Token Authentication Now Available for SearchStax Studio

March 07, 2023

Pete Navarra

|

3 min. read

We are announcing that SearchStax Site Search now supports Token Authentication when using the Search APIs in the product. This update improves overall security over search and includes a feature that makes it simple to manage and rotate your tokens.

The latest versions of  SearchStax Sitecore Module and SearchStax Drupal Module also support the Token Authentication feature. 

What is Token Authentication?

Token Authentication is a method of security authentication that uses a token, or a piece of data, to authenticate a request or user instead of a traditional username and password. By using a token that contains unique identifiers and a digital signature, Token Authentication adds an additional layer of security by requiring validation of a token to ensure that a request is coming from a verified user or source. 

For Studio, we use a cryptographically secure 20-byte token consisting of a random string of letters and numbers and pass that string through the API query string. This string will still be visible to browsers and clients, and capable of being reused. For this reason, it is important that you still have read only keys that are used for the front end, and backend administration keys are kept safe.

The benefit of using Token Authentication though is that there is no way to potentially guess what the admin token might be, even if you found the admin API endpoint. This adds an extra layer of security complexity and removes the need for the marketer or developer to come up with their own pass phrases.

Best Practices for Token Authentication

One of the primary best practices when using Token Authentication is to regularly cycle your token keys with new keys on a rotating schedule. 

Even if keys are exposed or get out into the wild, changing your Token Authentication keys regularly will invalidate the old keys. SearchStax Studio provides functionality to specify a number of keys that can be activated or deactivated as needed.

For more information on implementing, managing and rotating tokens, refer to our product documentation on Search APIs and Token Authentication

Token Authentication FAQs

What is Token Authentication?

Token authentication is a method of authentication that uses a token, or a piece of data, to authenticate a user or request instead of a traditional username and password.

What is Basic Authentication?

Basic Authentication is a method of user authentication in which the user’s credentials, typically a username and password, are transmitted in encoded base 64 format over the network. It is a widely used authentication mechanism for accessing web-based resources, such as websites and web services.

How is Token Authentication Different from Basic Authentication?

Token Authentication uses a more secure and scalable method of authentication than the username and password security in Basic Authentication. While Basic Authentication is simple to implement, it is not considered as secure as Token Authentication because the credentials are transmitted in plain text and can be intercepted and read by third parties.

SearchStax Site Search is a powerful and easy search solution that gives marketers full control over the entire site search experience — and the insights to know what’s working (and what isn’t). Schedule a Demo to see the power of SearchStax Studio for yourself or Contact Us to speak with one of our search experts.

By Pete Navarra

VP, DXP Solutions

“By using a token that contains unique identifiers and a digital signature, Token Authentication adds an additional layer of security...”

You might also like: