Add or edit a GraphQL API source


The GraphQL API source is a beta feature. This means it’ll change over the coming months as Coveo adds to it and enhances your experience. In the meantime, we encourage you to start using it to explore the data that Coveo can index.

Coveo has dedicated connectors for many web and on-premises systems, therefore allowing you to quickly make application content searchable. See the Connector directory for the full list.

However, there may be applications of which you want to index the content, but for which there’s no dedicated connector. In such a case, when you have the required privileges, you can use a generic API connector to retrieve and make the desired content searchable with Coveo.

The GraphQL API connector lets you crawl content from a remote repository exposing its data through a GraphQL API. When creating your source, in the Coveo Administration Console, you must provide a JSON configuration allowing Coveo to retrieve content items. This configuration indicates which API calls to execute to fetch the desired items, how to parse the responses to extract relevant metadata, and what type of resources these items represent.

The GraphQL source works very similarly to the REST API source. To better understand it, we recommend you read its documentation, which includes the following pages: Concepts and Reference.


Your company uses GitHub to manage your software code. You want to list the PRs made by each user for statistical purposes. So, you create a GraphQL API source that will query GitHub’s API to index the desired content.

Leading practice

The number of items that a source processes per hour (crawling speed) depends on various factors, such as network bandwidth and source configuration. See About crawling speed for information on what can impact crawling speed, as well as possible solutions.

Source Key Characteristics

Features Supported Additional information

Content update operations



For each endpoint you define in your source configuration, you can provide a refresh endpoint to override the initial endpoint. When you do so, the connector can add, update, or delete specific items in the index instead of refreshing the entire repository. However, the following limitations currently apply:

  • Only refresh queries using the date of the last refresh operation can be made. Tokens such as @Now can’t be used.

  • A sub-item can’t be refreshed if its parent item isn’t detected as modified.



Takes place every day by default.



Content security options

Same users and groups as in your content system


If your source configuration includes the PermissionType parameter, you must provide a JSON configuration detailing how to extract the relationships of the indexed permissions.

Specific users and groups




Add or Edit a GraphQL API Source

When adding a source, in the Add a source of content panel, click the Cloud (cloud-blue) or Crawling Module (crawling-bot-blue) tab, depending on your content retrieval context. With the latter, you must install the Coveo On-Premises Crawling Module to retrieve your content.

To edit a source, on the Sources (platform-ca | platform-eu | platform-au) page, click the desired source, and then click Edit in the Action bar.

The completion steps are especially important when creating or editing a source of this type.

Leading practice

It’s best to create or edit your source in your sandbox organization first. Once you’ve confirmed that it indexes the desired content, you can copy your source configuration to your production organization, either with a snapshot or manually.

See About non-production organizations for more information and best practices regarding sandbox organizations.

"Configuration" Tab

On the Add/Edit a GraphQL API Source subpage, the Configuration tab is selected by default. It contains your source’s general and authentication information, as well as other parameters.

General Information

Source Name

Enter a name for your source.

Leading practice

A source name can’t be modified once it’s saved, therefore be sure to use a short and descriptive name, using letters, numbers, hyphens (-), and underscores (_). Avoid spaces and other special characters.

Paired Crawling Module

If your source is a Crawling Module source, and if you have more than one Crawling Module linked to this organization, select the one with which you want to pair your source. If you change the Crawling Module instance paired with your source, a successful rebuild is required for your change to apply.

Optical Character Recognition (OCR)

If you want Coveo to extract text from image files or PDF files containing images, enable the appropriate option.

The extracted text is processed as item data, meaning that it’s fully searchable and will appear in the item Quick View. See Enable optical character recognition for details on this feature.

"Authentication" Section

In the Authentication section, all parameters are optional. Fill the appropriate boxes depending on the authentication type used by the source you want to make searchable.

  • If your source uses a HTTP, Basic, Kerberos, or NTLM authentication protocol, enter the Username and Password of the account with which you want to crawl the source. This fills the username and password fields in your source JSON configuration. The account of which you enter the credentials must have access to all the content that you want to make searchable. See Source credentials leading practices.

  • If your source uses the OAuth 2.0 authentication protocol, enter your content source Client ID, Client secret and Refresh token in the corresponding boxes.

  • If your source uses an API key to authenticate, enter it in the API key box.

  • If your source doesn’t require authentication, leave all boxes empty.

"Content to Include" Section

In the JSON configuration box, enter your source JSON configuration.

For more information on the GraphQL API source JSON configuration, see:

"Content Security" Tab

Select who will be able to access the source items through a Coveo-powered search interface. For details on this parameter, see Content security.


If, while writing your source JSON configuration, you chose to index content access permissions and used the PermissionType parameter, you must select the Same users and groups as in your content system option and provide a JSON permission configuration detailing how to retrieve the relationships of each security identity and how to index this data.

"Access" Tab

In the Access tab, set whether each group (and API key, if applicable) in your Coveo organization can view or edit the current source.

For example, when creating a new source, you could decide that members of Group A can edit its configuration while Group B can only view it.

See Custom access level for more information.


  1. Click Add Source/Save to add/save your source configuration.

  2. While writing your JSON configuration, you may have decided to populate fields that aren’t default fields. If you have not already created these fields for another source, you must create them in the Fields (platform-ca | platform-eu | platform-au) page before building your source.

    • You decided to retrieve picture URIs and to have Coveo populate the pictureuri field with this data. Your item metadata therefore contains:

        "pictureuri": "%[node.picture.uri]"

      However, since the pictureuri field isn’t a default field like author or date, you must create it.

    • You have another GraphQL API source populating the custom field facebookaccountid. When creating your new source, you therefore don’t need to create this field, as it’s already in the Fields (platform-ca | platform-eu | platform-au) page.

  3. Ensure that your source correctly maps all the fields to populate. If a field doesn’t have a mapping, you must create one.


    You map the pictureuri field with the following rule: %[pictureuri].

  4. On the Sources (platform-ca | platform-eu | platform-au) page, you must click Launch build or Launch rebuild in the source Status column to add the source content or to make your changes effective, respectively.

Required privileges

You can assign privileges to allow access to specific tools in the Coveo Administration Console. The following table indicates the privileges required to view or edit elements of the Sources (platform-ca | platform-eu | platform-au) page and associated panels. See Manage privileges and Privilege reference for more information.


The Edit all privilege isn’t required to create sources. When granting privileges for the Sources domain, you can grant a group or API key the View all or Custom access level, instead of Edit all, and then select the Can Create checkbox to allow users to create sources. See Can Create ability dependence for more information.

Actions Service Domain Required access level

View sources, view source update schedules, and subscribe to source notifications







Edit sources, edit source update schedules, and view the View Metadata page






Source metadata




What’s Next?