Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Search is throwing 401 error with search-only API key #476

Closed
elhe26 opened this issue Dec 25, 2021 · 3 comments
Closed

Search is throwing 401 error with search-only API key #476

elhe26 opened this issue Dec 25, 2021 · 3 comments

Comments

@elhe26
Copy link

elhe26 commented Dec 25, 2021

Description

When searching with a restricted API key, sometimes it returns a 401 error, and sometimes the actual response.

{
    "message": "Forbidden - a valid `x-typesense-api-key` header must be sent."
}

Steps to reproduce

const response = await client.keys().create({
  actions: ['documents:search', 'documents:get'],
  collections: ['*'],
  description: 'Search only key'
})

Expected Behavior

{
    "results": [
        {
            "facet_counts": [],
            "found": 0,
            "hits": [],
            "out_of": 0,
            "page": 1,
            "request_params": {
                "per_page": 10,
                "q": "Mark"
            },
            "search_time_ms": 0
        }
    ]
}

Actual Behavior

Erratic behavior:

  • The 401 unauthorized response.
  • Actual response.

Metadata

Typsense Version: typesense-server-0.22.1

OS: OS: Ubuntu 20.04 (LTS) x64
@kishorenc
Copy link
Member

@elhe26 I just tried creating an API key with those exact permissions and tried hitting both search and individual document get end-point, and everything works as expected for me. Are you able to find any additional patterns on when the 401 is received? You can perhaps try logging them and see if there is a pattern to those failures.

@elhe26 elhe26 mentioned this issue Feb 1, 2022
Closed
@JayabharathiP
Copy link

For a valid API key typesense throws "Forbidden - a valid x-typesense-api-key header must be sent." error.

Here are the configurations
Added 2 nodes configuration for typesense.
Created a search only APIKey. Then created a scoped API key.

Note:
If I try to search again with the same scoped key it is working without issue.

Is there any specific configuration available for typesense multi node?

@kishorenc
Copy link
Member

Does the error happen when you use scoped API key or the search-only API key?

Is there any specific configuration available for typesense multi node?

Make sure that the nodes are actually clustered and are not stand-alone. If they are not clustered, then key created on one node won't be available on the other. You can hit the /keys end-point to check that the same key exists on both nodes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jasonbosco @kishorenc @elhe26 @JayabharathiP