Authenticating application vs users

ShareUser · ‎03-14-2024

Hello,

I am developing an experience builder app with custom widgets that is meant to be deployed on a server. In my custom widgets, I pull data from living atlas and my custom feature layers (from my ArcGIS Online account as a member of an organization account), do some specific processing and then send the resulting layer for interpolation. On top of that, the result of the interpolation has too many features, so the interpolated results have to be published on ArcGIS Online. Currently, I am able to do this using my account credentials.

The potential problem is that the experience builder web app is supposed to be used by other users. These users will be given arcgis accounts with viewer privileges, making them able to view layers stored in my ArcGIS Online organization account. I am not sure what is required for them to be able to run the interpolation analysis. Does that require a more expensive type of account of each user? Is there any other way of baking into the application some kind of api key that allows the interpolation, even though the user has a basic arcgis account?

Thanks!

clt_cabq · ‎03-14-2024

a lot of the 'analysis' tools generate output that ends up in the users 'my content' space, and since Viewers can't create content, they probably won't be able to use those tools. You might check on that tool and see how it gives results.

ShareUser · ‎03-14-2024

Yeap, that is what I fear. I am wondering if there is a permanent token or other authentication method that will allow any viewer account to still run interpolation jobs and publish the result in our organization ArcGIS Online account.

clt_cabq · ‎03-14-2024

I doubt there is any good way to do this unfortunately, ESRI wants its due from people hitting its resources!

ShareUser · ‎03-15-2024

ESRI can still charge us credits every time the api key, token is used

Grant-S-Carroll · ‎03-14-2024

Have you reviewed the documentation with regard to API keys on the platform here https://developers.arcgis.com/documentation/mapping-apis-and-services/security/api-keys/? Though given your workflow, i'm not sure the keys will work.

The other potential solution for your issue is to look at using application authentication with your processing results. Using a client id and client key, you can generate token. The token can then be used to interact with the platform, there are some limitations with that approach, the account/owner associated with the client id and secret application. https://developers.arcgis.com/documentation/mapping-apis-and-services/security/app-credential-authen.... Note this does stare you cannot publish a layer.

However, my question would be could you create a single hosted layer a push your new features in to this layer? Perhaps adding a field to assoicate the analysis with the current logged in user or some other unique identifier for the results to then filter the analysis. If you are constantly generating hosted feature layers, then you would need some kind of management/governance around all those layers.

Again, I don't know the full workflow, but there are perhaps some others that it could be solved, and there are some other authentication methods in the docs I have linked too. The above approach with application authentication is one we are using in an integration context where we have members of the public working with a map embbed in a third party application to update features in to ArcGIS Online.

DimitriosIliadis · ‎03-15-2024

Thank you the response!

I looked into the API keys but from what I understand, I need an expensive developer account to set the content item scopes

The inability to publish a layer with the application authentication is a bit of a deal-breaker at the moment.

I will test the method you suggested.

Thanks!