> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Signals in Appkit

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

[localhost link]: http://localhost:3000/docs/4/app-studio/concepts/overview/signals

[old doc.lw link]: https//doc.lucidworks.com/app-studio/4.2/3122

[mintlify link]: https://doc.lucidworks.com/docs/4/app-studio/concepts/overview/signals

Appkit provides support for the [Fusion REST Signals API](/docs/4/fusion-ai/reference/api/signals-api), allowing user clicks and the creation of annotations (bookmarks, topics etc) to be recorded and tracked.

To learn how to use these signals with Appkit, see [Incorporating Fusion Signals in Appkit Applications](/docs/4/app-studio/reference/modules/activity-tracking/overview).

<LwTemplate />

## Creating a collection for signals tracking

Using the [Fusion UI](/docs/4/fusion-ai/concepts/overview), when a primary data collection is created, this also creates a collection for the signals. By default, the name of this signals collection is by `<primary collection>_signals`, where `<primary collection>` should be substituted with the name of the primary data collection. After data has been indexed and ingested into the primary collection, the Appkit Fusion Signals module can be used to populate the signals collection.

## Tracking user clicks and annotations

Currently, Appkit will send information on user clicks that trigger URL requests as well as when a user creates an annotation, for example, a bookmark or comment.

A signal event of type `click` will include, amongst other things, information about the URL that was clicked as well as the number of times that URL was clicked.

A signal event of type `annotation` will include, amongst other things, information about the annotation target, the collection, and the creator.

For a full list of properties that are stored, refer to the signals collection associated with your application.

## Authentication

Activity tracking requires authentication. Both **Fusion Impersonation via a Service Account** and the Fusion **Set Up Lucidworks Fusion Authentication** can be used for this purpose.

<AccordionGroup>
  <Accordion title="Fusion Impersonation via a Service Account">
    To securely access Fusion via Appkit, a user has several options. They can either adopt Appkit’s Fusion security provider making use of session cookies to send repeated requests back to Fusion, or they can access Fusion via a service account if they are planning to use [query pipelines](/api-reference/query-pipelines-api/get-all-query-pipelines). In this section, we describe how to set up the latter.

    ## 1 Set up a service account on the Fusion server

    If a user wants to query Fusion through a pipeline by impersonating another user via a service account, they must first ensure such an account has been set up on the Fusion server. This account should have access rights to the required resources.

    ## 2 Add Security Trimming query stages to required pipelines

    Query pipelines can have additional security filtering applied to ensure specific users do or do not have access to specific resources. This filtering can be set up by adding a Security Trimming stage to the query pipeline via the Fusion UI. The User ID key that is used in the security trimming stage to filter on results is supported in Appkit via the `user-id` attribute, which is described in the next section.

    ## 3 Update fusion.conf

    To query Fusion using this approach, this attributes must be added to the platform `fusion.conf` file in `src/main/resources/conf/platforms/fusion/`:

    ```yaml theme={"dark"}
    impersonate: true
    userName: joebloggs
    password: password
    user-id: username
    ```

    Here, the `impersonate` attribute informs Appkit that users will be querying Fusion pipelines via a service account. Below that, both the `userName` and the `password` are the credentials for the service account that Fusion will authenticate against. The last attribute `user-id` is optional and by default takes the value of `username`. This is the parameter that will be appended to the query string and filtered on in the security trimming stage. For example, the complete query URL might appear as:

    ```bash wrap theme={"dark"}
    http://localhost:8764/api/apollo/query-pipelines/test-default/collections/test/select?&wt=json&q=*:*&debug=false&fl=x,y,z&start=0&username=joe@bloggs.com'
    ```
  </Accordion>

  <Accordion title="Set Up Lucidworks Fusion Authentication">
    The Fusion security provider for Appkit allows authentication against Fusion using the Fusion Sessions API. With this provider configured, an application deployed within a Fusion defined 'realm' such as `native` can securely authenticate a user against Fusion.

    These sections describe how to set up Fusion authentication using the Sessions API within an Appkit application.

    ## 1. Add the security provider dependency

    Authentication against Fusion using the Sessions API requires Appkit’s Fusion security provider module. To enable this module, first remove any existing security provider dependency from the `pom.xml` under the root of the project and insert this within the `dependencies` tag:

    ```xml theme={"dark"}
    <dependency>
        <groupId>twigkit</groupId>
        <artifactId>twigkit.security.provider.fusion</artifactId>
        <version>${project.parent.version}</version>
    </dependency>
    ```

    ## 2. Update security.conf and add fusion.conf

    To invoke this module when Appkit starts up, add this to `security.conf` in `src/main/resources/conf/security/`:

    ```yaml theme={"dark"}
    type: spring_security
    ```

    Then configure the session host, which security realm to use and the session timeout in `fusion.conf` in `src/main/resources/conf/security/fusion`. For example:

    ```yaml theme={"dark"}
    session-host: http://localhost:8764
    session-timeout: 30
    realm-name: native
    ```

    The session-timeout parameter should be a time in minutes and be equal to your Fusion session timeout. By default, this
    value is 10. For further information, refer to the Fusion Session Api documentation.

    ## 3. Configure security filtering in the application

    Spring Security operates using a Servlet filter which must be mapped in the web.xml file in `src/main/webapp/WEB-INF`:

    ```xml theme={"dark"}
    <!-- Spring Security -->
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:spring-security.xml</param-value>
        </context-param>

        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>

        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>

        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    <!-- Spring Security Ends -->
    ```

    This should be added as the first filter in the chain (at the top of the web.xml file).

    ## 4. Instruct the application to use the Fusion security provider

    For integration with security providers supported by Spring Security, configuration is managed in the [spring-security.xml](/assets/appkit-misc/4.2/spring-security.xml) file in `src/main/resources`.

    Leave the initial section of this file dealing with HTTP URL patterns as configured. Remove any existing authentication manager configuration below that initial section, and add this:

    ```xml theme={"dark"}
    <!-- Fusion authentication provider -->
    <beans:bean id="fusionAuthenticationProvider" class="twigkit.security.fusion.FusionAuthenticationProvider"/>

    <!-- Authentication manager configuration -->
    <authentication-manager>
        <authentication-provider ref="fusionAuthenticationProvider"/>
    </authentication-manager>
    ```

    Now when a user logs into Appkit, if they have been successfully authenticated against Fusion, they will receive a session cookie that can be re-used to send subsequent requests. Access to Fusion in this way can extend for up to 10 minutes if there is no activity and up to a maximum of 8-hours if a request is received within a 10-minute interval.
  </Accordion>
</AccordionGroup>

Service account impersonation requires credentials for the service account and these are stored in the Fusion platform configuration. These credentials can be accessed by setting the name of the Fusion platform configuration via the `platform-config` parameter in the Fusion activity tracking configuration.

If the credentials for a service account are not provided or cannot be found, a check will be made to see if a Fusion session cookie is available. Typically, this will be present when the user is known to the Fusion server and the Session API has been set up accordingly.
