Request secrets are encrypted codes that can be added to the thumbnail and preview URLs returned by the API search results. These are useful when the search results are transformed to HTML by an intermediary (like PHP or XSLT) and are served to a web browser.
When to use them?
In this case, the browser that will be loading the thumbnail and preview URLs will not be authenticated with the server. The PHP script is authenticated, but the web browser that displays the actual page is not authenticated and won't be able to access the thumbnails and previews on the server.
All SOAP search results have request secrets added to their URLs by default. For REST searches, you can turn them on if you need them.
To allow the web browser to load the thumbnails and previews, Elvis can append an encrypted code to the thumbnails and previews URLs so any browser that loads those URLs will be automatically authenticated with the same permissions as the original user that was used to perform the API search call.
The request secrets added to the URLs are only valid for 10 minutes after the original search request, which should be sufficient for the client web browser to load them. After 10 minutes, the client should re-execute the search to fetch fresh URLs if it still needs them.