00:01Welcome to the ArcGIS Online, Developing with ArcGIS Online session. I'm Sud.
00:05We have Andrea and Jeremy, work on the ArcGIS Online development team.
00:10And we'd like to go through how you as a developer can build applications with ArcGIS Online.
00:16So, our agenda today, we have an overview section.
00:20And then we'd like to talk about some customizations to ArcGIS Online that you can do that don't actually require code.
00:27I want to just clarify that. And we'll talk about developing using the client APIs.
00:33Talk about this cool new online API that we're introducing at this conference, and then wrap up.
00:42So the overview sort of corresponds to what you've already heard of at the plenary. I assume most folks were there.
00:48We'll sort of fly through it. The basic way that you build applications with Online is...
00:55...using the ArcGIS APIs that you already know about.
00:58These are the web APIs and these are the ArcGIS Runtime APIs...
01:04...and you use them to build web, device, and desktop applications.
01:07So there's nothing new there, right?
01:08Those are the same APIs that you use to work with ArcGIS Online.
01:12The additional thing that you do, as part of working with Online...
01:16...is that you connect to portals and you work with the users, groups, and items that are in those portals.
01:23And the ability to do that is integrated into those client APIs.
01:28There's also a new ArcGIS Portal REST API that you can use, that's supported by the servers.
01:35And you can use that to work directly with users, groups, and items.
01:40And the service of that API is basically everything that you can do with ArcGIS Online and ArcGIS Portal.
01:47But you don't have to directly use that REST API. You can use the client APIs, as we'll show you.
01:53Now, who are these APIs for?
01:56They're for organizational developers who want to build custom applications for their end user.
02:02Like we talked about, folks can get an organizational subscription to ArcGIS Online...
02:07...and that enables them to publish hosted services and create web maps on top of them. And they have users and groups.
02:14And working with all of those, you can build applications that enhance productivity. So it's for those folks.
02:21It's also for you as a developer might have an idea for building an application that's a geospatial application.
02:29And you're looking for a platform where you can store your data...
02:32...and that allows you to preauthor web maps that you can bring into your apps.
02:37So that's another example of use of Online.
02:42This is the architecture of Online that we talked about.
02:45This is very relevant to you as a developer with Online.
02:48You're working with the portal on the left here, and you're also working with...
02:52...services that have the standard ArcGIS Server REST API.
02:58And there's two kinds of services. There's services that live within Online. We call those hosted services.
03:05They are what get created when you publish data to Online.
03:10And those are the services that you pull into web maps.
03:15Other services could come from your external ArcGIS servers.
03:20So, when you're developing with Online, that spans these things I talked about.
03:25Working with portals, working with the ArcGIS Server REST API, and that's what we call the geoservices REST API.
03:32Use those to work with hosted GIS services as well as these registered GIS services from your organization's ArcGIS Server.
03:40And then you're also working with foundation content and task services.
03:44And these are also coming from ArcGIS servers that Esri deploys as part of ArcGIS Online.
03:51And you might have already been using these. You get the basemaps from them.
03:54You get things like geocoding, routing from them. So these are the set of APIs.
04:01In this session, we'll primarily focus on the first one, because we assume that you already know the others.
04:08You've been doing it for a while. There's nothing really new there.
04:12So like we described at the plenary, working with those portals involves working with a very simple information model.
04:19A portal has users, groups, and items. There are different kinds of items.
04:26They're classified into web maps, web map layers, applications, tools, and data files.
04:34The types of layers are the standard ArcGIS Server services that you know about...
04:39...feature services, tiled map services, dynamic map services, image services, WMS, KML.
04:48The ones that are hosted today, they correspond to feature services and tiled map services.
04:54These can be living entirely within Online, within the hosted capability.
04:59The rest come from ArcGIS servers.
05:02Applications themselves are items inside this portal.
05:06You can think of the portal also as a catalog or a directory if you want.
05:10It's a directory of users, groups, and items.
05:15So applications themselves are items within that catalog, and users can search for applications, find them, and open them.
05:23And you as a developer could actually register an application with ArcGIS Online or with the portal using this API.
05:32The tools correspond to services. The data files are just that.
05:37They are files that are passive, as far as their behavior on the web goes.
05:42But they can be activated by creating services.
05:45So you upload a shapefile and then you create a feature service from that shapefile.
05:49And it's still the county's shapefile, it's the county's feature service...
