Thanks for the reply, Bjorn
I understand API Keys are just for ArcGIS Online and Enterprise should use token or OAuth authentication, but what I don't understand is what tells ArcGIS that I really have a license in the first place if I can go to codepen or any other site and just input a code with no reference to my enterprise account whatsoever?
- Is it just for demonstration/testing purposes?
- If so, why the maps accessible with the API key is not open for testing as well?
- Does this approach without a key or token have any limits to how much the application can consume?
I'm asking all these questions because if we can just ship out a code without any API/token reference that's the way we will take it since we won't have to deal with another endpoint to handle authentication (we are using client_credentials tokens).
I just want to be certain that this approach will keep working in the future, in order to keep our site running without problems.
Just to give you a context, the website in question is only using the base map, all the other layers are being generated on the client side.