Initialize the Coveo Analytics JavaScript

Initialize the Script

You must include the following script tag to load the library into your page.

a='coveoua';c[a]=c[a]||function(){(c[a].q=c[a].q|| []).push(arguments)};
coveoua('init', <COVEO_API_KEY>);

The COVEO_API_KEY parameter must be replaced with an API Key or a search token with the Push access level on the Analytics Data domain and the Allowed access level on the Impersonate domain.


Ensure you use the Impersonate domain in the Analytics service, linked above. Don’t use the Impersonate domain in the Search Service as it will allow users to send queries under any identity.

Coveo UA Alternate Endpoints

To log usage analytic events for an organization, ensure that you set the Coveo endpoint option of your desired Analytics component. Otherwise, the default production endpoint prod-us will be used.

When initializing the library you will need to specify the Coveo endpoint for your region coveoua('init', <COVEO_API_KEY>, <ENDPOINT>)

Coveo Cloud Endpoint

prod-us (US - default)

prod-eu (Europe)

prod-au (Australia)


User Authentication

Use the userId Field With an API Key

Provided that the API key has the necessary privileges, use the userId field to log user identities. Setting a value in the userId field, such as will log the event under that specific identity. Leaving the userId field empty will log the event under an anonymous identity.

Use a Search Token

An alternate method for authentication would be to use a search token when impersonating users, since a search token is temporary and encrypted.

The search token is used during the initialization of the script. Replace the COVEO_API_KEY value specified in the Initialize the Script section.

The userId field is ignored at all times when using a search token, since Coveo will instead extract the user from the search token itself.

When creating the token, use the following payload for an unauthenticated user:

    "userIds": [
            "name": "anonymous",
            "provider": "Email Security Provider",
            "type" : "User"

Use a payload similar to what follows for an authenticated user (replace with the actual email of the user for whom you are requesting a search token):

   "userIds": [
       "name": "",
       "provider": "Email Security Provider",
       "type": "User"

Every Coveo organization comes with a Email Security Provider. Hence, the above examples will be compatible by default. If you are using a custom security identity provider, set the provider parameter to the name of that provider instead.

What's Next for Me?