<% user.full_name %>
<% util.level ? util.level.title : '' %>
Explorer Pioneer Apollo Viking Voyager Pathfinder Orion
Points
<% user.points ? user.points.toLocaleString() : 0 %>
Badges
<% util.badgeCount %>
Streaks
Congratulations You've <% util.newestBadge.isCurriculum ? 'completed' : 'earned' %> the
<% util.newestBadge.title %> <% util.newestBadge.isCurriculum ? 'curriculum' : 'badge' %>!
previous
next
Share to Social Media
Linked In Facebook
Status
<% util.level ? util.level.title : '' %>
<% util.level ? util.level.points : '' %>
<% util.nextLevel ? util.nextLevel.title : '' %>
<% util.nextLevel ? util.nextLevel.points : '' %>
Level up! <% util.levelPointsRemaining %> points to go
Level up! <% util.levelPointsRemaining %> points to go
Badges
Completed Hitchhikers Program Track Completed Content Track Completed Pages Track Completed Page Builder Track Completed Search Backend Track Completed Search Frontend Theme Track Completed Search UI React Track Completed Solution Templates and the Admin Console Track Completed Technical Skills Track Completed Platform Basics Track Completed Listings Track Completed Reviews Track Completed Industry Overview Track Completed Analytics Track Completed Industry Overview & Product Basics Track Completed Knowledge Assistant Track Completed Multi-Language Experiences Track Completed Fall '22 Release Highlights Track Completed Spring '23 Release Highlights Track Completed Chat Track Completed Summer '23 Release Highlights Track Completed Fall '23 Release Highlights Track
<% util.expandBadges ? 'Less' : 'More' %>
Playground Accounts
New +
No Playground Accounts
Create Playground +
View Profile
Log Out loading
Mission Complete! 🚀
Congratulations, you’ve completed your first module!

We hope you enjoy exploring the rest of the site. Please don’t forget to leave us feedback - we are constantly looking to improve. Happy Hitchhiking!
Home
Welcome to Hitchhikers! 👋
To learn more about the platform we encourage you to get started by completing the Hitchhikers Program Track and earning your first badge!
Start Here
Close notification
Guide
Add Secure API Tokens to your Search Experience
Arrow Back
Completed
Introduction
Introduction
completed
Completed 1
Step 1
Create an App in the Developer Console
completed
Completed 2
Step 2
Configure Secure API Tokens
completed
Completed 3
Step 3
Pass the JWT Token to Search
completed
Next Steps
Next Steps
completed
home

Introduction | Yext Hitchhikers Platform

light bulb
Prerequisites
Secure API Tokens are part of the Consumer Auth Initiative to create Private Sites and Authorized Search Experiences. Please refer to this Consumer Auth Overview guide and the relevant guides to get started.

Overview

Client-side calls to Yext APIs from an authenticated page must be protected. If not, this allows a malicious user to grab a Search/Streams/Content Delivery API key exposed on the frontend to access your Search Experience. In order to make sure that all client-side calls are secure, we can use secure API tokens to make authenticated requests.

To make a secure call, the Search SDK can accept a token which is minted at runtime, that is, whenever a page is loaded. The token is passed as an authorization header, as it cannot be tampered with, and contains information such as an API keyID, the audience for which the token is valid, and the identity of the user making the request.

Using these tokens, we can then also implement authorized search. If Search knows which user is making the request, it can respect the permissions of which entities should be allowed to surface for that user as a Search result.

Feedback
<% elem.innerText %>