In the Coveo Administration Console, create an authenticated search API key with at least the Execute Queries privilege and scope it to the appropriate search hub to limit its exposure.
On your backend, call the Coveo Search API's /rest/search/v2/token endpoint with the authenticated API key to generate a short-lived search token scoped to the current user identity.
Pass the search token and your Coveo organization ID to the Commerce API client or Coveo Headless library on the frontend; never send the raw API key to the browser.
Issue a product listing or search request using the Commerce API, supplying the catalogId, url (current page URL for contextual recommendations), and query. The Commerce API is designed to work alongside the Coveo Merchandising Hub (CMH) for rule-driven result tuning.
Log analytics events (click, purchase) back to Coveo using the Usage Analytics API so the machine learning models can refine relevance over time.
Known gotchas
Search tokens are short-lived and should be regenerated server-side per user session; caching a token for too long can lead to authentication failures mid-session.
The search token and API key authentication methods both support search hub scoping — enforce this to prevent cross-hub data leakage in multi-brand or multi-region deployments.
Coveo has separate APIs for Commerce (the Commerce API) and general enterprise search (the Search API); confirm you are using the correct API for your use case as the request structures differ.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp