Use Case Assist with secured content

Coveo Case Assist was designed to use API key authentication, which means that only the content visible to an anonymous user, such as public sources or items, is returned.

However, there are times you may need to display secured content, for example, perhaps your Case Assist implementation is dedicated to internal agents who must access secured items.

For situations where secured content must be accessible through the Case Assist Document Suggestion functionality, you’ll need to use a platform token instead of an API key to authenticate requests. This token, just like a search token, will contain the identity of the current user.

Warning
Warning

Using a platform token currently breaks the quickview functionality on Document Suggestions. Although we’re actively working on a solution, this is a tradeoff you need to consider.

Prerequisites

Configure Case Assist to use a platform token

The code deployed by the Coveo Case Assist cookbook includes two important components: the CaseAssistInterface Lightning Web Component (LWC) and the CaseAssistController Apex class.

CaseAssistInterface Lightning Web Component

CaseAssistInterface is an extension of the QuanticCaseAssistInterface component. It changes the Apex class that’s called to use the CaseAssistController in order to generate the token that will be used to authenticate the Case Assist API calls.

CaseAssistController Apex class

CaseAssistController is the class that must be modified to use a platform token instead of the default API key.

This class provides the following sample method, which is a reference on how to use an API key for Case Assist.

@AuraEnabled
public static String getHeadlessConfiguration() {
    Map<String, String> headlessConfiguration = new Map<String, String>();
    headlessConfiguration.put('organizationId', 'searchuisamples');
    headlessConfiguration.put(
        'accessToken',
        '<API-KEY>'
    );
    headlessConfiguration.put(
        'platformUrl',
        'https://platform.cloud.coveo.com'
    );
    return JSON.serialize(headlessConfiguration);
}

Following this sample method, you’ll see another method which shows you how to use a platform token instead.

Important
Important

The following method will be commented out by default.

@AuraEnabled
public static String getHeadlessConfiguration() {
    Map<String, Object> platformTokenParams = new Map<String, Object>();

    // The platform token needs to request the required privileges to use Case Assist. 1
    List<CoveoV2.PlatformToken.TokenPrivilege> privileges = new List<CoveoV2.PlatformToken.TokenPrivilege>();
    // Adding the required privilege to use Case Assist.
    privileges.add(
        new CoveoV2.PlatformToken.TokenPrivilege(
            'CUSTOMER_SERVICE',
            'USE_CASE_ASSIST',
            'ENABLE'
        )
     );
    // Adding the required privilege to log analytics.
    privileges.add(
        new CoveoV2.PlatformToken.TokenPrivilege(
            'USAGE_ANALYTICS',
            'ANALYTICS_DATA',
            'EDIT'
        )
     );
    platformTokenParams.put('privileges', privileges);

    // Generate the platform token by calling the Coveo platform. 2
    String platformToken = CoveoV2.Globals.generatePlatformToken(
        platformTokenParams
    );

    // Add additional required information to create the Case Assist endpoint. 3
    Map<String, Object> headlessEndpointData = CoveoV2.Globals.getEndpointData();
    Map<String, String> headlessConfiguration = new Map<String, String>();
    headlessConfiguration.put('accessToken', platformToken);
    headlessConfiguration.put(
        'organizationId',
        (String) headlessEndpointData.get('organization')
    );
    headlessConfiguration.put(
        'platformUrl',
        (String) headlessEndpointData.get('clientUri')
    );
    return JSON.serialize(headlessConfiguration);
}

This method does the following:

1 Requests the appropriate privileges to be able to use the Case Assist APIs through token privileges.
2 Generates a platform token using the CoveoV2.Globals.generatePlatformToken, which is a method that’s part of the Coveo for Salesforce package. This method takes care of generating both the token with the current user’s identity, as well as the privileges requested in step 1.
3 Adds additional data to the returned Headless configuration such as the Coveo organizationId, as well as the platformUrl. This data is required by the Quantic framework to function properly.

To configure Case Assist to use a platform token

  1. Access the CaseAssistController Apex class, and then perform the following steps:

    1. Comment out the sample method that uses an API key.

    2. Uncomment the method that uses a platform token.

  2. Save the Apex class.

Your Case Assist interface is now configured to use a platform token instead of an API key.