using secure service for Geoprocessing widget input parameter

10-13-2021 02:24 PM
Labels (2)
New Contributor II

I have created a geoprocessing service using Python and the ArcREST API that manipulates data in a secured service.

The problem is that when i try to have the user select a layer on the map (if it comes from a secured feature service).  I get the following error:


I can get around this by having the user supply the URL to the service as a string.  The script generates a token to use the apply edits feature of the REST API, but if I don't use a string parameter the script crashes immediately, even though the token is generated prior to the parameter ever being used.  However, users rarely know the URL of the services their editing and want to be able to select things straight off of the map. This is a requirement of the client for whom I am building this.

When I use an unsecured service, the parameter comes through in the script as a string value (the URL of the service) and the script runs just fine.  

Any ideas???


Thank you!!!

0 Kudos
4 Replies
Occasional Contributor II

Hi @NickSwartz ,

Some thoughts and questions below.

My initial thoughts are that you may have an issue with data types and/or access from a server/service/user perspective.

Are you passing the user's token to the geoprocessing service or are you generating the token within your Geoprocessing Task? 

Does the account that generates the token have access to the Service? 

What application are you using to invoke the Geoprocessing Task? 

Does the Geoprocessing Server have access to the Target Service?

Are you determining if the parsed input URL from the client application is secured / not secured before sending your request? Are you sending it via a POST method? It should look something like the below. You may need to white-list (filter) Non secure methods so that they ignore the 'token' parameter.


import json
import requests
ft_url = "htts://...//arcgis/rest/services/.../FeatureServer/applyEdits"
edits = [ {
    "id" : 0,
    "adds" : [
        "geometry" : {
    		    "x": -143.501,
    		    "y": 57.043000000000006
        "attributes": {
          "datetime": 1272210710000,
          "depth": 31.100000000000001,
          "region": "Andreanof Islands, Aleutian Islands, Alaska" 
        "geometry": {
          "x": -72.865099999999927,
          "y": -37.486599999999953 
        "attributes": {
          "datetime": 1272210142999,
          "depth": "40.x",
          "region": "Bio-Bio, Chile" 

token = getToken()# Your token function here

params = {
 'f' : 'json',
 'edits': json.dumps(edits),
 'token': token

response =, data=params)
print (response.json())



New Contributor II

Thank you for the response. I am generating the token in the task itself.  The account generating the token has access to the service, yes. 

The geoprocessing task is being used by the geoprocessing widget in Web Appbuilder.  If it were being used in a custom javascript application, this would not be a problem because it works just fine if I use the URL to a secured service as an input parameter.  The trouble arises when the user selects a layer from the ESRI webmap as an input (in web appbuilder).  When this happens, the tool crashes immediately.  Not sure if there's a way around this.

My code looks fairly similar to that but it's never getting to the apply edits stage at this point.  

0 Kudos
New Contributor II

gui.PNGWhen I set the input data to be a URL string, the tool works great.  It's only when they select the layer from the map that there is a problem.

0 Kudos
Occasional Contributor II

Hi @NickSwartz 

Thanks for the information. 

Is the geoprocessing service shared to the current user that is logged into the Web Application?

We can try determine the authorization error by seeing what the Geoprocessing Widget is trying to request by logging the browser interactions. Some options to log network requests are:

  1. Use the Web Browsers' developer tools (hit F12 to open), or
  2. Use Fiddler 4 (which may require some setting up to proxy between your machine and your secured network so I won't go through this - a handy web logging tool to explore in the future).

Web Browser

Can you open up your Web Browser's developer tools (hit F12 for shortcut)  and go to you Network Tab. Open up your Web Application and just before you select and layer and execute your tool, clear the network log.

Run your steps and your developer tools should log the requests. 

The Select Widget should send the Query and the Geoprocessing Widget should send an execute. Select a request and view the body/request parameters and see if the package sent to the Geoprocessing Service matches what you have intended to send.

The execute package should have a token parameter. Test if the token works in incognito mode.

The Geoprocessing Widget might also log it in the console tab so maybe check out what messages are in there too

Hopefully this helps with understanding the WAB to GPService interaction. 



0 Kudos