Protected and unprotected Meilisearch projects

This article explains the differences between protected and unprotected Meilisearch projects and instances.

Protected projects

In protected projects, all Meilisearch API routes and endpoints can only be accessed by requests bearing an API key. The only exception to this rule is the /health endpoint, which may still be queried with unauthorized requests. Meilisearch Cloud projects are protected by default. Self-hosted instances are only protected if you launch them with a master key. Consult the basic security tutorial for instructions on how to communicate with protected projects.

Unprotected projects

In unprotected projects and self-hosted instances, any user may access any API endpoint. Never leave a publicly accessible instance unprotected. Only use unprotected instances in safe development environments. Meilisearch Cloud projects are always protected. Meilisearch self-hosted instances are unprotected by default.

Getting started

AI-powered search

Conversational search

Self-hosted

Analytics

Teams

Tasks and asynchronous operations

Configuration

Filtering and sorting

Security and permissions

Multi-search

Update and migration

Data backup

Indexing

Engine

Relevancy

Resources

Protected and unprotected Meilisearch projects

Protected projects

Unprotected projects

Getting started

AI-powered search

Conversational search

Self-hosted

Analytics

Teams

Tasks and asynchronous operations

Configuration

Filtering and sorting

Security and permissions

Multi-search

Update and migration

Data backup

Indexing

Engine

Relevancy

Resources

​Protected projects

​Unprotected projects

Protected projects

Unprotected projects