Inconvenient Search REST API for anonymous users

SharePoint 2013 Search REST results
Leveraging the Search REST API allows you to build rich search-driven solutions. If you’re not careful however, you might get results other than intended even though everything seems to be working correctly.

SharePoint 2013 Search REST for anonymous users

Previously I wrote about the steps required to allow anonymous users to use the SharePoint 2013 Search REST API. One of the steps was to upload a configuration file to a specific Document Library. When done correctly you should be able to see some search results for your query:

Search results for a search query executed using the Search REST API

If you however take a closer look you might notice that the search query has been executed on a Result Source different than the one requested in the query:

Arrow pointing between source ID parameter in the URL in the browser address bar and the source ID in the search results

Even though everything seems to be working correctly, and you are getting some search results, the odds are high that those results are different than the results that you should be getting. So what is wrong exactly?

Inconvenient Search REST API for anonymous users

It turns out that, when building the configuration file for anonymous access to the Search REST API, if there is a mismatch in the Site Collection or Web ID SharePoint 2013 Search will fall back to the default Result Source.

Tip: When building the configuration file for anonymous access to the Search REST API you can leave the Farm ID configured as an empty GUID. This is very useful for configuring access to the Search REST API for users with restricted read permissions in Office 365, who also require the same configuration as anonymous users and where there is no way for you to get a hold of the Farm ID.

What’s inconvenient about this situation is that, unless you thoroughly verify the query results and compare the source ID to the one you used in the query, SharePoint 2013 won’t return any error if there is a mismatch in the configuration file and it might not be obvious at first that you’re getting results other than requested.

The good news is that it can be fixed fairly easy by including the correct Site Collection and Web ID’s in the configuration file. Changes to the query results should be seen immediately:

Arrow pointing between source ID parameter in the URL in the browser address bar and the source ID in the search results

Summary

SharePoint 2013 allows you to use its Search REST API with both authenticated and anonymous users. In order to use the API with anonymous users though, some additional configuration steps are needed. If this configuration is done improperly you won’t see any errors. Instead you will see SharePoint using the default Result Source instead the one requested in the query. This can be easily fixed by correcting the configuration file for anonymous access to the Search REST API.

Comments

comments powered by Disqus