Documentation

Query Pipeline - Access Configuration

All query pipeline are access protected by default. This means that when calling a query pipeline, the user must be authenticated.

Configuration Options

Secure Search (Default)

Here, a bearer token must be given which stems from the Entra Id instance configured at Entra Id .

image-20251104-075301.png

Public Search

image-20251104-075324.png

You can however also configure public access with and without an API key. If you decide to provide an API without access token, then the pipeline can be called by anyone and it is assumed that the calling user is member of the Everyone group. I.e., security trimming takes place, but returns all documents which have Everyone in the allow ACLs. If you configure an API token, then this must be passed with the Authorization header (without bearer) and also here the further processing is solely based on indexed items with Everyone in the allow ACL field.

Rate Limiting

Each API can have its unique rate limiting configured. Based on the IP address of the caller, the rate limiter determines if the number of requests in the given timeframe is exceeded. If so, the caller will receive a 429 with a retry later header.

Please note that rate limiting is not applied for sub processes but only as part of the API call of the query pipeline.

Configuration

  1. Is public search: enable this if you want to switch the authentication and authorization mode from Entra Id to either fully public or to access with an API key

  2. Access token for this pipeline: If “is public search” is enabled, then you can specify an access token for this pipeline. This must be presented as part of the Authorization header.

  3. Rate limit per IP. This parameter defines how many requests are allowed to be made per IP address. This parameter and the next specify the rate limiting behavior as described above.

  4. Duration in seconds to measure the rate limit against. Defines the time frame length for measuring the number of requests against.