https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/how-can-i-can-edit-public-feature-layer-but-with/m-p/1115777#M4004 <P>The way I would handle this is to first un-share the source hosted feature layer which has editing enabled so appropriate credentials are needed to perform an edit.&nbsp; Then I would <A href="https://doc.arcgis.com/en/arcgis-online/manage-data/create-hosted-views.htm" target="_self">create a hosted layer view</A>&nbsp;and disable editing and share it publicly for others to consume as a read-only layer.</P> Wed, 10 Nov 2021 18:43:08 GMT JohnGrayson 2021-11-10T18:43:08Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/how-can-i-can-edit-public-feature-layer-but-with/m-p/1115646#M4003 <P>Hello,</P><P>I have a public Feature-Layer. My intention is to:</P><OL><LI>Update my layer automatically using with Firebase Cloud-Functions (written in node.js)</LI><LI>Keep sharing my layer publicly</LI><LI>But keep my layer non-editable for unauthorised users</LI><LI>I wish to use my API-Key for authentication (but alternatively can use&nbsp;OAuth 2.0 Credentials)</LI><LI>I don't care which method specifically: Append/Upsert, applyEdits, Update Feature etc...</LI><LI>I don't care if I use Arc-GIS REST API or JS etc...</LI></OL><P><STRONG>My problem:</STRONG><SPAN> If I edit my feature definition to </SPAN>"capabilities" : "Create, Update, Delete"<SPAN>as mentioned </SPAN><A href="https://developers.arcgis.com/rest/services-reference/enterprise/apply-edits-feature-service-layer-.htm" target="_blank" rel="nofollow noopener noreferrer">here</A><SPAN>, then any unauthorised user can edit my layer, while if I don't, I get:</SPAN></P><BLOCKQUOTE><P>[ 'This operation is not supported.', 'Unable to add the features.', 'This operation is not supported.' ]</P></BLOCKQUOTE><P>Authentication is declered <A href="https://esri.github.io/arcgis-rest-js/api/feature-layer/applyEdits/" target="_blank" rel="nofollow noopener noreferrer">in the documentation</A>.</P><P>My example code:</P><P>&nbsp;</P><P>&nbsp;</P><LI-CODE lang="javascript">require("cross-fetch/polyfill"); require("isomorphic-form-data"); const featureLayer = require('@esri/arcgis-rest-feature-layer'); const auth = require('@esri/arcgis-rest-auth'); const session = new auth.ApplicationSession({ clientId: "Some clientId", clientSecret: "Some clientSecret" }) const apiKey = new auth.ApiKey({key: 'Some API Key'}); featureLayer.applyEdits({ url: "https://services3.arcgis.com/someID/arcgis/rest/services/someNAME/FeatureServer/0", adds: [{ geometry: { x: 120, y: 45 }, attributes: { indexCity: "alive" } }], authentication: session // or alternativly: "apiKey" }) .then(response =&gt; { console.log(response) }) .catch(err =&gt; console.log(err.response.error.details));</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P><FONT size="5"><U><STRONG>How can I keep my Feature-Layer public viewed but editable by me only?&nbsp;</STRONG></U></FONT></P><P>&nbsp;</P> Wed, 10 Nov 2021 14:44:36 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/how-can-i-can-edit-public-feature-layer-but-with/m-p/1115646#M4003 arielhasidim 2021-11-10T14:44:36Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/how-can-i-can-edit-public-feature-layer-but-with/m-p/1115777#M4004 <P>The way I would handle this is to first un-share the source hosted feature layer which has editing enabled so appropriate credentials are needed to perform an edit.&nbsp; Then I would <A href="https://doc.arcgis.com/en/arcgis-online/manage-data/create-hosted-views.htm" target="_self">create a hosted layer view</A>&nbsp;and disable editing and share it publicly for others to consume as a read-only layer.</P> Wed, 10 Nov 2021 18:43:08 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/how-can-i-can-edit-public-feature-layer-but-with/m-p/1115777#M4004 JohnGrayson 2021-11-10T18:43:08Z