Safely apply content filtering

This is for:

Developer System Administrator

When you configure your Zendesk source, we recommend that you enforce content security in order to ensure that your indexed items are only accessible by the intended users. The Same users and groups as in your content system option replicates the original permission system of your organization, which means that users only see the intended content in Zendesk when obtaining search results from a Coveo index.

However, there may be occasions where you must configure your Zendesk source so that it’s accessible to Everyone. When this occurs, we recommend specific guidelines to ensure that your content is safely filtered. Depending on your integration type, the methods will differ since Zendesk Support and Zendesk Guide use different methods to authenticate requests.

Apply Content Filtering for Zendesk Support

When using the Zendesk Support integration, the searchhub value corresponding to the search interface is already enforced in the server-side generated JWT token. Therefore, when the content is available to Everyone, we recommend the following steps to ensure that your content is only accessible by the intended users:

  1. Configure query filters in the query pipeline linked to the corresponding search interface.

  2. Use the proper query pipeline routing mechanism.

    This ensures that queries originating from a specific search interface are routed to the appropriate query pipeline.

Apply Content Filtering for Zendesk Guide

When using the Zendesk Guide integration, an aspect to take into consideration is that it uses an API key rather than a search token to implement the Coveo search box. Therefore, when the content is available to Everyone, it’s important to limit the scope of the API key in order to ensure that your content is only accessible by the intended users.

We recommend the following steps to safely filter content from your source:

  1. Configure query filters in the query pipeline linked to the corresponding search interface.

  2. Use the proper query pipeline routing mechanism.

    This ensures that queries originating from a specific search interface are routed to the appropriate query pipeline.

  3. Configure the API key by enforcing a searchHub value corresponding to the search interface.

Configure Query Filters

Filter rules allow you to enter hidden query expressions to be added to all queries going through a given query pipeline. They’re typically used to add a field-based expression to the constant query expression (cq).

Example

You apply the @objectType=="Solution" query filter to the pipeline to which the traffic of your public support portal is directed. As a result, the @objectType=="Solution" query expression is added to any query sent via this support portal.

Therefore, if a user types Speedbit watch wristband in the searchbox, the items returned are those that match these keywords and whose objectType has the Solution value. Items matching these keywords but having a different objectType value aren’t returned in the user’s search results.

To learn how to configure query pipeline filter rules, see Manage filter rules.

Use the Proper Query Pipeline Routing Mechanism

The most recommended and flexible query pipeline routing mechanism is condition-based routing.

In this scenario, search requests are authenticated with a search token that contains a searchHub parameter, and each query pipeline except the default one has a distinct query pipeline condition based on a specific search hub value. When using this routing mechanism, you ensure that search requests are routed according to the search interface from which they originate.