Generate a browser-safe scoped search key

Derives an HMAC-signed scoped search key from the parent search API key supplied in the Authorization header. The returned key is safe to ship to browser clients — Typesense will enforce the embedded filter_by, expires_at, and cache_ttl on every request signed with it. Requires search scope on the parent key.

Authorization

BearerAuth

AuthorizationBearer <token>

Search API key (ss_search_*) from the dashboard or keys API. Scopes (search, ingest, admin) are stored on the key; each route requires the matching scope.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

filterBy?string

Lock the scoped key to a specific filter, e.g. 'user_id:=42'.

queryBy?string

includeFields?string

excludeFields?string

sortBy?string

expiresAt?integer

Unix timestamp (seconds) when the scoped key expires.

cacheTtl?integer

Client-side cache TTL in seconds.

Range1 <= value <= 86400

limitMultiSearches?integer

0 disables multi_search.

Range0 <= value <= 20

facetBy?string

maxFacetValues?integer

Range1 <= value <= 2000

Response Body

`application/json`

curl -X POST "https://loading/api/v1/keys/generate-scoped" \  -H "Content-Type: application/json" \  -d '{}'

{
  "scopedKey": "string",
  "expiresAt": 0
}

{
  "error": "string",
  "message": "string",
  "details": null
}

{
  "error": "string",
  "message": "string",
  "details": null
}

{
  "error": "string",
  "message": "string",
  "details": null
}

Generate a browser-safe scoped search key

Authorization

Request Body

Response Body

200application/json

400application/json

401application/json

403application/json

`application/json`

`application/json`

`application/json`

`application/json`