I need to provide access to a feature service running to one of our clients. They've requested access to a rest endpoint but, due to the nature of some of the other data on this server, I can't enable the services directory for them. Does anyone have a good way to supply service access without using rest?
I'd like to be sure I understand the requirement here.
I understand that you've disabled the services directory, but that only disables the HTML representation that a user can access in order to perform operations against a web service via a browser. It doesn't prevent clients from communicating with the resource via text/JSON.
Given the nature of the services, could you potentially enable the services directory, secure all of the services, and provide a specific user to the client to access this single web service? Given the sensitivity you mention, I'd expect that most of those services are secured regardless.
Another way is to use folders in ArcGIS Server. For example have a folder called internal and have your admins lock it down, or lock down those services rather. Then have a folder called external and have that opened to the public. This prevents the client from having to use authentication.