API Key Setup
# API Key Setup
Complete guide to obtaining, configuring, and securing your SearchJet API keys across all supported platforms.
---
## Getting Your API Key
### Step 1: Create an Account
Sign up at [app.searchjetengine.com](https://app.searchjetengine.com) if you haven't already.
### Step 2: Create a Site
Navigate to **Dashboard > Sites** and click **Create Site**. Enter your site name and URL.
### Step 3: Generate an API Key
1. Go to **Settings > API Keys**
2. Click **Generate Key**
3. Select the key type (see below)
4. Name your key for identification
5. Copy and save the key immediately — it will not be shown again
---
## Key Types Explained
SearchJet uses three key types with different permission levels:
| Prefix | Type | Permissions | Use Case |
|--------|------|-------------|----------|
| `sj_pub_` | Public | Search only | Client-side JavaScript, embedded search |
| `sj_prv_` | Private | Full access | Server-side code, indexing, admin operations |
| `sj_srch_` | Search | Search only (optimized) | High-volume search endpoints |
### When to Use Each Key
**Public Key (`sj_pub_`)**
Use in browser-based applications where the key is visible to users. Safe to include in HTML/JavaScript that runs in the client.
```javascript
// Safe in browser code
const client = new SearchJet({
apiKey: 'sj_pub_xxxxxxxxxxxxxxxx',
siteId: 'site_abc'
});
```
**Private Key (`sj_prv_`)**
Use only in server-side code, build scripts, or backend services. Never expose in client-side code or version control.
```python
# Server-side only
client = SearchJetClient(
api_key="sj_prv_xxxxxxxxxxxxxxxx",
site_id="site_abc"
)
```
**Search Key (`sj_srch_`)**
Optimized for read-only search operations. Slightly faster than public keys for search-only workloads. Use in server-side search applications.
---
## Platform Setup Guides
### WordPress Setup
1. Install the SearchJet plugin
2. Go to **Settings > SearchJet**
3. Enter your **Public API Key** (`sj_pub_`) for client-side search
4. Enter your **Site ID** from the SearchJet dashboard
5. Save changes
```php
// In wp-config.php or theme functions.php
define('SEARCHJET_API_KEY', 'sj_pub_xxxxxxxxxxxxxxxx');
define('SEARCHJET_SITE_ID', 'site_abc');
```
### WooCommerce Setup
SearchJet enhances WooCommerce product search. Configure in WooCommerce settings:
1. Install the SearchJet WooCommerce extension
2. Go to **WooCommerce > Settings > SearchJet**
3. Enter your API key and Site ID
4. Enable product indexing
5. Map WooCommerce fields to SearchJet fields
```php
// WooCommerce integration in functions.php
add_filter('searchjet_index_fields', function($fields) {
$fields['price'] = 'price';
$fields['category'] = 'product_cat';
$fields['sku'] = '_sku';
$fields['in_stock'] = '_stock_status';
return $fields;
});
```
### Laravel Setup
```bash
composer require searchjet/laravel
php artisan vendor:publish --provider="SearchJet\SearchJetServiceProvider" --tag="config"
```
Add to `.env`:
```
SEARCHJET_API_KEY=sj_prv_xxxxxxxxxxxxxxxx
SEARCHJET_SITE_ID=site_abc
SEARCHJET_BASE_URL=https://app.searchjetengine.com
```
### JavaScript / Node.js Setup
**Browser (client-side):**
```bash
npm install searchjet-connect
```
```javascript
import SearchJet from 'searchjet-connect';
const client = new SearchJet({
apiKey: 'sj_pub_xxxxxxxxxxxxxxxx', // Public key for browser
siteId: 'site_abc'
});
```
**Node.js (server-side):**
```bash
npm install searchjet-connect
```
```javascript
import SearchJet from 'searchjet-connect';
const client = new SearchJet({
apiKey: 'sj_prv_xxxxxxxxxxxxxxxx', // Private key for server
siteId: 'site_abc'
});
```
### Python Setup
```bash
pip install searchjet-python
```
```python
import os
from searchjet import SearchJetClient
# Option 1: Direct initialization
client = SearchJetClient(
api_key=os.environ.get("SEARCHJET_API_KEY"),
site_id=os.environ.get("SEARCHJET_SITE_ID")
)
# Option 2: From environment variables (auto-detected)
# Set SEARCHJET_API_KEY and SEARCHJET_SITE_ID env vars
client = SearchJetClient.from_env()
```
### Shopify Setup
1. Install the SearchJet app from the Shopify App Store
2. Authorize the app in your Shopify admin
3. The app auto-configures with your store's product data
4. Customize search settings in the app dashboard
```liquid
{% if app.searchjet %}
{{ app.searchjet.render_search }}
{% endif %}
```
---
## Environment Variables
Keep keys out of your codebase. Use environment variables:
```bash
# .env file (never commit this)
SEARCHJET_API_KEY=sj_prv_xxxxxxxxxxxxxxxx
SEARCHJET_SITE_ID=site_abc
```
```bash
# Load in shell
export SEARCHJET_API_KEY="sj_prv_xxxxxxxxxxxxxxxx"
export SEARCHJET_SITE_ID="site_abc"
```
---
## Security Best Practices
### 1. Never Expose Private Keys
Private keys (`sj_prv_`) must never appear in:
- Client-side JavaScript
- HTML source code
- Version control (Git)
- Log files
- Public documentation
### 2. Use Environment Variables
Always load keys from environment variables, not hardcoded strings:
```python
# Bad
client = SearchJetClient(api_key="sj_prv_xxxxxxxxxxxxxxxx")
# Good
client = SearchJetClient(api_key=os.environ["SEARCHJET_API_KEY"])
```
### 3. Add to .gitignore
```gitignore
.env
.env.local
.env.production
```
### 4. Rotate Keys Regularly
Generate new keys and revoke old ones periodically:
1. Generate a new key in **Settings > API Keys**
2. Update your application with the new key
3. Test that everything works
4. Revoke the old key
### 5. Use最小权限原则
- Use public keys for client-side search
- Use search keys for server-side search
- Use private keys only for admin operations
- Restrict key permissions to specific sites when possible
### 6. Monitor Key Usage
Check **Settings > API Keys > Usage** to monitor for unusual activity. Set up alerts for unexpected spikes in usage.
### 7. Revoke Unused Keys
If a key is compromised or no longer needed, revoke it immediately. Go to **Settings > API Keys** and click **Revoke**.
---
## Key Rotation Checklist
- [ ] Generate new key in dashboard
- [ ] Update all applications using the old key
- [ ] Test search functionality with new key
- [ ] Test indexing functionality with new key
- [ ] Verify no errors in application logs
- [ ] Revoke old key
---
## Troubleshooting
### "Unauthorized" Error
- Verify the API key is correct (no extra spaces or characters)
- Check that you're using the right key type for the operation
- Ensure the key has not been revoked
### "Forbidden" Error
- Public keys cannot perform admin operations
- Check that the key has access to the requested site
- Verify key permissions in the dashboard
### Key Not Working
1. Copy the key again from the dashboard
2. Check for invisible characters or line breaks
3. Verify the environment variable is loaded correctly
4. Test with a direct API call using cURL
```bash
curl -H "Authorization: Bearer sj_pub_xxxxxxxxxxxxxxxx" \
"https://app.searchjetengine.com/api/v1/search?q=test&site_id=site_abc"
```
---
## See Also
- [API Documentation](/docs/api-documentation) — Full API reference
- [Error Handling](/docs/error-handling) — Error codes and handling
- [SDK Reference](/docs/sdk-reference) — Client library documentation