SearchJetEngine

API Key Setup

# API Key Setup Complete guide to obtaining, configuring, and securing your SearchJet API keys across all supported platforms. --- ## Getting Your API Key ### Step 1: Create an Account Sign up at [app.searchjetengine.com](https://app.searchjetengine.com) if you haven't already. ### Step 2: Create a Site Navigate to **Dashboard > Sites** and click **Create Site**. Enter your site name and URL. ### Step 3: Generate an API Key 1. Go to **Settings > API Keys** 2. Click **Generate Key** 3. Select the key type (see below) 4. Name your key for identification 5. Copy and save the key immediately — it will not be shown again --- ## Key Types Explained SearchJet uses three key types with different permission levels: | Prefix | Type | Permissions | Use Case | |--------|------|-------------|----------| | `sj_pub_` | Public | Search only | Client-side JavaScript, embedded search | | `sj_prv_` | Private | Full access | Server-side code, indexing, admin operations | | `sj_srch_` | Search | Search only (optimized) | High-volume search endpoints | ### When to Use Each Key **Public Key (`sj_pub_`)** Use in browser-based applications where the key is visible to users. Safe to include in HTML/JavaScript that runs in the client. ```javascript // Safe in browser code const client = new SearchJet({ apiKey: 'sj_pub_xxxxxxxxxxxxxxxx', siteId: 'site_abc' }); ``` **Private Key (`sj_prv_`)** Use only in server-side code, build scripts, or backend services. Never expose in client-side code or version control. ```python # Server-side only client = SearchJetClient( api_key="sj_prv_xxxxxxxxxxxxxxxx", site_id="site_abc" ) ``` **Search Key (`sj_srch_`)** Optimized for read-only search operations. Slightly faster than public keys for search-only workloads. Use in server-side search applications. --- ## Platform Setup Guides ### WordPress Setup 1. Install the SearchJet plugin 2. Go to **Settings > SearchJet** 3. Enter your **Public API Key** (`sj_pub_`) for client-side search 4. Enter your **Site ID** from the SearchJet dashboard 5. Save changes ```php // In wp-config.php or theme functions.php define('SEARCHJET_API_KEY', 'sj_pub_xxxxxxxxxxxxxxxx'); define('SEARCHJET_SITE_ID', 'site_abc'); ``` ### WooCommerce Setup SearchJet enhances WooCommerce product search. Configure in WooCommerce settings: 1. Install the SearchJet WooCommerce extension 2. Go to **WooCommerce > Settings > SearchJet** 3. Enter your API key and Site ID 4. Enable product indexing 5. Map WooCommerce fields to SearchJet fields ```php // WooCommerce integration in functions.php add_filter('searchjet_index_fields', function($fields) { $fields['price'] = 'price'; $fields['category'] = 'product_cat'; $fields['sku'] = '_sku'; $fields['in_stock'] = '_stock_status'; return $fields; }); ``` ### Laravel Setup ```bash composer require searchjet/laravel php artisan vendor:publish --provider="SearchJet\SearchJetServiceProvider" --tag="config" ``` Add to `.env`: ``` SEARCHJET_API_KEY=sj_prv_xxxxxxxxxxxxxxxx SEARCHJET_SITE_ID=site_abc SEARCHJET_BASE_URL=https://app.searchjetengine.com ``` ### JavaScript / Node.js Setup **Browser (client-side):** ```bash npm install searchjet-connect ``` ```javascript import SearchJet from 'searchjet-connect'; const client = new SearchJet({ apiKey: 'sj_pub_xxxxxxxxxxxxxxxx', // Public key for browser siteId: 'site_abc' }); ``` **Node.js (server-side):** ```bash npm install searchjet-connect ``` ```javascript import SearchJet from 'searchjet-connect'; const client = new SearchJet({ apiKey: 'sj_prv_xxxxxxxxxxxxxxxx', // Private key for server siteId: 'site_abc' }); ``` ### Python Setup ```bash pip install searchjet-python ``` ```python import os from searchjet import SearchJetClient # Option 1: Direct initialization client = SearchJetClient( api_key=os.environ.get("SEARCHJET_API_KEY"), site_id=os.environ.get("SEARCHJET_SITE_ID") ) # Option 2: From environment variables (auto-detected) # Set SEARCHJET_API_KEY and SEARCHJET_SITE_ID env vars client = SearchJetClient.from_env() ``` ### Shopify Setup 1. Install the SearchJet app from the Shopify App Store 2. Authorize the app in your Shopify admin 3. The app auto-configures with your store's product data 4. Customize search settings in the app dashboard ```liquid {% if app.searchjet %} {{ app.searchjet.render_search }} {% endif %} ``` --- ## Environment Variables Keep keys out of your codebase. Use environment variables: ```bash # .env file (never commit this) SEARCHJET_API_KEY=sj_prv_xxxxxxxxxxxxxxxx SEARCHJET_SITE_ID=site_abc ``` ```bash # Load in shell export SEARCHJET_API_KEY="sj_prv_xxxxxxxxxxxxxxxx" export SEARCHJET_SITE_ID="site_abc" ``` --- ## Security Best Practices ### 1. Never Expose Private Keys Private keys (`sj_prv_`) must never appear in: - Client-side JavaScript - HTML source code - Version control (Git) - Log files - Public documentation ### 2. Use Environment Variables Always load keys from environment variables, not hardcoded strings: ```python # Bad client = SearchJetClient(api_key="sj_prv_xxxxxxxxxxxxxxxx") # Good client = SearchJetClient(api_key=os.environ["SEARCHJET_API_KEY"]) ``` ### 3. Add to .gitignore ```gitignore .env .env.local .env.production ``` ### 4. Rotate Keys Regularly Generate new keys and revoke old ones periodically: 1. Generate a new key in **Settings > API Keys** 2. Update your application with the new key 3. Test that everything works 4. Revoke the old key ### 5. Use最小权限原则 - Use public keys for client-side search - Use search keys for server-side search - Use private keys only for admin operations - Restrict key permissions to specific sites when possible ### 6. Monitor Key Usage Check **Settings > API Keys > Usage** to monitor for unusual activity. Set up alerts for unexpected spikes in usage. ### 7. Revoke Unused Keys If a key is compromised or no longer needed, revoke it immediately. Go to **Settings > API Keys** and click **Revoke**. --- ## Key Rotation Checklist - [ ] Generate new key in dashboard - [ ] Update all applications using the old key - [ ] Test search functionality with new key - [ ] Test indexing functionality with new key - [ ] Verify no errors in application logs - [ ] Revoke old key --- ## Troubleshooting ### "Unauthorized" Error - Verify the API key is correct (no extra spaces or characters) - Check that you're using the right key type for the operation - Ensure the key has not been revoked ### "Forbidden" Error - Public keys cannot perform admin operations - Check that the key has access to the requested site - Verify key permissions in the dashboard ### Key Not Working 1. Copy the key again from the dashboard 2. Check for invisible characters or line breaks 3. Verify the environment variable is loaded correctly 4. Test with a direct API call using cURL ```bash curl -H "Authorization: Bearer sj_pub_xxxxxxxxxxxxxxxx" \ "https://app.searchjetengine.com/api/v1/search?q=test&site_id=site_abc" ``` --- ## See Also - [API Documentation](/docs/api-documentation) — Full API reference - [Error Handling](/docs/error-handling) — Error codes and handling - [SDK Reference](/docs/sdk-reference) — Client library documentation