Securing the Search API Analytics Endpoint
The endpoint is exposed through http not https which in our production environment where the site is served through https the browser blocks the call to the endpoint. Based on this it seems like we can enable the endpoint to be https, but is there a way to set the certificate without having the password in plain text in the config.yml?
Right now if you want to use the SSL from the endpoint directly there is no way to specify the password other than in the
config.yml file, sorry.
Another option that is pretty common especially when dealing with "external" web sites is to setup a reverse proxy inside the main site (running IIS in your case I guess). In short you arrange for all requests under a path of your choosing (say /coveoanalytics) to be forwarded to the backend using HTTP. Then you change your search page to use this endpoint instead.