How can I can edit public Feature-Layer BUT with authorised request ONLY?

188
1
Jump to solution
11-10-2021 06:44 AM
arielhasidim
New Contributor

Hello,

I have a public Feature-Layer. My intention is to:

  1. Update my layer automatically using with Firebase Cloud-Functions (written in node.js)
  2. Keep sharing my layer publicly
  3. But keep my layer non-editable for unauthorised users
  4. I wish to use my API-Key for authentication (but alternatively can use OAuth 2.0 Credentials)
  5. I don't care which method specifically: Append/Upsert, applyEdits, Update Feature etc...
  6. I don't care if I use Arc-GIS REST API or JS etc...

My problem: If I edit my feature definition to "capabilities" : "Create, Update, Delete"as mentioned here, then any unauthorised user can edit my layer, while if I don't, I get:

[ 'This operation is not supported.', 'Unable to add the features.', 'This operation is not supported.' ]

Authentication is declered in the documentation.

My example code:

 

 

require("cross-fetch/polyfill");
require("isomorphic-form-data");
const featureLayer = require('@esri/arcgis-rest-feature-layer');
const auth = require('@esri/arcgis-rest-auth');

const session = new auth.ApplicationSession({
  clientId: "Some clientId",
  clientSecret: "Some clientSecret"
})
const apiKey = new auth.ApiKey({key: 'Some API Key'});

featureLayer.applyEdits({
    url: "https://services3.arcgis.com/someID/arcgis/rest/services/someNAME/FeatureServer/0",
    adds: [{
      geometry: { x: 120, y: 45 },
      attributes: { indexCity: "alive" }
    }],
    authentication: session // or alternativly: "apiKey"
  })
    .then(response => {
      console.log(response)
    })
    .catch(err => console.log(err.response.error.details));

 

 

How can I keep my Feature-Layer public viewed but editable by me only? 

 

0 Kudos
1 Solution

Accepted Solutions
JohnGrayson
Esri Regular Contributor

The way I would handle this is to first un-share the source hosted feature layer which has editing enabled so appropriate credentials are needed to perform an edit.  Then I would create a hosted layer view and disable editing and share it publicly for others to consume as a read-only layer.

View solution in original post

1 Reply
JohnGrayson
Esri Regular Contributor

The way I would handle this is to first un-share the source hosted feature layer which has editing enabled so appropriate credentials are needed to perform an edit.  Then I would create a hosted layer view and disable editing and share it publicly for others to consume as a read-only layer.