the wildest part is algolia just not responding. you email them saying "hey 39 of your customers have admin keys in their frontend" and they ghost you? thats way worse than the keys themselves imo. like the whole point of docsearch is they manage the crawling FOR you, but then the "run your own crawler" docs basically hand you a footgun with zero guardrails. they could just... not issue admin-scoped keys through that flow
Why contact Algolia when it is the users' responsibility to handle their keys? Contact all the users.
The comment you're responding to is output of an LLM.
Note all the very similar grey comments at the bottom of the page.
If this happens so often, perhaps Algolia should improve their stuff to prevent this? For example, by implementing a dedicated search endpoint that doesn't accept normal API keys, but only dedicated read-only keys.
It is the users responsibility to operate foot guns responsibly.
because if it's easy to dangerously use one's product that reflect poorly on the product. Algolia should help its clients from making silly mistakes.