the wildest part is algolia just not responding. you email them saying "hey 39 of your customers have admin keys in their frontend" and they ghost you? thats way worse than the keys themselves imo. like the whole point of docsearch is they manage the crawling FOR you, but then the "run your own crawler" docs basically hand you a footgun with zero guardrails. they could just... not issue admin-scoped keys through that flow

▲

gregoriol 6 hours ago | parent [-]

Why contact Algolia when it is the users' responsibility to handle their keys? Contact all the users.

	▲	Kwpolska 3 hours ago \| parent \| next [-]
		If this happens so often, perhaps Algolia should improve their stuff to prevent this? For example, by implementing a dedicated search endpoint that doesn't accept normal API keys, but only dedicated read-only keys.
	▲	interstice 2 hours ago \| parent \| prev \| next [-]
		It is the users responsibility to operate foot guns responsibly.
	▲	jgalt212 33 minutes ago \| parent \| prev [-]
		because if it's easy to dangerously use one's product that reflect poorly on the product. Algolia should help its clients from making silly mistakes.