It is recommended that the userToken sent with search requests matches the userToken sent with its corresponding events. If there is a mismatch, the userToken sent with the search query will be used. Therefore, it is essential to include the correct userToken in both search requests and events.
To prevent malicious users from manipulating the ranking of your records, DRR also uses a distinct userToken per event policy.