GraphQL API source reference
GraphQL API source reference
When creating a GraphQL API source in the Coveo Administration Console, you must provide a JSON configuration detailing what to crawl to retrieve the desired content, and how to retrieve items of each type.
This configuration has a single property, Services, whose value must be an array of Service Object.
{
"Services": [
{
"Url": "https://api.github.com/",
"authentication": {
"username": "@username",
"password": "@password",
"forceBasicAuthentication": "true"
},
"Endpoints": [
{
"paging": {
"pageSize": 10,
"offsetType": "cursor",
"nextPageKey": "data.user.pullRequests.pageInfo.endCursor"
},
"headers": {
"accept": "application/vnd.github.v3+json",
"User-Agent": "PostmanRuntime/7.29.0"
},
"Path": "graphql",
"Method": "POST",
"ItemPath": "data.user.pullRequests.edges",
"SkippableErrorCodes": "404",
"ItemType": "PullRequests",
"Uri": "%[node.url]",
"ClickableUri": "%[node.url]",
"Title": "%[node.title]",
"ModifiedDate": "%[node.createdAt]",
"PayloadJsonContent": "{\"query\":\"query {\\r\\n user(login:\\\"JohnSmith\\\") {\\r\\n pullRequests(first:@pageSize, after:@offset) {\\r\\n totalCount\\r\\n edges {\\r\\n node {\\r\\n createdAt\\r\\n title\\r\\n url\\r\\n }\\r\\n cursor\\r\\n }\\r\\n pageInfo {\\r\\n endCursor\\r\\n hasNextPage\\r\\n }\\r\\n }\\r\\n }\\r\\n}\"}"
}
]
}
]
}This reference article defines parameters to include in your JSON configuration.
When building your JSON configuration, you may also want to refer to the Concepts article.
About the GraphQL API source configuration
When you create a GraphQL API source in the Coveo Administration Console, you must provide a JSON source configuration listing the content to crawl. This JSON configuration must also indicate which API calls to execute to fetch the desired items and how to parse the responses to extract relevant metadata.
Coveo’s GraphQL API connector is actually the REST API connector under the hood. So, the JSON configuration to provide is very similar. Although the expected configuration follows the repository structure of a REST API, with services and endpoints, it also works with GraphQL APIs.
Service Object
Each object in the Services array specifies a GraphQL API service to retrieve content, along with the specific endpoints to call.
The properties expected in an object of the Services array are the following.
Endpoints (Array of Endpoint Object, Required)
Each array in the Endpoints object details how you want Coveo to crawl an endpoint of your web application.
See the Endpoint section for details on the items found in an array.
Url (String, Required)
The Url value is the GraphQL service URL of the web application of which you want to make the content searchable.
Example: "Url": "https://api.github.com/"
Authentication (Authentication Object)
If your web application service requires authentication, this object contains the GraphQL service authentication configuration. See the Authentication section for details on the properties in this object.
You must also enter authentication information in the Authentication section of the Add/Edit a GraphQL API Source panel.
Then:
-
If your source uses an HTTP, Basic, Kerberos, or NTLM authentication protocol, the username and password you provide under Authentication replace any value you entered for the
UsernameandPasswordproperties. -
If your source uses an API key authentication protocol, include the
@APIkeyplaceholder in the HTTP headers, query parameters, or payload parameters.Example:
For more API key authentication examples, see API key authentication.
-
If your source uses the OAuth 2.0 authentication protocol, include the
@ClientID,@ClientSecret, and@RefreshTokenplaceholders in the OAuth 2.0 object.
Query Headers (Object)
A key-value list of HTTP headers to add to the query. Each value can be either a number, string, or Boolean.
This property is inheritable.
Example:
"Headers": {
"accept": "application/vnd.github.v3+json",
"User-Agent": "PostmanRuntime/7.29.0"
}
|
Note
Unlike a browser or a tool such as Postman, Coveo doesn’t automatically add a |
Paging (Paging Object)
In the Paging object, you can specify how you want the Services content to be paged.
See the Paging section for details on the properties in this object.
Permissions (Array of Permission Level Object)
The Permissions array is required when you select the Same users and groups as in your content system source content security option.
It contains the permission levels and sets to apply to the items indexed through this service.
The members listed in these levels and sets are either allowed or denied access to the indexed items.
This property is inheritable.
See the Permission Level object section for details on the properties in this object.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
SkippableErrorCodes (String)
When crawling your content, Coveo may encounter an HTTP error and stop.
If you expect the web application API to return an error and want it to be ignored so that the crawling process continues, specify the error code as the SkippableErrorCodes property value.
This property applies at the Services level and is inheritable.
Use a semicolon (;) to separate error codes.
Example: "SkippableErrorCodes": "500;404;403"
Endpoint Object
Each object in the Endpoints array details how to retrieve the content of the specified endpoint.
Moreover, in each endpoint object, the Metadata objects lists the content metadata to retrieve.
ClickableUri (String, Required)
The format of the item clickable URI.
