type: string
Default value: none
A uuid v4 (opens new window) to identify the API key. If not specified, it is generated by Meilisearch.
# description
Type: string
Default value: null
An optional description for the key.
# actions
Type: array
Default value: none
A list of API actions permitted for the key. ["*"]
for all actions.
name | description |
---|---|
search | Provides access to both POST and GET search endpoints on authorized indexes. |
documents.add | Provides access to the add documents and update documents endpoints on authorized indexes. |
documents.get | Provides access to the get one document and get documents endpoints on authorized indexes. |
documents.delete | Provides access to the delete one document, delete all documents, and batch delete endpoints on authorized indexes. |
indexes.create | Provides access to the create index endpoint. |
indexes.get | Provides access to the get one index and list all indexes endpoints. Non-authorized indexes will be omitted from the response. |
indexes.update | Provides access to the update index endpoint. |
indexes.delete | Provides access to the delete index endpoint. |
tasks.get | Provides access to the get one task and get tasks endpoints. Tasks from non-authorized indexes will be omitted from the response. |
settings.get | Provides access to the get settings endpoint and equivalents for all subroutes on authorized indexes. |
settings.update | Provides access to the update settings and reset settings endpoints and equivalents for all subroutes on authorized indexes. |
stats.get | Provides access to the get stats of an index endpoint and the get stats of all indexes endpoint. For the latter, non-authorized indexes are omitted from the response. |
dumps.create | Provides access to the create dump endpoint. Not restricted by indexes . |
version | Provides access to the get Meilisearch version endpoint. |
keys.get | Provides access to the get all keys endpoint. |
keys.create | Provides access to the create key endpoint. |
keys.update | Provides access to the update key endpoint. |
keys.delete | Provides access to the delete key endpoint. |
# indexes
Type: array
Default value: none
An array of indexes the key is authorized to act on. ["*"]
for all indexes.
Only the key's permitted actions can be used on these indexes.
# expiresAt
Type: string
Default value: none
Date and time when the key will expire, represented in RFC 3339 format. null
if the key never expires.
# Example
curl \
-X POST 'http://localhost:7700/keys' \
-H 'Authorization: Bearer MASTER_KEY' \
-H 'Content-Type: application/json' \
--data-binary '{
"description": "Add documents: Products API key",
"actions": ["documents.add"],
"indexes": ["products"],
"expiresAt": "2042-04-02T00:42:42Z"
}'
# Response: 201 Created
{
"name": null,
"description": "Manage documents: Products/Reviews API key",
"key": "d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4",
"uid": "6062abda-a5aa-4414-ac91-ecd7944c0f8d",
"actions": [
"documents.add"
],
"indexes": [
"products"
],
"expiresAt": "2021-11-13T00:00:00Z",
"createdAt": "2021-11-12T10:00:00Z",
"updatedAt": "2021-11-12T10:00:00Z"
}
# Update a key
/keys/{key_or_uid}
Update the name and description of an API key. A valid API key or uid is required.
To learn more about the variables sent in the body of the request, see the create key endpoint.
Updates to keys are partial. This means you should provide only the fields you intend to update, as any fields not present in the payload will remain unchanged.
# Example
curl \
-X PATCH 'http://localhost:7700/keys/6062abda-a5aa-4414-ac91-ecd7944c0f8d' \
-H 'Authorization: Bearer MASTER_KEY' \
-H 'Content-Type: application/json' \
--data-binary '{
"name": "Products/Reviews API key",
"description": "Manage documents: Products/Reviews API key"
}'
# Response: 200 Ok
{
"name": "Products/Reviews API key",
"description": "Manage documents: Products/Reviews API key",
"key": "d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4",
"uid": "6062abda-a5aa-4414-ac91-ecd7944c0f8d",
"actions": [
"documents.add",
"documents.delete"
],
"indexes": [
"products",
"reviews"
],
"expiresAt": "2021-12-31T23:59:59Z",
"createdAt": "2021-10-12T00:00:00Z",
"updatedAt": "2021-10-13T15:00:00Z"
}
# Delete a key
/keys/{key_or_uid}
Delete the specified API key. A valid API key or uid is required.
# Example
curl \
-X DELETE 'http://localhost:7700/keys/6062abda-a5aa-4414-ac91-ecd7944c0f8d' \
-H 'Authorization: Bearer MASTER_KEY'
# Response: 204 No Content
← Tasks All Settings →