Permissions that determine the type of API requests this key can make. The required ACL is listed in each endpoint's reference. For more information, see access control list.
Index names or patterns that this API key can access. By default, an API key can access all indices in the same application. You can use leading and trailing wildcard characters (*): - dev_* matches all indices starting with "dev_". - *_dev matches all indices ending with "_dev". - *_products_* matches all indices containing "products".
Maximum number of API requests allowed per IP address or user token per hour. If this limit is reached, the API returns an error with status code 429. By default, there's no limit.
Query parameters to add when making API requests with this API key. To restrict this API key to specific IP addresses, add the restrictSources parameter. You can only add a single source, but you can provide a range of IP addresses. Creating an API key fails if the request is made from an IP address that's outside the restricted range.
Allowed HTTP referrers for this API key. By default, all referrers are allowed. You can use leading and trailing wildcard characters (*): - https://algolia.com/_* allows all referrers starting with "https://algolia.com/" - *.algolia.com allows all referrers ending with ".algolia.com" - *algolia.com* allows all referrers in the domain "algolia.com". Like all HTTP headers, referrers can be spoofed. Don't rely on them to secure your data. For more information, see HTTP referrer restrictions.