Dynamic values are supported.
Example: "ClickableUri": "%[node.url]"
ItemType (String, Required)
The type of item that the resource contains. Coveo uses this data to organize the indexed content.
Examples:
-
"ItemType": "Post"for a blog post -
"ItemType": "PostComment"for a comment on a post
Path (String, Required)
The relative path to the desired resource endpoint.
Dynamic values are supported when specified within the SubItems, SubQueries, and PermissionSubQueries arrays only.
Dynamic time expressions are also supported.
Example: "Path": "graphql"
In sub-items and subqueries, should a dynamic value be invalid or unretrievable, the source skips the item, i.e., the indexing process is dropped and Coveo moves on to the next item. In a permission subquery, however, an invalid or unretrievable dynamic value causes the source to stop crawling and to display an error in the Administration Console.
Uri (String, Required)
The format of the item unique identifier.
Dynamic values are supported.
Example: "Uri": "%[node.url]"
Should a dynamic value be invalid or unretrievable, the source stops crawling and displays an error in the Administration Console.
Body (String)
The path (simple path or JSONPath) to the Body content of the item in the JSON response.
The item body is displayed in the Administration Console Content Browser.
Typically, the Body property contains a dynamic value, since a static, hardcoded value would make all item bodies identical.
Dynamic values and hardcoded text can also be mixed.
Example: "Body": "%[html.content]"
DateFormat (String)
The format of a date injected thanks to the tokens @Now and @RefreshDate.
All .NET formats are supported, and the default is yyyy-MM-ddTHH:mm:ssZ (ISO 8601).
Alternatively, to handle Unix timestamps, enter either of the following:
-
UnixEpochfor the number of seconds elapsed since the Unix epoch. -
UnixEpochMsfor the number of milliseconds elapsed since the Unix epoch.
Examples:
-
"DateFormat": "yyyy-MM-ddTHH:mm:ssZ" -
"DateFormat": "\\'yyyy-MM-dd\\',\\'hh:mm:ss\\'"
IndexingAction (Action Object)
Whether to ignore or to retrieve an item if the specified Condition resolves to true.
See the Action object section for details on the properties expected in the IndexingAction object.
When the specified Condition resolves to true, the Coveo crawler applies the specified action to the corresponding item.
Possible actions are Retrieve and Ignore, i.e., the crawler can either index the item to make it searchable or ignore it.
An item ignored with IndexingAction isn’t indexed and therefore not visible in the Administration Console Content Browser or a search interface.
However, its sub-items are sent to the index, unless otherwise specified in the ProcessingAction object.
If the condition resolves to false, the Coveo crawler falls back to the default action, which is Retrieve, and the specified item is indexed.
Example:
"IndexingAction": {
"ActionOnItem": "Ignore",
"Condition": "%[id] > 1"
}IsBinaryBody (Boolean)
Whether the subquery retrieves binary content as the body of the item.
Default value is false.
This property is available within SubQueries objects only.
It allows you to download a file (e.g., XLS or PDF document) to use as the item body in a search result quick view.
See Supported file formats for an exhaustive list of item types that Coveo can index.
If you set IsBinaryBody to true, ensure that your API key is valid for subqueries.
Example:
"SubQueries": [
{
"Path":"%[coveo_parent.url]",
"Method":"GET",
"IsBinaryBody":true,
"Body": "%[data.body]"
}
]|
|
Note
|
ItemPath (String)
The path to the item in the JSON response returned by the application.
When ItemPath is omitted, Coveo assumes that the item is at the root level of the JSON response.
See the Collection of items example.
Metadata (Object)
A key-value list of the metadata to parse. Each key represents the metadata name of the repository item, while its value is the value path (simple path or JSONPath) in the JSON response.
Typically, the value path consists of one or more dynamic values, since a static, hardcoded value would result in an identical piece of metadata for all items. However, you could choose to use a hardcoded value so that the corresponding Coveo field is filled even if the API doesn’t provide this information.
Example:
"Metadata": {
"author": "hardcoded value",
"id": "%[id]",
"expiration": "%[info.expiration]",
"createdby": "Mr. %[author]",
"authorUrl": "%[coveo_url]/authors/%[id]",
"description": "%[author] is an amazing author!"
}When you build your source, Coveo retrieves the desired metadata. You can then review a sample of this metadata in the Administration Console and use it to create mapping rules for your source.
Method (String Enum)
The HTTP method to use to fetch the resource.
Possible values are GET and POST.
Default value is GET.
This property is not inheritable.
See the API documentation of your application to determine which one you should use.
Example: "Method": "POST"
ModifiedDate (String)
The date on which the item was last modified. Although this property isn’t required in the JSON configuration, we recommend that you include it, as the Coveo-powered search pages use it for their default Sort by Date option.
Typically, ModifiedDate has a dynamic value, since a static, hardcoded value would make dates identical for all items.
Example: "ModifiedDate": "%[updated]"
Paging (Paging Object)
In the Paging object, you can specify how you want the Endpoint content to be paged.
