I want to know if it is completly neccesary to use a security KEY in meilisearch.
I´m building an app in laravel, its like a blog, where I have the users and the posts with its comments. My searcher its similar to the stack overflow, where we can search through the posts. Im using meilisearch (from laravel scout) to make this possible.
So my question is, do I really need to use a masterkey in this case, where the users can´t directly access to sensitive data, but the post table has a relation to the users table.
Let me know if you need more info
It is strongly recommended to use a master key, even in your case. Without setting the master key, you give users and malicious users complete control over your Meilisearch instance, meaning all API routes are publicly accessible because it requires no authorization to access, and anyone can write, delete or modify the posts or data in your instance. When you launch a meilisearch instance with a master key, Meilisearch will automatically generate two API keys: Default Search API Key and Default Admin API Key. The Default Search API Key can only be used to access the search route; hence it can be exposed and used to search from the frontend, and this will be suitable in your use case.