Gravatar for

Question by newcoveouser, Oct 23, 2015 11:27 AM

localhost8080 rest search api -- how to configure secret key?

I have a c# program that is making calls to my local host rest search api. It was working before we tried to set up authentication.

In my config.yml I have included:

  sharedKey: a0534332f0934064a7124a79a97c9227

at the bottom. I have tried to add information to the applications section below but i have to delete it in order to get my service to restart and actually run

In the Coveo Coveo.SearchProvider.Rest.conig I changed the Application Secret to:


so now when I call this url i dont get back my JSON anymore:


I get an error:

"statusCode" : 403,
  "message" : "Invalid token",
  "type" : "InvalidTokenException"

the c# for my program is getting the data back from the rest search using a HttpRequest. Any help would be appreciated! Thanks!

1 Reply
Gravatar for

Answer by Jean-François L'Heureux, Oct 23, 2015 11:42 AM

The Coveo.SearchProvider.Rest.config file <ApplicationSecret> element value must match a config.yml application secret instead of the sharedKey token. In your case, your config.yml file should contain the following in order to work from Sitecore:

  - name: Sample Application
    secret: a0534332f0934064a7124a79a97c9227
    allowImpersonate: true

For your C# program, I think the problem is you included dashes in your access_token URL query string attribute value but no dashes in the sharedKey token in the config.yml file.

Gravatar for

Comment by newcoveouser, Oct 23, 2015 11:49 AM

Thanks for replying. I deleted sharedKey from my config yml and added

  - name: Atlas
    secret: a0534332f0934064a7124a79a97c9227
    allowImpersonate: true

is this the correct way to do this if my coveo index is named Atlas?

is access_token the correct parameter to pass in my URL? at the moment my service is running but the URL query is still returning an invalid token error


Gravatar for

Comment by Jean-François L'Heureux, Oct 23, 2015 11:57 AM


You need both sharedKey AND application secret for the Coveo Search API to work correctly. Values should be different for both. It will be easier.

Coveo for Sitecore uses the application secret.

The access_token query string parameter should be used to pass a "search token" (see Search Token Authentication). I don't think it is meant to pass a sharedKey token. I would recommend you to read this documentation topic on on-premise Coveo Search API search token authentication to get more information:

Ask a question