Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: DOC-1433


You can generate search tokens in server-side code by using a certain REST call exposed through the Coveo Cloud V2 Platform (see Requesting a Search Token).

Typically, you will want to use search token authentication when your search page users are authenticated and some -or all- of your indexed content is secured. Each user then transparently gets a unique search token, allowing the search interface to securely return only items which the user has the right to see (see Sample Usage Workflow).

Sample Usage Workflow

Here is a typical workflow demonstrating the use of search tokens.

  1. A user requests a search page from a web server.
  2. The web server executes server-side code that eventually renders the HTML response (PHP, ASP.NET, etc.).
  3. Server-side code authenticates the user who is making the request.
  4. Server-side code sends a REST request to the Coveo Cloud V2 Platform to get a search token for the user it has authenticated (see Requesting a Search Token). 
  5. The resulting token is used to generate the JavaScript code that initializes the Coveo JavaScript Search Framework in the resulting page (see JavaScript Search Framework Home). 
  6. The server sends the generated HTML to the client.
  7. The JavaScript code initializes the search page and executes the first query, using the provided search token.
  8. The Coveo Cloud V2 Platform executes the query as the user that was previously authenticated by server-side code.
  9. Results are displayed to the user.


Code Block
titleA search token creation call in which you only specify the required values
POST https:/rest/search/token HTTP/1.1
Content-Type: application/json
Bearer MyOAuth2Token

  "userIds": [
      "name": "",
      "provider": "Email Security Provider"