Securing The API Token In Your Coveo Search Hub

Setting Up Your Coveo Search Hub

In a previous article, we talked about ways of configuring your Coveo Search Hub. One of those ways involved updating the Search Token itself, albeit through code (if not done by the platform you're using, e.g. Salesforce). Obviously that is the recommended approach as not only does it set the Search Hub, but it restricts what content is returned - which is the goal here.

To ensure you had all options at your disposal, I wanted to show you yet another way of securing your results. Most importantly, ensuring only the results that return are the ones you want to return. Now obviously, setting your Search Hub value in the other ways will ensure the right Query Pipeline is run.

But if I had malicious intent, I could just remove it and get the default query pipeline.

So let's explore this a bit further and I can show you a few things and highlight some ways of ensuring your content is secure.

Configuring The API Token

If you open up your Platform Admin and navigate to the API Keys area within the left-hand navigation.

From the list displayed, choose the API Key you're working with, or if need be, create one.

On the next page, navigate to Privileges followed by Search.

Screenshot of editing the privileges in an API key in Coveo

Once there, you'll notice at the bottom there is a Limit the API Key Scope. Clicking in the drop down, you can enter a Filter

Screenshot of the Limit the API Key Scope dialog box in the Coveo search hub

Clicking Create the "***" search hub will then restrict this API Key from being used in other Search Hubs. This will then prevent potentially malicious people from doing queries and trying to get data outside of the intended result.

You'll want to ensure that this search hub value matches the one you enter on your search page.

What It Doesn't Do

Something to note, as we did in the previous article as well, is that the Search Hub needs to be designated in the query / CoveoAnalytics component. Without that, the first query itself, will show a Search Hub value of either null or default.

Screenshot of the source code of the Coveo Search Hub backend

If you're using Coveo Atomic a data-search-hub value is actually required as part of setup so this isn't an issue, but for a basic Search UI you'll want to force it and it's just recommended by Coveo to use the CoveoAnalytics component to do so.

Happy secure searching!

👋 Hey Sitecore Enthusiasts!

Sign up to our bi-weekly newsletter for a bite-sized curation of valuable insight from the Sitecore community.

What’s in it for you?

  • Stay up-to-date with the latest Sitecore news
  • New to Sitecore? Learn tips and tricks to help you navigate this powerful tool
  • Sitecore pro? Expand your skill set and discover troubleshooting tips
  • Browse open careers and opportunities
  • Get a chance to be featured in upcoming editions
  • Learn our secret handshake
  • And more!
Sitecore Snack a newsletter by Fishtank Consulting

Meet David Austin

Development Team Lead | Sitecore Technology MVP x 3


David is a decorated Development Team Lead with Sitecore Technology MVP and Coveo MVP awards, as well as Sitecore CDP & Personalize Certified. He's worked in IT for 25 years; everything ranging from Developer to Business Analyst to Group Lead helping manage everything from Intranet and Internet sites to facility management and application support. David is a dedicated family man who loves to spend time with his girls. He's also an avid photographer and loves to explore new places.

Connect with David