I have a feature service on my organization's AGOL site which I want to have updated via an automated application. The feature service is secured, and shared with my organization but not publicly.
I followed the REST API instructions to create an application API key (generating the client_id and client_secret) and use those to get a token in Postman. The request succeeds and I get a token back with an expiration of 7200 [seconds]. I use the tests feature of Postman to read the token into a variable, which I then use for the subsequent request.
Moving on to the REST API Query a Feature Service instructions, I am able to put the search parameters in, I add the token as a parameter for the URL, but get an error (403) response:
{
"error": {
"code": 403,
"message": "You do not have permissions to access this resource or perform this operation.",
"messageCode": "GWM_0003",
"details": [
"You do not have permissions to access this resource or perform this operation."
]
}
}
The request (service id and token have been altered/redacted):
curl --location --request POST 'https://services.arcgis.com/9XXXXXXXXXZ/ArcGIS/rest/services/testingMap/FeatureServer/0/query?token=wQXsOdT_BIGLONGSTRING0FA1PHANUM3RICS80GjRU3YBsFAc4yFrPvJI2KqvCcfP6XV-fzfN9EnbV4w-RNYc_4MwC-R3dAc7ed-9ut1IywjU7Cy_PZbo-9Tz6MIlQLpcTYyWwNg..' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'f=json' \
--data-urlencode 'outFields=*' \
--data-urlencode 'returnGeometry=True' \
--data-urlencode 'outSr=4326' \
--data-urlencode 'where=1=1'
I can interact with the endpoint via a browser, and it works. I can copy the token created in my browser into Postman and the request succeeds.
How do I authorize the app to access the feature service REST endpoint so that it can run in a fully automated way?
