/Blog

Online Security·5 min read

Secure storage of Algolia credentials in VITRi

An avatar of Ethan Brooks, software engineer

By Ethan Brooks

Primary colors of VITRi in geometric shapes

At VITRi, we take the security and privacy of our users' data very seriously. We understand how crucial it is to protect sensitive information, such as credentials for services like Algolia, which allow us to offer powerful search and filtering features in your store. In this article, we will explain how we store and protect your Algolia credentials, as well as how we use them to ensure that your experience on the platform is fast and secure.

Why do we protect Algolia credentials?

Algolia credentials are key to interacting with its API, as they allow us to manage search, filtering, and sorting of products in your store. Since these credentials are essential for interacting with Algolia's search service, it is crucial that they are protected to prevent unauthorized access and maintain the integrity of your store. At VITRi, we implement advanced security measures to ensure that your data is always protected.

The secure storage process

AES-256 encryption (GCM)

The first step we take to protect your Algolia credentials is to encrypt them before storing them. We use the AES-256 (GCM) encryption algorithm, one of the most secure and advanced in the industry. AES (Advanced Encryption Standard) is a symmetric encryption algorithm that uses a 256-bit key, making it resistant to brute-force attacks.

The GCM mode (Galois/Counter Mode) provides both confidentiality and integrity of the encrypted data, meaning that we not only protect the credentials against unauthorized access, but we also ensure that the data has not been altered in any way during storage or transmission.

Encryption at rest with MongoDB

Once encrypted, the credentials are stored in MongoDB, our trusted database. MongoDB also implements encryption at rest, meaning that data stored on disk is additionally protected. If someone had physical access to the server where the data is stored, they would not be able to read the credentials without the correct decryption key.

Credential storage structure

Algolia credentials are stored in a way that makes them easily accessible to the system, but always protected with the aforementioned encryption. Here's how they are stored in our database:

# apikeys
{
  "_id": {
    "$oid": "670f018967c666618e4771f9"
  },
  "owner": "example@example.com",
  "__v": 0,
  "algolia": {
    "adminId": "coFfRYlUR79SWUiE8pvgiSfAJI0pP1vWv5SW1VyxfuDb3+Ny/VvdrjhA/fvOjYrXbdH/CPCPMyMUaq5+",
    "appId": "7rX8mpuEWYBIdOr8DH86iYCmiU9F3V9W+R2fSIbK6s8OKTrONR0=",
    "searchId": "apBdBuSgiuITIiAsozym4R3Q6YLgdNaeK8Lnc0ojTfAawGt24RWlYNClFlr2De6P9r52oJJwfB9XCn14"
  },
  "createdAt": {
    "$date": "2024-10-15T23:58:01.564Z"
  },
  "updatedAt": {
    "$date": "2024-10-15T23:58:01.564Z"
  }
}


As you can see, the credentials are associated with their owner (in this case, the 'owner' field), which ensures that only the authorized user can access their own credentials.

How do we use Algolia credentials?

Once the credentials are securely stored, we use them to provide key functionalities in VITRi. Here's how:

1. Index creation in Algolia

Algolia credentials are required to create indexes in their system. In VITRi, we create three essential indexes to organize the products in your store:

  • products: This index contains all the products you add to your catalog. It is the main index used for searches.
  • products_price_desc: This index organizes the products by price in descending order, allowing buyers to see the most expensive products first.
  • products_price_asc: This index organizes the products by price in ascending order, making it easier to search for more affordable products.

2. Creation of facets

Facets are filters that buyers can use to refine their search. VITRi uses Algolia credentials to create 9 different facets, which help organize and filter the products in your store. These are the facets we implement:

  • category.en: Allows filtering products by category in English.
  • category.es: Allows filtering products by category in Spanish.
  • category.types.en: Filters products by category type in English.
  • category.types.es: Filters products by category type in Spanish.
  • creator.email: Allows filtering products by the email of the product creator
  • state: Filters products by their condition (new, used, etc.).
  • variants.color: Filters products by the color of their variants.
  • variants.createdAt: Filters products by the creation date of their variants
  • variants.discount: Filters products by applied discount.
  • variants.price.value: Filters products by the price value of their variants.

These filters make it easier for buyers to find exactly what they are looking for, enhancing their shopping experience.

3. Creation of hits (products)

Algolia credentials are also used to create hits, that is, the products in your catalog. These products will appear in the search results and will be available to the buyers in your store.

4. Updating, reading, and deleting products (hits)

In addition to creating new products, Algolia credentials allow us to read, update, and delete products in your store. Without these credentials, we wouldn't be able to provide you with the ability to manage your product inventory efficiently.

Use of credentials: Only on demand

It is important to note that VITRi only uses Algolia credentials when users interact with your store. In other words, the credentials are used in real-time, based on the traffic generated by your store. We do not add additional charges to your Algolia account for the use of these credentials.

It is important to understand that Algolia charges on demand, meaning the cost of services is based on the traffic generated by your store's users. If your store has more visitors or more searches, the traffic generated by those users will be directly reflected in the Algolia dashboard, where you can view usage metrics and traffic for your store.



A boy with a cat on his shoulders, holding a ball and asking questions.

Why is credential security important?

Credential security is essential to provide an uninterrupted shopping experience. If your credentials were not protected, they could be leaked, allowing unauthorized access to your Algolia account and your store's products. By ensuring that the credentials are always protected, we guarantee that only you and your buyers can interact with the products in your store.

Total control over your credentials

At VITRi, we do not back up your credentials. This means that you are the sole responsible party for managing them. If at any point you suspect that your credentials are being misused, you can easily delete them from your Algolia dashboard.

By deleting the credentials, we ensure that your data and products cannot be accessed unauthorizedly, giving you total control over your store's security.

Stay on Top of New Tools, Frameworks, and More

Research shows that we learn better by doing. Dive into a monthly tutorial with the Optimized Dev Newsletter that helps you decide which new web dev tools are worth adding to your stack.

    We use cookies to improve your experience on our website. By browsing this website, you agree to our use of cookies.  Learn more