See the Paging section for details on the properties in this object.
PayloadJsonContent (String)
The JSON content to send as a POST request body.
The Content-Type header is automatically set to application/json.
Dynamic values are supported when specified within the SubItems and SubQueries objects only.
In sub-items and subqueries, should a dynamic value be invalid or unretrievable, the source skips the item, i.e., the indexing process is dropped and Coveo moves on to the next item. In a permission subquery, however, an invalid or unretrievable dynamic value causes the source to stop crawling and to display an error in the Administration Console.
|
|
Notes
|
You want to provide the following JSON content with your request:
{
"key1": "value1",
"key2": "@field=(\"value2\")",
"key3":
{
"subkey1": "subvalue1"
}
}Your source JSON configuration therefore contains the following:
"Endpoints": [
{
"Method": "POST",
"Path": "graphql",
"PayloadJsonContent": "{\"key1\": \"value1\", \"key2\": \"@field=(\\\"value2\\\")\", \"key3\": {\"subkey1\": \"subvalue1\"}}"
}
]PayloadParameters (Object)
A key-value list of HTTP parameters to add to the payload. Each value can be either a number, string, or Boolean.
This property can only be used in a POST request.
The parameters are sent as URL-encoded data in the request body.
The Content-Type header is automatically set to application/x-www-form-urlencoded.
Dynamic values are supported when specified within the SubItems and SubQueries objects only.
Dynamic time expressions are also supported.
Example:
"PayloadParameters": {
"type": "post",
"expand": "true",
"id": 120
}In sub-items and subqueries, should a dynamic value be invalid or unretrievable, the source skips the item, i.e., the indexing process is dropped and Coveo moves on to the next item. In a permission subquery, however, an invalid or unretrievable dynamic value causes the source to stop crawling and to display an error in the Administration Console.
|
|
Note
|
PermanentId (String)
The PermanentId is an alternative, permanent unique item identifier.
When you expect the item Uri to change, this ensures that Coveo Machine Learning (Coveo ML) recognizes the items despite their new URI and associates them to the old data.
So, in the future, if you modify or delete this source and reindex the same items, specifying the same item PermanentId format in your next configuration will ensure that Machine Learning doesn’t consider your items as new and rather picks up where it left off.
Dynamic values are supported.
Example:
{
"Uri": "%[node.url]",
"PermanentId": "%[sys_id]"
}Permissions (Array of Permission Level Object)
The Permissions object is required when you select the Same users and groups as in your content system source content security option.
It contains the permission levels and sets to apply to the items indexed in this endpoint.
The members listed in these levels and sets are either allowed or denied access to the indexed items.
This property is inheritable.
See the Permission Level object section for details on the properties in this object.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
ProcessingAction (Action Object)
Whether to ignore or to retrieve the child items of an item if the specified Condition resolves to true.
See the Action object section for details on the properties expected in the ProcessingAction object.
When the specified Condition resolves to true, the Coveo crawler applies the specified action on the corresponding child items of an item.
Possible actions are Process and Ignore, i.e., the crawler can either retrieve the subitems to make them searchable or ignore them.
A child item ignored with ProcessingAction isn’t indexed and therefore not visible in the Administration Console Content Browser or a search interface.
If the condition resolves to false, it fallbacks to the default action, i.e., Process.
Example:
"ProcessingAction": {
"ActionOnItem": "Ignore",
"Condition": "%[id]==1"
}QueryParameters (Object)
A key-value list of HTTP parameters to add to the query. Each value can be either a number, string, or Boolean.
Dynamic values are supported when specified within the SubItems, SubQueries, and PermissionSubQueries arrays only.
They aren’t supported in QueryParameters objects within a RefreshEndpoints object.
Dynamic time expressions are also supported.
Example:
"QueryParameters": {
"type": "post",
"expand": "true",
"id": 120
}Example:
"QueryParameters": {
"since": "@Now-6M",
"until": "@Now"
}In sub-items and subqueries, should a dynamic value be invalid or unretrievable, the source skips the item, i.e., the indexing process is dropped and Coveo moves on to the next item. In a permission subquery, however, an invalid or unretrievable dynamic value causes the source to stop crawling and to display an error in the Administration Console.
RefreshEndpoints (Array of Refresh Endpoint Object)
A list of refresh endpoint queries to execute to retrieve added, updated, or deleted items when refresh is supported and performed. See the Refresh endpoints section for details on the properties in this object.
SkippableErrorCodes (String)
When crawling your content, Coveo may encounter an HTTP error and stop.
If you expect the web application API to return an error and want it to be ignored so that the crawling process continues, specify the error code as the SkippableErrorCodes property value.
This property applies at the Endpoints level and is inheritable.
Use a semicolon (;) to separate error codes.
Example: "SkippableErrorCodes": "500;404;403"
SubItems (Array of Endpoint Object)
A list of sub-items to retrieve.
Each sub-item is represented by a configuration object under Endpoints.
