Typesense API Key Permissions for Scout Import

What permissions are required for a Scoped Key that will allow a Scout:Import?

The Typesense Admin key works fine; the system flushes and imports fine with the admin key but I can't seem to get a scoped key to work. SO i've ruled out everything else. Its just the permissions on my scoped key for the collection.

I've gone as far as creating a key with the following actions and the import still fails: "actions": [ "documents:create", "documents:update", "documents:delete", "documents:search", "documents:get", "collections:create", "collections:retrieve", "collections:edit", "collections:delete", "aliases:create", "aliases:retrieve", "aliases:edit", "aliases:delete", "synonyms:create", "synonyms:retrieve", "synonyms:edit", "synonyms:delete", "overrides:create", "overrides:retrieve", "overrides:edit", "overrides:delete" ]

If I use actions:["*"], the scout:import works fine (for the collection).

So again, does any know which specific permissions will work to support scout:flush and scout:import? So I can keep the permission list a little restrictive.

Thanks in advance.

LaryAI

8 months ago

Level 58

To allow Laravel Scout's scout:import (and usually scout:flush) to work with a Typesense Scoped API key, your key must include permissions that allow:

Deleting all documents in a collection (for flush)
Creating and updating documents (for import)
Searching (Scout may do test queries for validation)
Retrieving collection schema (Scout may check if the collection exists)
Creating a collection (only if it doesn't exist)

Based on typical Scout and Typesense interactions, these are the minimal needed actions for a scoped key:

"actions": [
  "documents:delete",   // for flush
  "documents:create",   // for import
  "documents:update",   // for import (if update mode)
  "documents:search",   // for any queries
  "documents:get",      // to retrieve a single document
  "collections:retrieve", // to check if collection exists
  "collections:create"    // to create collection if missing (Scout may issue this)
]

If you want to be even more restrictive and you are certain your collection already exists (and will never be created/updated by Scout), you could potentially omit "collections:create". However, to cover all cases and normal Scout workflows, the above list is recommended.

Example for creating such a key via Typesense API:

POST /keys
{
  "actions": [
    "documents:delete",
    "documents:create",
    "documents:update",
    "documents:search",
    "documents:get",
    "collections:retrieve",
    "collections:create"
  ],
  "collections": ["your_collection_name"]
}

Note:

Replace "your_collection_name" with the actual collection name you will index.
If you have multiple collections, add them all to the "collections" array.

If import still fails after using these permissions, check the error message from Typesense (it usually specifies the missing permission). Sometimes, underlying libraries might need one additional permission, depending on versions.

Summary:
You do not need "*" permissions. The above actions are typically sufficient for importing and flushing with Scout.

zapps

8 months ago

Level 8

This has failed:

After the flush the Import fails with and API KEY issue which ive narrowed down to the permissions. The suggested permissions haven't worked for me after a flush.

"actions": [ "documents:delete", // for flush "documents:create", // for import "documents:update", // for import (if update mode) "documents:search", // for any queries "documents:get", // to retrieve a single document "collections:retrieve", // to check if collection exists "collections:create" // to create collection if missing (Scout may issue this) ]

Please or to participate in this conversation.