Community
Select to view content in your preferred language

Using API key-based authentication with GeoAnalytics for Fabric

82
0
Tuesday
DerekGourley
by Esri Contributor
Esri Contributor
1 0 82
Tuesday

Security and governance for authorized users is important in managing your analytics environment. To help with this, ArcGIS GeoAnalytics for Fabric includes the ability to create (and delete) API keys to provide access to users across your organization. This allows for an API key to be used in place of a username and password. With API keys, a single GeoAnalytics for Fabric subscription can easily be administered to control users access by sharing, revoking, and rotating the API keys as needed. In this blog post, we will walk through the steps needed to create and use the API key authorization method.

Note that while API keys offer a level of security and control on their own, we recommend securing and accessing these credentials using Azure Key Vault or  a similar mechanism for storing and managing secrets.

Creating an API key

GeoAnalytics for Fabric API keys are created using the GeoAnalytics for Fabric dashboard associated with the account. We will describe the steps to create an API key in this section.

Note: We recommend checking with your security/IT teams and following their policies and guidelines on best practices for storage and use of API keys for GeoAnalytics for Fabric.

  1. Select the “Developer credentials” tab and click the “New developer credentials” button.SBattersby_0-1760551790068.png

     

  2. The "Create developer credentials" pop-up window will appear. In this window set the expiration date then click the “next” button.
    SBattersby_1-1760551814210.png

     

  3. Give the API key a unique title (e.g., based on the user or group that will be assigned the API key) and optionally fill out the other settings, then click the “next” button.
    SBattersby_2-1760551836040.png
  4. Review the API key settings before generating the credentials and then click the "next" button.

  5. An option will be provided to generate the API key now or later. Select an option and click the "next" button.

    Note: Once the API key is generated, it must be copied immediately to a secure location, given that it is not stored for future access. Following the API key security best practices will help keep the API key secure.  

    SBattersby_3-1760551900461.png

     

  6. If the option to generate the API key “now” was selected, the API key will appear in a new pop-up window. This API key is used to authorize GeoAnalytics for Fabric. As noted in step 5 above, following the security best practices will help keep the API key secure.

    SBattersby_4-1760551919107.png

Authenticating GeoAnalytics for Fabric using the API key

To authorize GeoAnalytics for Fabric, first import the “geoanalytics_fabric” module. Then use the API key that was generated in the previous step, or use an existing API key, and pass it in as a string value to the “api_key” parameter of the GeoAnalytics for Fabric authorization function.

import geoanalytics_fabric
geoanalytics_fabric.auth(api_key="<API key goes here>")

 

A secret management system can also be used to help keep the API key secure (visibly redacted) and can be used to pass the API key string directly into the API key parameter.

To verify that GeoAnalytics for Fabric was authorized successfully, use geoanalytics_fabric.auth_info()

geoanalytics_fabric.auth_info().show()

If the authorization is successful, this will return a table containing the GeoAnalytics for Fabric authorization information. When using an API key, the "auth" row will have a value of "token/apikey". For demo purposes, the other row values that would normally be returned in the table were left blank.

SBattersby_6-1760552109859.png

If the API key is invalid or deactivated, the GeoAnalytics for Fabric authorization function will return a “not authorized” error and the "auth_info" table returned will be empty.

To further verify that GeoAnalytics for Fabric is working successfully, you can run the following sample code below.

# Imports
from geoanalytics_fabric.sql import functions as ST, Point

# Create a DataFrame
data = [
    (1, Point(2279074.576461232, 103019.15556246601)),
    (2, Point(2278748.209109826, 103521.65548041835)),
    (3, Point(2279243.741068326, 103250.88697086088))
]
df = spark.createDataFrame(data, ["id", "point"]) \
          .withColumn("point", ST.srid("point", 6558))
df.printSchema()
df.show(truncate=False)

# Plot the DataFrame 
df_plot = df.st.plot(basemap="light", xmargin=0.15, ymargin=0.3, figsize=(10,10));
df_plot.set_title("Oregon State University points of interest")
df_plot.set_xlabel("X (Meters)")
df_plot.set_ylabel("Y (Meters)");

SBattersby_7-1760552149044.png

SBattersby_8-1760552157354.png

 

Conclusion


In this blog post we looked at how GeoAnalytics for Fabric can be authorized using the API key method. Hopefully, this post has been helpful with getting started using this authorization method for your analytics workflows. If you have any questions about this authorization method or any of the other GeoAnalytics for Fabric tools, SQL functions, or track functions, please feel free to provide feedback or ask questions in the comments section below.

 

Contributors
About the Author
I am a product engineer on the GeoAnalytics team.