Access restricted content from application

4131
7
Jump to solution
04-06-2021 11:41 AM
Scott
by
Emerging Contributor

We've started evaluating the ArcGIS API for Javascript, and need access to content (layers, maps, etc.) that are set to the Organization sharing level, but so far have only been able to access content belonging to the same user that created an api key, or app credentials. Using an API key, this article (https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/create-and-...) states you can click on the 'Add Items' button from Content and Items, but that button does not exist from my dev dashboard. I've also implemented Application Credentials and obtain a token from our app's client ID/Secret, but am still not able to access content that's specified at the Organization level.

0 Kudos
1 Solution

Accepted Solutions
LaurenBoyd
Esri Contributor

@Scott - When you set the sharing level of content to Organization level, this is still considered private content since it's not publicly shared. API keys can only read private content with an ArcGIS Developer account and Application Credentials can't access private content at all so that's why these two workflows won't work in this scenario.

If you want end users to access content in an application without having to sign in, you must make this content public. Since this content is still private, authentication with an ArcGIS Identity would need to be implemented as mentioned here: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/ 

Lauren

View solution in original post

0 Kudos
7 Replies
JeffreyWilkerson
Frequent Contributor

Not sure if you are going for being logged in before accessing the data or not, but if you just put your Organization level layer into one of the samples (such as https://developers.arcgis.com/javascript/latest/sample-code/intro-mapview/ ) then it should ask you for credentials on load.  I'm doing something similar right now and then need to figure out who logged in which is done using the "esri/idenity/IdentityManager" class (and the "dojo/on" class).  That would look something like:

esriId.on("credential-create", function(e) {
    console.log(e.credential.userId);
});
0 Kudos
LaurenBoyd
Esri Contributor

Hi @Scott -

Only ArcGIS Developer accounts can use API keys to read private content. If you are a member of an organization with an ArcGIS account, you can use OAuth 2.0 to obtain ArcGIS identity credentials to read and access private organization and user content and services on your user's behalf. This documentation can be found here: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/api-keys/#access-cont...

Application Credentials can be used to access services and not private content/data. See the following page for more details about choosing an authentication method: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/#choosing-an-authenti...

If your application needs to access your users' secure content in the ArcGIS Platform (it seems that's the case), you must implement authentication with an ArcGIS identity as noted here: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/

Hope this helps!

Lauren
0 Kudos
Scott
by
Emerging Contributor

It is not so much our users' secure content, but content that our organization creates (and sets to the Organization sharing level). Ideally, we would not want our users to have to input their credentials. I guess I'm not understanding why there is an Organization sharing level, if I'm unable to access that content logged in either using an API key, or app credentials (client ID/Secret).

0 Kudos
LaurenBoyd
Esri Contributor

@Scott - When you set the sharing level of content to Organization level, this is still considered private content since it's not publicly shared. API keys can only read private content with an ArcGIS Developer account and Application Credentials can't access private content at all so that's why these two workflows won't work in this scenario.

If you want end users to access content in an application without having to sign in, you must make this content public. Since this content is still private, authentication with an ArcGIS Identity would need to be implemented as mentioned here: https://developers.arcgis.com/documentation/mapping-apis-and-services/security/arcgis-identity/ 

Lauren
0 Kudos
Scott
by
Emerging Contributor

ok, thank you for the explanation and links.

FWIW, I am able to access a private (not org) layer I created using Application Credentials, as described here. After obtaining the token, I set it via esriConfig.apiKey = TOKEN, essentially treating it like the API key.

Thanks

 

 

natefunk406
New Contributor

@Scott, this saved me probably a couple weeks of reinventing the wheel in ArcGIS Runtime for Android. I was trying to create a Credential in ArcGIS Runtime from a token string retrieved from the rest service and could not find a way to make it work. I had no idea that you could set the API key to the token string. Thank you SO MUCH!!!

0 Kudos
KeanSargent
New Contributor

Totally agree. And I'd like to add a suggestion. Also, pay attention to the reviews of the company on sites like Clutch. They are usually very realistic. For example, I found the company Sloboda Studio I am working with right there.

0 Kudos