Security Concepts

This topic explains security for Managed Search.

Communications protocol and transport layer security

Client applications access the Managed Search and Solr API endpoints over HTTPS, which is secured by TLS.

OAuth2 authentication

OAuth2 authentication servers provide an authentication service to Managed Search. Each Managed Search REST API call must include an Authorization header that contains a valid OAuth2 access token. There are two approaches:

  • Use the Lucidworks Managed Search SolrJ client library – For SolrJ clients, the OAuth2HttpRequestInterceptor implementation in the Lucidworks Managed Search SolrJ client library simplifies the process of obtaining, using, and refreshing access tokens.

  • Manage OAuth2 access tokens yourself – For clients other than SolrJ clients, your app must manage OAuth2 access tokens, and use them for authentication, itself. You can also use this approach with SolrJ.

If you are not using SolrJ, the OAuth2 access token expires after 1 hour. If the token expires, you need to repeat the steps to generate a new token.


After authentication, an app or user has full access to Managed Search APIs.