I'm looking to narrow availability of some map services utilized by my JSAPI application. I am using ArcGIS Server 10.3 on a local Windows/IIS install with proxy availability.
I have several applications on different domains and servers accessing the centrally-located ArcGIS Server resources, which are publicly available... I'd like to have it set-up so that only these applications can access the resources, but users shouldn't need to supply credentials - the idea is to make it difficult for a user to inspect the web requests to acquire the public resources outside of the application and poke around for data harvesting and hot-linking in non-sanctioned applications.
What's the best way to accomplish this? I've found several resources and write-ups on the topic, but I am still unclear as how to do this correctly and securely.