An item can have many different sub-items, e.g., a blog post containing comments and attachments as child items.
The SubItems object establishes a parent-child relationship between items.
There’s no restriction on the number of sub-items an item can have.
In addition, sub-items can also have sub-items, for example if blog post comments also have attachments.
In the application JSON response, these sub-items are nested within each other, and so should be your SubItems arrays in your source configuration.
To refer to the metadata of a parent item, prefix the metadata name with coveo_parent.
You may also need to use raw.
Examples:
When the sub-items to index are located under a different endpoint, you provide the Path to their location.
"SubItems": [
{
"Path": "graphql",
"Method": "GET",
"ItemType": "Comment",
"Uri": "%[node.url]",
"ClickableUri": "%[node.url]",
"Title": "%[node.title]",
"ModifiedDate": "%[node.updated]",
"Body": "%[node.content]",
"Metadata": {
"author": "%[node.author]",
"createdby" :"%[coveo_parent.author]",
"id": "%[id]"
}
}
]Alternatively, when the desired sub-items are located under the same endpoint as their parent items (e.g., the child item data is nested within the parent item data), you omit the Path property and provide the sub-items' location using the ItemPath property.
"SubItems": [
{
"ItemPath": "data.user.pullRequests.edges",
"ItemType": "PullRequests",
"Uri": "%[node.url]",
"ClickableUri": "%[node.url]",
"Title": "%[node.title]",
"Body": "%[node.content]",
"Metadata": {
"author": "%[node.author]",
"createdby" :"%[coveo_parent.author]",
"id": "%[node.id]"
}
}
]SubQueries (Array of Subquery Object)
A list of subqueries to execute on every item in order to fetch additional metadata and/or the item body, especially if this information is located under a different path than that of the item. See the Subquery object section for details.
To refer to the metadata of a parent item, prefix the metadata name with coveo_parent.
You may also need to use raw.
Title (String)
The title of the item. Although this property isn’t required in the JSON configuration, we recommend that you include it, as the Administration Console Content Browser displays its value.
Typically, Title contains a dynamic value, since a static, hardcoded value would make all item titles identical.
Example: "Title": "%[node.title]"
Action Object
When the specified Condition resolves to true, the Coveo crawler applies the specified action to the corresponding items.
See IndexingAction and ProcessingAction for more details.
ActionOnItem (String, Required)
Action to perform if the specified Condition resolves to true.
In the IndexingAction object, this applies to retrieved items.
Possible actions are Retrieve and Ignore, i.e., the crawler can either index the item to make it searchable or ignore it.
In the ProcessingAction object, this applies to child items of an item.
Possible actions are Process and Ignore, i.e., the crawler can either retrieve the subitems to make them searchable or ignore them.
Condition (String)
The Condition value is a condition that must resolve to true for the specified action to apply to the child items of an item.
To write your condition, use the same syntax as for indexing pipeline extension conditions.
Conditions can be assembled together using the following operators: AND, OR, Exists, NOT, >, and <.
Parentheses are also supported to specify operation order.
The metadata fields in your condition must either be defined in the Metadata object or referenced with raw.
You can specify an array if the metadata refers to a multi-value field in your repository.
Examples:
-
"%[node.author_id]"is true if the item has anauthor_id. -
"NOT %[node.author_id]"is true if the item doesn’t have anauthor_id. -
"%[node.author_id] == 1234"is true if the itemauthor_idis1234. -
"%[node.author_ids] == [1,2,3,4]"is true if itemauthor_idsare1,2,3, and4. -
"%[node.author_id] OR %[author_name]"is true if the item has anauthor_idor anauthor_name. -
"%[node.author_id] AND %[author_name]"is true if the item has anauthor_idand anauthor_name. -
"%[node.author_id] > 123"is true if the itemauthor_idis greater than 123. -
"(%[node.author_id] OR %[node.author_sys_id]) AND %[node.author_name]"is true if the item has anauthor_idor anauthor_name, as well as anauthor_name.
Paging Object
In the Paging object, specify how you want the content to be paged.
This property is inheritable.
Then, in your GraphQL query, make sure to include tokens @pageSize and @offset.
Coveo will replace @pageSize with the value of the pageSize parameter of your paging configuration.
Similarly, @offset will be replaced with the value extracted from the response using either the NextPageKey or the OffsetStart parameter, depending on the paging method selected in OffsetType.
Example:
"paging": {
"pageSize": 10,
"offsetType": "cursor",
"nextPageKey": "data.user.pullRequests.pageInfo.endCursor"
},
"PayloadJsonContent": "{\"query\":\"query {\\r\\n user(login:\\\"JohnSmith\\\") {\\r\\n pullRequests(first:@pageSize, after:@offset) {\\r\\n totalCount\\r\\n edges {\\r\\n node {\\r\\n createdAt\\r\\n title\\r\\n url\\r\\n }\\r\\n cursor\\r\\n }\\r\\n pageInfo {\\r\\n endCursor\\r\\n hasNextPage\\r\\n }\\r\\n }\\r\\n }\\r\\n}\"}"
}OffsetType (String Enum, Required)
The type of information on which the offset is based.
