Search Templates prevent script injections by only passing the parameters to your search query rather than passing the query itself over a network request.
How Search Templates Work
The /_search/template
endpoint allows to use the mustache language to pre render search requests, before they are executed and fill existing templates with template parameters.
Create/Edit Template
Let's start with creating a template, to create a template you need to define the source
key in the elasticsearch query DSL format.
Note
You can also update the template query just by using the same view.
Validate/Render Template
You can render a template in a response with given parameters using the Validate and Render
option.
This call will return the rendered template:
Get API Endpoint
You can use Copy as CURL
option to copy the request in your clipboard.
For an example check this sample request.
curl -X GET https://scalr.api.appbase.io/movies-store-app/_search/template -H 'Content-Type: application/json' -H 'Authorization: Basic XYZ' -d'
{
"id": "Template1",
"params": {
"query_string": "search for these words"
}
}
'
Open your terminal and paste the request to test the search query results.