Gravatar for gminero@coveo.com

Question by gminero, Jan 13, 2016 1:15 PM

How to create a public Search interface with Coveo Cloud and the Javascript API.

This example is from the Javascript V1.0 samples.

How do I output my SOURCE in these examples.

// Use this code to use a cloud index 
Coveo.SearchEndpoint.configureCloudEndpoint('ORG'); 

I want to be able to query on my sources from a public site where the user DOES NOT have to authenticate

This is how I am attempting to get my token:

<!doctype html>
<html>
  <head>
    <meta charset="UTF-8">
    <title>Coveo Access Token</title>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>
  </head>

  <body>
    <?php
      header("Access-Control-Allow-Origin: *");
    ?>

    <script type="text/javascript">
      // var dataString = '{userIdentities: [{"name": "USERNAME","password":"PASSWORD", "provider": "Email Security Provider",type: "User"}]}';
      var dataString = '{ "userIds": [{ "name": "USERNAME", "provider": "Email Security Provider" }] }';
      $.ajax({
        type: "POST",
        url: "https://cloudplatform.coveo.com/rest/search/token",
        datatype: "json",
        data: dataString,
        success: function(data) {
          alert(data);
        },
        error: function(data) {
          alert("Something went wrong");
        }
      });
    </script>
  </body>
</html>

This is how I am attempting to get my Token.

But this is not working.

Gravatar for gminero@coveo.com

Comment by gminero, Jan 13, 2016 1:17 PM

This appears to be the response I am getting

{
  statusCode: 412,
  message: "The organization ORG is not available to the authenticated user.",
  type: "InvalidWorkgroupException",
  executionReport: {
    type: "RootReport",
    description: "",
    childs: [ ]
  }
}
1 Reply
Gravatar for mlaporte@coveo.com

Answer by Martin Laporte, Jan 14, 2016 8:48 AM

It looks like you are trying to request a search token. This is really only ever done in backend code, including credentials with the rights to generate search tokens in an html page sent to the client kinda defeats the whole purpose of search tokens.

If you need to implement anonymous search on top of a Cloud organization your best bet is to create an API key that can only execute queries and then include this token into your page. But using a search token is probably a better practice, so if you have access to running code in some kind of backend the best way would be to have the logic for generating the search token done there and then put only the resulting token in the generated HTML.

Ask a question