Introducing AI-Powered Smart Match Assist for Site Search - Reduce the Impact of No Result Searches | LEARN MORE
March 07, 2023
Pete Navarra
|
We are announcing that SearchStax Site Search now supports Token Authentication when using the Search APIs in the product. This update improves overall security over search and includes a feature that makes it simple to manage and rotate your tokens.
The latest versions of SearchStax Sitecore Module and SearchStax Drupal Module also support the Token Authentication feature.
Token Authentication is a method of security authentication that uses a token, or a piece of data, to authenticate a request or user instead of a traditional username and password. By using a token that contains unique identifiers and a digital signature, Token Authentication adds an additional layer of security by requiring validation of a token to ensure that a request is coming from a verified user or source.
For Studio, we use a cryptographically secure 20-byte token consisting of a random string of letters and numbers and pass that string through the API query string. This string will still be visible to browsers and clients, and capable of being reused. For this reason, it is important that you still have read only keys that are used for the front end, and backend administration keys are kept safe.
The benefit of using Token Authentication though is that there is no way to potentially guess what the admin token might be, even if you found the admin API endpoint. This adds an extra layer of security complexity and removes the need for the marketer or developer to come up with their own pass phrases.
One of the primary best practices when using Token Authentication is to regularly cycle your token keys with new keys on a rotating schedule.
Even if keys are exposed or get out into the wild, changing your Token Authentication keys regularly will invalidate the old keys. SearchStax Studio provides functionality to specify a number of keys that can be activated or deactivated as needed.
For more information on implementing, managing and rotating tokens, refer to our product documentation on Search APIs and Token Authentication.
Token authentication is a method of authentication that uses a token, or a piece of data, to authenticate a user or request instead of a traditional username and password.
Basic Authentication is a method of user authentication in which the user’s credentials, typically a username and password, are transmitted in encoded base 64 format over the network. It is a widely used authentication mechanism for accessing web-based resources, such as websites and web services.
Token Authentication uses a more secure and scalable method of authentication than the username and password security in Basic Authentication. While Basic Authentication is simple to implement, it is not considered as secure as Token Authentication because the credentials are transmitted in plain text and can be intercepted and read by third parties.
SearchStax Site Search is a powerful and easy search solution that gives marketers full control over the entire site search experience — and the insights to know what’s working (and what isn’t). Schedule a Demo to see the power of SearchStax Studio for yourself or Contact Us to speak with one of our search experts.
The Stack is delivered bi-monthly with industry trends, insights, products and more
Copyrights © SearchStax Inc.2014-2024. All Rights Reserved.
SearchStax Site Search solution is engineered to give marketers the agility they need to optimize site search outcomes. Get full visibility into search analytics and make real-time changes with one click.
close
SearchStax Managed Search service automates, manages and scales hosted Solr infrastructure in public or private clouds. Free up developers for value-added tasks and reduce costs with fewer incidents.
close
close