Possible values are page, item, url, and cursor.
-
page: An offset per page is based on the page number, i.e., each paginated call increments the offset by 1.ExampleThe offset of the following calls is based on the page number:
-
http://example.com/api/item?limit=10&page=0 -
http://example.com/api/item?limit=10&page=1
-
-
item: An offset based on the item number increments the offset by the number of items in each page.ExampleThe offset of the following calls is based on the item number:
-
http://example.com/api/item?limit=10&start=0 -
http://example.com/api/item?limit=10&start=10
-
-
url: A URL-based offset retrieves the next page (offset) URL with theNextPageKeyin the JSON response, and the next call is a request to this URL.ExampleThe following links could be returned in the web application response as values of
NextPageKey. When you choose to use a URL-based object, Coveo sends a request to this URL to retrieve your content.-
http://example.com/api/item?limit=5 -
http://example.com/api/item?page=3d170d80d8n3n2342c328s
-
-
cursor: An offset based on the cursor retrieves the next page cursor using theNextPageKeyin the JSON response and builds the next page URL.ExampleThe offset of the following calls is based on the page cursor:
-
http://example.com/api/item?limit=5 -
http://example.com/api/item?limit=5&pageToken=3d170d80-7b3b-4371-9499-2ec6a78c507e
-
PageSize (Number, Required)
The number of items to fetch per page.
Example: With paging URL https://example.com/api/item?position=0&quantity=50, your JSON configuration should include "PageSize": 50.
NextPageKey (String)
When the OffsetType value is "url" or "cursor", provide the path (simple path or JSONPath) to the key representing the value of the next page reference, i.e., either the next page URL or the next page cursor.
The NextPageKey property isn’t required when the OffsetType value is page or item.
Example: "NextPageKey": "NextPageLink"
OffsetStart (Number)
Offset of the first page to fetch.
This property is required when the OffsetType value is "page" or "item".
Example: Your first paging URL is https://example.com/api/item?position=0&quantity=50.
If you want to retrieve all items except items 1 to 50, your paging configuration must include "OffsetStart": 1.
TotalCountHeaderKey (String)
The name of an HTTP header whose value represents the total number of items retrieved through the API call. This property is useful when Coveo makes an API call to a page that doesn’t exist, causing an error to be returned.
However, when using this property, you must be sure that the total always matches the actual number of items returned by your API, as Coveo’s crawler uses this total as an indication to stop. Should the expected total be lower than the actual number of items returned, Coveo won’t index the remaining items.
Therefore, if your API supports it, we recommend using the FetchNextPageUntilNoResult property instead, as a safer alternative.
Example: "TotalCountHeaderKey": "x-total-count"
TotalCountKey (String)
The path (simple path or JSONPath) to a response body property representing the total number of items retrieved through the API call. This property is useful when Coveo makes an API call to a page that doesn’t exist, causing an error to be returned.
However, when using this property, you must be sure that the total always matches the actual number of items returned by your API, as Coveo’s crawler uses this total as an indication to stop. Should the expected total be lower than the actual number of items returned, Coveo won’t index the remaining items.
Therefore, if your API supports it, we recommend using the FetchNextPageUntilNoResult property instead, as a safer alternative.
Example: "TotalCountKey": "retrievedContent.totalCount"
Permission Level Object
A Permission Level object describes a single permission level, which can contain one or more permission sets.
This property is inheritable.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
Example:
"Permissions": [
{
"Name": "Permission Level 1",
"PermissionsSets": [
{
"Name": "Permission Set 1",
"AllowedMembers": [
{
"Name": "jsmith@example.com",
"Type": "User",
"AdditionalInfo": {
"title": "%[customMetadata]"
}
}
],
"DeniedMembers": null,
"IsAnonymousAllowed": false
}
]
}
]Name (String)
The name of the permission level.
PermissionsSets (Array of Permission Set Object)
The PermissionsSets array specifies who can or can’t access the indexed items.
See the Permission Set object section for details on the properties expected for each element in this array.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
Permission Set Object
A Permission Set object describes a single permission set which can contain lists of allowed and denied members.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
Permission Set Name (String)
The Name property indicates the name of the permission set.
AllowedMembers and DeniedMembers arrays
Each object in the AllowedMembers and DeniedMembers arrays represents a member security identity that should be allowed or denied to access the indexed content.
|
|
Note
If a user is listed under both |
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
The following is an example of a simple situation where, in your permission system, security identities are identified with email addresses. Your source will work with the Email security identity provider to ensure that your search interface users only see the content they’re allowed to.
If your permission system is more complex, requires a security provider other than Email, or is frequently updated, you should not only index allowed and denied security identities, but also provide a permission configuration instructing Coveo on how to index your permission system.
You index text items written by different people.
The metadata of each item contains the key author, and, in this system, authors are identified by their email address.
These addresses are therefore expected as values of the Name field.
