Plugin: Access restriction to search results


Use this plugin if you need to restrict the access to your search results.

This plugin allows you to specify a HTTP header and token value that must be included with a search request for results to be returned.

This provides a token-based alternative for restricting access to search results.

Error response

If the token from the request header does not match the header and token as specified in the configuration, a 401 (Unauthorized) response will be returned.

When to use this plugin

When embedding the search in another system

Because this plugin controls access via a configured token that must be provided via HTTP headers each time a search request is made, this is most useful when you embed the search in another system.

In this case the other system calls the search on the user’s behalf and can add in the additional headers when the request is made.

For example, if you call the search from Squiz Matrix using a REST asset, the asset can be configured to provide the token along with every request that is made to Funnelback.


Enable the plugin

  1. Select Plugins from the side navigation pane and click on the Access restriction to search results tile.

  2. From the Location section, select the results page to which you would like to enable this plugin from the Select a results page select list.

The plugin will take effect as soon as you finish running through the plugin setup steps.

Configuration settings

The configuration settings section is where you do most of the configuration for your plugin. The settings enable you to control how the plugin behaves.

The configuration key names below are only used if you are configuring this plugin manually. The configuration keys are set in the results page configuration to configure the plugin. When setting the keys manually you need to type in (or copy and paste) the key name and value.

Header name

Configuration key


Data type



This setting is required

Specifies the HTTP header name containing the security token

Security token

Configuration key


Data type

Encrypted string


This setting is required

The value of the security token that must be provided as the value of the configured HTTP header when making the request.

The user will only be granted access to view the search results if the header name and token are supplied when making the query.


This example shows how to configure the plugin to restrict access to a set of search results unless you provide the following in you HTTP headers when making your search request:

HTTP header Value



To achieve this, the plugin must be configured with the settings:

Plugin setting Value

Header name


Security token


The token you enter (funnelbackSecretToken in the above example) is automatically encrypted when you save the value. If you view the configuration via the results page configuration key editor or raw editor you will see a value like ENCRYPTED:AQX7ZRgj4x0xVpOSA4kWIN9UR2tUFjnI8GMK6FfW6 which corresponds to the value you entered. e.g.


Change log



  • Fixed plugin ID to match plugin directory name.



  • Updated to the latest version plugin framework (Funnelback shared v16.20) to enable integration with the new plugin management dashboard.

See also

  • Plugins

  • build/results-pages/search-result-security/index.adoc[]