We have a self-hosted Enterprise Search instance with sensitive search data in it. A permanent public search API key doesn't meet our security standards.
What is the best way to ensure that only authenticated users can access the search endpoint? Our users are authenticated through AWS Cognito.
If a public search key does not meet your standards, then I would recommend proxying the search endpoint through your own API endpoint, which would implement whatever security protocols you wish.
@JasonStoltz thanks, will look into doing that. However, I'm currently using the SearchUI to handle all search requests - do you know of an easy way to add extra headers into the query - for the authentication token?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.