With the following configuration, each user in your organization can access the items they have created through your Coveo-powered search interfaces.
"PermissionsSets": [
{
"Name": "Permission Set 1",
"AllowedMembers": [
{
"Name": "%[author]",
"Type": "User",
"Condition": "%[published] == true",
}
}
],
"DeniedMembers": null,
"IsAnonymousAllowed": false
}
]
Name (String, Required)
The name of the member security identity.
In simple use cases similar to that described under AllowedMembers and DeniedMembers arrays, this should be an email address.
Dynamic values are supported.
Type (String Enum, Required)
The type of member.
Allowed values are User, Group, and VirtualGroup.
For more information on these types of security identities, see Coveo management of security identities and item permissions.
Permission Condition (String)
The Condition value is a condition that must resolve to true for the security identity specified in Name to be resolved, i.e., extracted by the security identity provider.
As a result, the permission applies.
When the condition resolves to false, the security identity is not resolved and the corresponding permission doesn’t apply.
Adding a condition to your AllowedMembers or DeniedMembers object is optional.
To write your condition, use the same syntax as for indexing pipeline extension conditions.
Conditions can be assembled together using the following operators: AND, OR, Exists, NOT, >, and <.
Parentheses are also supported to specify operation order.
The metadata fields in your condition must either be defined in the ,Metadata object of the source configuration or referenced with raw.
You can specify an array if the metadata refers to a multi-value field in your repository.
Dynamic values are also supported.
You index a list of available and discontinued products, and your public search interface is used by both your employees and your customers. On this search interface, your employees can log in to see additional content, while customers can’t log in.
You want to hide your discontinued products from your customers only, so you use the Condition parameter to apply a permission to these items.
As a result, all products with Discontinued: yes in their metadata are visible to members of the *@mycompany.com group only, i.e. your employees, while non-discontinued products are available to all search interface users.
"PermissionsSets": [
{
"Name": "Permission Set 1",
"AllowedMembers": [
{
"Name": "*@mycompany.com",
"Type": "Group",
"Condition": "%[discontinued] == yes"
}
],
"DeniedMembers": null,
"IsAnonymousAllowed": true
}
]For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
PermissionType (String)
This parameter is relevant only when you provide a permission configuration.
The PermissionType is a key representing the configuration on how to extract all relationships of the security identity specified in Name.
The security identity provider will use this configuration when processing the security identity.
In the Content Security tab of the Add/Edit a GraphQL API Source panel, you’ll need to select the Same users and groups as in your content system, and then to provide a JSON permission configuration detailing how to retrieve the relationships of each security identity and how to index this data.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
AdditionalInfo (Object)
This parameter is relevant only when you provide a permission configuration.
The AdditionalInfo object is a key-value store of additional information required by some security providers.
Each key represents the metadata name of the repository item, while its value is the value path (simple path or JSONPath) in the JSON response.
When writing your permission configuration, you can use coveo_parent to refer to the information retrieved with the AdditionalInfo parameter of a permission subquery.
Dynamic values are supported in the values of this object.
IsAnonymousAllowed (Boolean)
The IsAnonymousAllowed property indicates whether anonymous, i.e., non authenticated users are allowed to access the retrieved items.
Default value is false.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
PermissionsFromMetadata array
This array is relevant only when you provide a permission configuration.
The PermissionsFromMetadata array is an alternative to the PermissionSubQueries array, as it fetches permission data, typically the security identities that are allowed or denied access to the item.
This data is crucial to retrieve if you want to replicate the application’s permission system in Coveo.
Include a PermissionsFromMetadata array in your GraphQL API source configuration when the permission data appears in the metadata of an item.
Conversely, a PermissionSubQueries array should be used when an item and its permission data must be retrieved with two different queries.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
Objects of the PermissionsFromMetadata array support:
-
The following properties from objects of the
Memberarray: -
The following property:
PermissionSubQueries array
This array is relevant only when you provide a permission configuration.
Each object in the PermissionSubQueries array represents a subquery to execute on every item to fetch permission data, typically the security identities that are allowed or denied access to the item.
This data is crucial to retrieve if you want to replicate the application’s permission system in Coveo.
The PermissionSubQueries array is an alternative to the PermissionsFromMetadata array.
Include a PermissionSubQueries array in your source configuration when an item and its permission data must be retrieved with two different queries. Conversely, the PermissionsFromMetadata array should be used when the permission data appears in the metadata of an item.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
Objects of the PermissionSubQueries array support:
-
The following properties from the
Endpointsobject configuration: -
The following properties from objects of the
AllowedMembersandDeniedMembersarrays: -
The following property:
Example:
"permissionSubQueries": [
{
"ItemPath": "permissions",
"Path": "%[productid]/permissions",
"Method": "GET",
"QueryParameters": {},
"Name": "%[name]",
"Type": "group",
"PermissionType": "config1",
"Condition": "%[field] == value",
"IsAllowedMember": true,
"AdditionalInfo":
{
"PermissionID": "%[id]",
"PermissionName": "%[name]"
}
}
]IsAllowedMember (Boolean)
The IsAllowedMember property indicates whether the specified member is allowed to access the item.
Default value is false.
For more information on sources that index permissions and on how Coveo handles these permissions, see Coveo management of security identities and item permissions.
Refresh Endpoint Object
A refresh endpoint is an endpoint that inherits from the parent endpoint definition.
The refresh endpoint allows you to redefine the Endpoints configuration properties.
As a result, when you refresh your source, the properties defined under RefreshEndpoints override the properties defined under Endpoints.
When you rescan or rebuild the source, however, the Endpoints properties apply.
Similarly, if you don’t specify any QueryParameters in the refresh endpoint definition, the endpoint query parameters will be inherited.
However, either all query parameters are inherited, or none is.
So, if you change one parameter, you must also redefine all other parameters that apply, even if they’re identical to those in the endpoint object.
Your endpoint query parameters are the following:
"QueryParameters": {
"type": "post",
"workflow_state":"published",
"since": "@RefreshDate",
"expand": "true"
}In your refresh endpoint configuration, you want to switch expand to false and keep all other query parameters identical, so you enter the following:
"QueryParameters": {
"type": "post",
"workflow_state":"published",
"since": "@RefreshDate",
"expand": "false"
}|
|
Note
Dynamic values aren’t supported in the query parameters of a |
In addition to the Endpoints object configuration properties, the RefreshEndpoints object supports the following properties:
Example:
"RefreshEndpoints":[
{
"DateFormat":"\\'yyyy-MM-dd\\',\\'hh:mm:ss\\'",
"QueryParameters":{
"workflow_state":"published",
"since": "@RefreshDate"
}
},
{
"IsDeletionQuery":true,
"DateFormat":"\\'yyyy-MM-dd\\',\\'hh:mm:ss\\'",
"QueryParameters":{
"lastModifiedDate": "@Now-7d",
"status":"Deleted"
}
},
{
"IsDeletionQuery":true,
"DateFormat":"\\'yyyy-MM-dd\\',\\'hh:mm:ss\\'",
"Path":"/api/table/audit_delete",
"QueryParameters":{
"tablename":"kb_knowledge",
"since": "@RefreshDate"
}
},
{
"IsDeletedItem": "%[is_deleted]",
"DateFormat":"\\'yyyy-MM-dd\\',\\'hh:mm:ss\\'",
"QueryParameters":{
"since": "@RefreshDate"
}
}
]IsDeletionQuery (Boolean)
Whether the defined query returns items to delete from the index.
Default value is false, which means that all retrieved items are added to the index or updated.
If the query returns items to add, update, and delete all at once, use the IsDeletedItem property instead.
IsDeletedItem (Boolean)
When a refresh query returns items to add, update, and delete all at once, this property allows you to specify which of these items should be deleted.
Default value is false, but it’s considered to be true if IsDeletionQuery is set to true.
You can provide a dynamic value (e.g., %[has_been_deleted_flag]) to be evaluated for each item or a static value.
Example:
"%[is_deleted]" deletes all items that have a "is_deleted": true JSON property flagging them as deleted.
"IsDeletedItem": %[is_deleted],
"DateFormat":"\\'yyyy-MM-dd\\',\\'hh:mm:ss\\'",
"QueryParameters":{
"since": "@RefreshDate"
}DeleteChildren (Boolean)
Whether to delete children when the retrieved parent item is deleted.
Default value is false.
If the value is set to true, child items are deleted based on their Uri.
Subquery Object
A list of subqueries to execute on every item in order to fetch additional metadata and/or the item body, especially if this information is located under a different path than that of the item.
The subquery configuration supports the following properties from the Endpoints object configuration:
It also contains the following property:
Example:
"SubQueries": [
{
"Path": "graphql",
"Method": "GET",
"Body": "%[data.body]",
"Metadata": {
"created": "%[node.created]"
}
}
]IsThumbnail (Boolean)
If the SubQueries object path leads to an image, set IsThumbnail to true to show this image as the thumbnail of an item.
The default value is false.
Supported thumbnail file formats are the following:
.bmp, .emf, .exif, .gif, .icon, .jpeg, .png, .tiff, .wmf
.
|
|
Notes
|
Authentication Object
If one of the Services to crawl requires authentication, your JSON configuration must include the following properties.
Username (String)
Username used to log in to the GraphQL service.
You can use @Username to retrieve the value specified in the Add a GraphQL API Source panel.
Password (String)
Password used to log in to the GraphQL service.
This property can be empty even though a Username is specified.
You can use @Password to retrieve the value specified in the Add a GraphQL API Source panel.
Domain (String)
Domain name to use when authenticating to a NTLM or Kerberos protected server.
ForceBasicAuthentication (Boolean)
Whether to force a basic HTTP header in the request.
The default value is false.
OAuth (OAuth Object)
If the application to make searchable requires OAuth 2.0 authentication, the OAuth object must contain the required configuration.
