arcgis-rest-js icon indicating copy to clipboard operation
arcgis-rest-js copied to clipboard

Published 20 hours ago verified publisher icon Esri

Send token in X-Esri-Authentication header for GET requests

Open dbouwman opened this issue 4 years ago • 2 comments

Still awaiting information re: scope of requests that we can send the token in a header for, but the bottom line is that the AGO portal API supports sending the token via headers for GET requests.

Clarifications requested:

  • Is this supported only on GET’s or on all requests? A: All Requests for Portal API
  • Is this supported for Enterprise as well as AGO? A: Yes
  • Is this supported for Hosted Feature Server requests? no answer yet
  • Is this supported for ArcGIS Server requests? if so, what version did it start at? no answer yet
  • Is there a confluence page/??? For tracking these sort of API changes? no answer yet

Until we know this header is supported in Server + Hosted Services, we need a means to only apply this on requests originating from arcgis-rest-portal package. We could pass IRequestOptions.headers for those calls, however that breaks the current separation of concerns where request deals w/ session & tokens, and the individual functions remain ignorant of those details. Perhaps we can check if the request url contains the session.portal and if so, append the header... Research needed...

dbouwman avatar Mar 29 '21 16:03 dbouwman

👋 i wouldn't call it definitive, but i found some doc on X-Esri-Authentication back in the day.

https://github.com/Esri/arcgis-rest-js/issues/290#issuecomment-414375805

jgravois avatar Mar 29 '21 16:03 jgravois

Hey @jgravois! That's great!

dbouwman avatar Mar 29 '21 17:03 dbouwman