You can generate search tokens in server-side code by using a certain REST call exposed through the Coveo Cloud V2 Platform (see Requesting a Search Token).
Typically, you will want to use search token authentication when your search page users are authenticated and some -or all- of your indexed content is secured. Each user then transparently gets a unique search token, allowing the search interface to securely return only items which the user has the right to see (see Sample Usage Workflow).
Sample Usage Workflow
Here is a typical workflow demonstrating the use of search tokens.
- A user requests a search page from a web server.
- The web server executes server-side code that eventually renders the HTML response (PHP, ASP.NET, etc.).
- Server-side code authenticates the user who is making the request.
- Server-side code sends a REST request to the Coveo Cloud V2 Platform to get a search token for the user it has authenticated (see Requesting a Search Token).
- The server sends the generated HTML to the client.
- The Coveo Cloud V2 Platform executes the query as the user that was previously authenticated by server-side code.
- Results are displayed to the user.