You can use the @ syntax to map the credentials or API key you specified in the Add a GraphQL API Source panel.
See the OAuth 2.0 section for details on the object properties.
Example:
"OAuth": {
"Query": {
"RefreshUrl": "http://example.com/token",
"Method": "POST",
"Parameters": {
"grant_type": {
"Type": "Payload",
"Value": "refresh_token"
},
"refresh_token": {
"Type": "Payload",
"Value": "REFRESH_TOKEN",
"IsRefreshToken": true
},
"client_id": {
"Type": "Payload",
"Value": "CLIENT_ID"
},
"client_secret": {
"Type": "Payload",
"Value": "CLIENT_SECRET"
}
}
},
"Response": {
"AccessToken": "access_token",
"SupportsRefreshToken" : "true",
"RefreshToken": "refresh_token",
"ExpiresIn": "expires_in",
"TokenType": "token_type"
}
}OAuth Object
If the application to make searchable requires OAuth 2.0 authentication, include the following properties in your source JSON configuration.
Query (OAuth Query Object, Required)
The Query object represents the OAuth 2.0 refresh query configuration.
See OAuth 2.0 Query for the properties expected in this object.
Enter your credentials in the Add a GraphQL API Source panel and use the @ClientId, @ClientSecret, and @RefreshToken placeholders in your JSON configuration.
Response (OAuth Response Object)
The Response object represents the OAuth 2.0 refresh query configuration.
See OAuth 2.0 Response for the properties expected in this object.
OAuth Query Object
If the application to make searchable requires OAuth 2.0 authentication, include the following properties in your JSON configuration.
Example:
"Query": {
"RefreshUrl": "http://example.com/token",
"Method": "POST",
"Parameters": {
"grant_type": {
"Type": "Payload",
"Value": "refresh_token"
},
"refresh_token": {
"Type": "Payload",
"Value": "@RefreshToken",
"IsRefreshToken": true
},
"client_id": {
"Type": "Payload",
"Value": "@ClientId"
},
"client_secret": {
"Type": "Payload",
"Value": "@ClientSecret"
}
}
}RefreshUrl (String, Required)
The OAuth 2.0 refresh URL.
Example: "RefreshUrl": "http://example.com/token"
Authentication Headers (Object)
The additional HTTP headers to use to authenticate the client and refresh the token.
|
|
Note
Coveo automatically sets the Content-Type header. Therefore, you don’t need to enter anything for this header. |
Example:
"Headers": {
"X-Auth": "API_KEY"
}OAuth Query Object Method (String Enum)
The HTTP method to use to refresh the OAuth 2.0 token.
Default is POST.
Parameters (Object)
The parameters to use to authenticate the client and refresh the token.
Possible values are query or payload.
If the OAuth 2.0 flow to use doesn’t support refresh tokens, don’t specify it in the Query object parameters.
Enter your credentials in the Add a GraphQL API Source panel and use the @ClientId, @ClientSecret, and @RefreshToken placeholders in your JSON configuration.
Example:
"Parameters": {
"grant_type": {
"Type": "Payload",
"Value": "refresh_token"
},
"refresh_token": {
"Type": "Payload",
"Value": "@RefreshToken",
"IsRefreshToken": true
},
"client_id": {
"Type": "Payload",
"Value": "@ClientId"
},
"client_secret": {
"Type": "Payload",
"Value": "@ClientSecret"
}
}OAuth Response Object
If the application to make searchable requires OAuth 2.0 authentication, include the following properties in your JSON configuration.
Example:
"Response": {
"AccessToken": "access_token",
"SupportsRefreshToken" : "true",
"RefreshToken": "refresh_token",
"ExpiresIn": "expires_in",
"TokenType": "token_type"
}AccessToken (String)
The path to the access token in the response.
Default is access_token.
SupportsRefreshToken (Boolean)
Whether the OAuth 2.0 flow supports refresh tokens.
Default is true.
RefreshToken (String)
The path to the refresh token in the response.
Default is refresh_token.
ExpiresIn (String)
The path to the expiration time in the response.
Default is expires_in.
If there’s no expiration time in the response, use the ExpiresInDefaultValue property.
ExpiresInDefaultValue (Number)
Specify an expiration value in seconds for the refresh token as an alternative to the ExpiresIn property.
Default is 3600.
TokenType (String)
The path to the token type in the response.
Default is token_type.
If the TokenType isn’t specified in the response or if it’s invalid or inappropriate, it defaults to Bearer.
If you want a different default value, use the TokenTypeDefaultValue property.
TokenTypeDefaultValue (String)
If the TokenType isn’t specified in the response or if it’s invalid or inappropriate, it defaults to Bearer.
Should you not want to use Bearer as a replacement for the inadequate token_type value that the response returns, specify the desired value.
AuthorizationHeader (String)
Specify the name of the authorization header where the access token should appear.
Default is Authorization.
Example:
"AuthorizationHeader": "X-ACCESS-TOKEN"
Very useful
Not really
Very useful
Not really