Open aaronadamsCA opened 3 years ago
Good point, the ACL needed is addObject
, deleteObject
, browse
, deleteIndex
, and editSettings
. You can do this via the dashboard or via client.addApiKey. The readme here and the guide on Gatsby indeed should be updated.
Since it's Hacktoberfest, is this something you're interested in making a PR for?
Thanks for the quick response! I landed on "browse", "addObject", "deleteObject", "settings", "editSettings"
. Can you confirm whether I actually need to give "deleteIndex"
as well? It just seems like a lot of destructive power for an indexing key to have.
Since it's Hacktoberfest, is this something you're interested in making a PR for?
Maybe later in October 🙂 I will save it for later when I've got time, but in the meantime if anyone wants to take this, go for it!
ah you're right, deleteIndex
isn't needed. I thought moveIndex
used that ACL but it uses addObject
(see https://www.algolia.com/doc/api-reference/api-methods/move-index/)
settings
is a subset of editSettings
IIRC
From the Algolia docs:
I'd like to see the docs for this plugin (and the corresponding Gatsby tutorial) updated to follow this best practice. Specifically, tell the user how to create a more limited API key, and list the operations a user would need to grant to the key.
Thanks, great plugin so far 👍