Skip to main content
This page documents an earlier version of the API client. For the latest version, see Update an API key.
Required ACL: Admin Any unspecified permission field will be reset to its default value. To ensure that existing permissions aren’t lost when applying an update, make sure to include the existing permissions you don’t want to change.

Examples

Update the permissions of an existing key

// Update an existing API key that is valid for 300 seconds
ApiKey apiKeyToUpdate = new ApiKey
{
    Value = "YourAPIKey",
    Acl = new List<string> { "search" },
    MaxHitsPerQuery = 0,
    MaxQueriesPerIPPerHour = 0,
    Validity = 300
};

var res = client.UpdateApiKey(apiKeyToUpdate);

// Asynchronous
var res = await client.UpdateApiKeyAsync(apiKeyToUpdate);

// Update an existing index-specific API key valid for 300 seconds,
// with a rate limit of 100 calls per hour per IP and a maximum of 20 hits
ApiKey apiKeyToUpdate = new ApiKey
{
    Value = "YourAPIKey",
    Acl = new List<string> { "search" },
    Indexes = new List<string> { "dev_*" },
    MaxHitsPerQuery = 20,
    MaxQueriesPerIPPerHour = 100,
    Validity = 300
};

var res = index.UpdateApiKey(apiKeyToUpdate);

// Asynchronous
var res = await index.UpdateApiKeyAsync(apiKeyToUpdate);

Parameters

apiKey
string
required
API Key to update
acl
string[]
Set of permissions associated with the key.The possible access controls are:
  • Search (search): allowed to perform search operations.
  • Browse Index (browse): allowed to retrieve all index data with the browse endpoint.
  • Add records (addObject): allowed to add or update records in the index.
  • Delete records (deleteObject): allowed to delete an existing record.
  • List indices (listIndexes): allowed to get a list of all existing indices.
  • Delete index (deleteIndex): allowed to delete an index.
  • Get index settings (settings): allowed to read all index settings.
  • Set index settings (editSettings): allowed to update all index settings.
  • Use analytics API (analytics): allowed to retrieve data with the Analytics API.
  • Use recommendation API (recommendation): allowed to interact with the Recommendation API.
  • Use usage API (usage): allowed to retrieve data with the Usage API.
  • Access logs (logs): allowed to query the logs.
  • Get unretrievable attributes (seeUnretrievableAttributes): allowed to retrieve unretrievableAttributes for all operations that return records.
description
string
Specify a description to describe where the key is used.
indexes
string[]
Specify the list of targeted indices. You can target all indices starting with a prefix or ending with a suffix using the * character. For example, dev_* matches all indices starting with dev_ and *_dev matches all indices ending with _dev.
maxHitsPerQuery
integer
default:0
Specify the maximum number of hits this API key can retrieve in one call. This parameter can be used to protect you from attempts at retrieving your entire index contents by massively querying the index.This must be a positive integer.
maxQueriesPerIPPerHour
integer
default:0
Specify the maximum number of API calls allowed from an IP address per hour. Each time an API call is performed with this key, a check is performed. If the IP at the source of the call did more than this number of calls in the last hour, a 429 code is returned.This must be a positive integer.This parameter can be used to protect you from attempts at retrieving your entire index contents by massively querying the index.
queryParameters
object
Specify the list of query parameters. You can force the query parameters for a query using the url string format. Example: “typoTolerance=strict&ignorePlurals=false”
referers
string[]
Specify the list of referers. You can target all referers starting with a prefix, ending with a suffix using the * character. For example, https://algolia.com/* matches all referers starting with https://algolia.com/ and *.algolia.com matches all referers ending with .algolia.com. To allow the domain algolia.com, use *algolia.com/*.
validity
integer
A Unix timestamp used to define the expiration date of the API key.This must be a positive integer.

Response

key
string
The updated key.
updatedAt
string
The date at which the key was updated.

Response as JSON

This section shows the JSON response returned by the API. Each API client wraps this response in language-specific objects, so the structure may vary. To view the response, use the getLogs method. Don’t rely on the order of properties—JSON objects don’t preserve key order.
JSON
{
  "key": "1eb37de6308abdccf9b760ddacb418b4",
  "updatedAt": "2017-12-16T22:21:31.871Z"
}
I