# Keys
The keys
route allows you to create, manage, and delete API keys. In order to use these endpoints, the master key must be set and supplied in the header of the request:
curl \
-H 'Authorization: Bearer replaceThisWithYourMasterKey'
…
Learn more about managing keys and their rights.
# Get all keys
/keys
List all existing API keys. Expired keys are included in the response, but deleted keys are not.
See below for an explanation of returned fields.
# Example
curl \
-X GET 'http://localhost:7700/keys' \
-H 'Authorization: Bearer masterKey'
# Response: 200 Ok
{
"results": [
{
"description": "Manage documents: Products/Reviews API key",
"key": "d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4",
"actions": [
"documents.add",
"documents.delete"
],
"indexes": [
"products",
"reviews"
],
"expiresAt": "2021-12-31T23:59:59Z",
"createdAt": "2021-10-12T00:00:00Z",
"updatedAt": "2021-10-13T15:00:00Z"
},
{
"description": "Default Search API Key (Use it to search from the frontend code)",
"key": "0a6e572506c52ab0bd6195921575d23092b7f0c284ab4ac86d12346c33057f99",
"actions": [
"search"
],
"indexes": [
"*"
],
"expiresAt": null,
"createdAt": "2021-08-11T10:00:00Z",
"updatedAt": "2021-08-11T10:00:00Z"
},
{
"description": "Default Admin API Key (Use it for all other operations. Caution! Do not share it on the client side)",
"key": "380689dd379232519a54d15935750cc7625620a2ea2fc06907cb40ba5b421b6f",
"actions": [
"*"
],
"indexes": [
"*"
],
"expiresAt": null,
"createdAt": "2021-08-11T10:00:00Z",
"updatedAt": "2021-08-11T10:00:00Z"
}
]
}
# Returned fields
# description
A description for the key. Default value is null
.
# key
An alphanumeric key value generated by Meilisearch on API key creation. Used for authorization when making calls to a protected Meilisearch instance.
This value is also used as the {key}
path variable to update, delete, or get a specific key.
# actions
An array of API actions permitted for the key. ["*"]
for all actions.
# indexes
An array of indexes the key is authorized to act on. ["*"]
for all indexes.
Only the key's permitted actions can be used on these indexes.
# expiresAt
Date and time when the key will expire, represented in RFC 3339 format. null
if the key never expires.
# createdAt
Date and time when the key was created, represented in RFC 3339 format.
# updatedAt
Date and time when the key was last updated, represented in RFC 3339 format.
# Get one key
/keys/{key}
Get information on the specified key. Attempting to use this endpoint with a non-existent or deleted key will result in an error. A valid API key is required.
# Example
curl \
-X GET 'http://localhost:7700/keys/d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4' \
-H 'Authorization: Bearer masterKey'
# Response: 200 Ok
{
"description": "Add documents: Products API key",
"key": "d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4",
"actions": [
"documents.add"
],
"indexes": [
"products"
],
"expiresAt": "2021-11-13T00:00:00Z",
"createdAt": "2021-11-12T10:00:00Z",
"updatedAt": "2021-11-12T10:00:00Z"
}
For an explanation of these fields, see the get all keys endpoint.
# Create a key
/keys
Create an API key with the provided description, permissions, and expiration date.
Only the indexes
, actions
, and expiresAt
fields are mandatory.
# Body
# description
Type: string
Default value: null
An optional description for the key.
# actions
Type: array
Default value: none
A list of API actions permitted for the key. ["*"]
for all actions.
name | description |
---|---|
search | Provides access to both POST and GET search endpoints on authorized indexes. |
documents.add | Provides access to the add documents and update documents endpoints on authorized indexes. |
documents.get | Provides access to the get one document and get documents endpoints on authorized indexes. |
documents.delete | Provides access to the delete one document, delete all documents, and batch delete endpoints on authorized indexes. |
indexes.create | Provides access to the create index endpoint. |
indexes.get | Provides access to the get one index and list all indexes endpoints. Non-authorized indexes will be omitted from the response. |
indexes.update | Provides access to the update index endpoint. |
indexes.delete | Provides access to the delete index endpoint. |
tasks.get | Provides access to the get one task and get all tasks endpoints. Tasks from non-authorized indexes will be omitted from the response. Also provides access to the get one task by index and get all tasks by index endpoints on authorized indexes. |
settings.get | Provides access to the get settings endpoint and equivalents for all subroutes on authorized indexes. |
settings.update | Provides access to the update settings and reset settings endpoints and equivalents for all subroutes on authorized indexes. |
stats.get | Provides access to the get stats of an index endpoint and the get stats of all indexes endpoint. For the latter, non-authorized indexes are omitted from the response. |
dumps.create | Provides access to the create dump endpoint. Not restricted by indexes . |
dumps.get | Provides access to the get dump status endpoint. Not restricted by indexes . |
version | Provides access to the get Meilisearch version endpoint. |
# indexes
Type: array
Default value: none
An array of indexes the key is authorized to act on. ["*"]
for all indexes.
Only the key's permitted actions can be used on these indexes.
# expiresAt
Type: string
Default value: none
Date and time when the key will expire, represented in RFC 3339 format. null
if the key never expires.
# Example
curl \
-X POST 'http://localhost:7700/keys' \
-H 'Authorization: Bearer masterKey' \
-H 'Content-Type: application/json' \
--data-binary '{
"description": "Add documents: Products API key",
"actions": [
"documents.add"
],
"indexes": [
"products"
],
"expiresAt": "2042-04-02T00:42:42Z"
}'
# Response: 201 Created
{
"description": "Add documents: Products API key",
"key": "d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4",
"actions": [
"documents.add"
],
"indexes": [
"products"
],
"expiresAt": "2021-11-13T00:00:00Z",
"createdAt": "2021-11-12T10:00:00Z",
"updatedAt": "2021-11-12T10:00:00Z"
}
# Update a key
/keys/{key}
Update the description, permissions, or expiration date of an API key. A valid API key is required.
To learn more about the variables sent in the body of the request, see the create key endpoint.
Updates to keys are partial. This means you should provide only the fields you intend to update, as any fields not present in the payload will remain unchanged.
# Example
curl \
-X PATCH 'http://localhost:7700/keys/d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4' \
-H 'Authorization: Bearer masterKey' \
-H 'Content-Type: application/json' \
--data-binary '{
"description": "Manage documents: Products/Reviews API key",
"actions": [
"documents.add",
"documents.delete"
],
"indexes": [
"products",
"reviews"
],
"expiresAt": "2042-04-02T00:42:42Z"
}'
# Response: 200 Ok
{
"description": "Manage documents: Products/Reviews API key",
"key": "d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4",
"actions": [
"documents.add",
"documents.delete"
],
"indexes": [
"products",
"reviews"
],
"expiresAt": "2021-12-31T23:59:59Z",
"createdAt": "2021-11-12T10:00:00Z",
"updatedAt": "2021-10-12T15:00:00Z"
}
# Delete a key
/keys/{key}
Delete the specified API key. A valid API key is required.
# Example
curl \
-X DELETE 'http://localhost:7700/keys/d0552b41536279a0ad88bd595327b96f01176a60c2243e906c52ac02375f9bc4' \
-H 'Authorization: Bearer masterKey'
# Response: 204 No Content
← Tasks All Settings →