05:53...but in terms of what you put inside a web map, it's the county's feature service...
05:58...'cause that's what's the active layer on the web.
06:02So, let's start with looking at how you can customize an organization's home page.
06:09And we're now switching, switching gears, and Jeremy's going to show us that.
06:21Okay. Thanks, Sud.
06:23So just to...just to make sure everybody knows what you can do.
06:27This is even without any programming at all to this site.
06:30I'm going to sign in to ArcGIS Online as a...someone who belongs...who has a subscription for an organization.
06:38And I happen to be the admin of this organization.
06:47Now this is a fake demo organization, City of Louisville.
06:52And I've got a, you know, a different home page.
06:55I also have a different gallery of maps. They're all focused for me, and so on.
07:01A different set of featured groups.
07:04As an administrator, I can configure this site, changing the name, you know, change the description...
07:13...I can pick my language, do simple changes on the home page.
07:19I could upload my own image.
07:30And in this case, this is pretty fixed image though. It's 960 by 180...
07:34...so it's a...it's a particular size and it's going to go into a particular spot.
07:42Now it'll appear once I save. I could also say I want to have...
07:45...a different set of...a set of featured maps show up on the home page.
07:51And I could also decide to include my organization description on the home page.
07:59So by saving that and going back to the home page, I get quite a different view.
08:07Now...that's basically it. That's what you can do without any programming.
08:14You can also embed some HTML into this home page, and longer term you'll be able to have more control over that.
08:23So the reason we wanted to do...the reason we wanted to cover that is because we've got questions about that, right?
08:29And we just wanted to say that the developer API, you don't need to use the developer API to do that...
08:34...even though you could. And that's available, you know, through the user experience.
08:40Now, coming back to working with that portal information model, portal contains users, groups, and items.
08:47How do I work with it?
08:48Well, access to portals is integrated into the client APIs.
08:58So release 2.8, which is already out there, has this capability.
09:02And it's also built into the Runtime SDKs, so the iOS SDK and the Android SDK have this capability.
09:11And if you attended sessions on those SDKs, they would have demonstrated these and you would have seen it...
09:18...and those are going to be available to developers next week.
09:24So our basic message there is that if you want to build these...the kind of apps that, you know, we'll show you...
09:29...use the client SDKs, you do not need to use the REST API directly.
09:34It'll be simpler as an application developer to do that.
09:39Before launching into that, we wanted to say something about authentication and the security model.
09:45Basically, any application connects to Online or to a portal as either an anonymous user or as an authenticated user.
09:54And if connecting as an authenticated user, that requires the credentials for that user.
10:00So the application connects to Online, and once it's connected, the applications see what that user was privileged to see.
10:09So the user that...the credentials that were used, that user belonged to an organizational subscription...
10:16...then that application would see that user's content, including all of the hosted services that they published.
10:22So it's really no different than the model of what you can see when you log in to the website.
10:26You log in to the website as a person, and, you know, you see things that were shared with you or that you have permissions to see.
10:33It's exactly the same thing with the API. So if you use the API without credentials...
10:38...then you get an anonymous view of the portal or of ArcGIS Online.
10:45And the general model there is to present the credentials to the application, and for that we have...
10:55...in all of the client SDKs, there is an Identity Manager widget that manages that process that lets the user log in.
11:03And, that's the recommended way for a client application to handle that authentication process.
11:11That process itself uses an underlying API that issues tokens in exchange for credentials, and that's part of the REST API.
11:19But, if you work at that level, then you have more responsibilities...
11:22...and we'll talk about those later in the security flow section.
11:46Okay, just a second.
12:01There we go. Cool. Okay. So, just...I'm going to show a few demos here.
12:18Just to highlight where it's at, under the arcgis name space, there's the Portal class...
12:25...and this is the one you would use when working with ArcGIS Online.
12:29Let's look at a few samples and then we'll drill into it in a little bit more detail.
12:42Okay, this is just a simple application that's going to work anonymously with the REST API...
12:50...get content from a group, in this case they're all web maps...
12:54...and then display them in a simple little gallery map viewer.
12:57Then I can navigate and there're live maps and if they had pop-ups, I would get those, and so on.
13:11So the main...the main thing that...well, actually, go down to here...a little bigger.
13:23So I'm just creating an instance of this Portal class and I'm going to listen for the onLoad.
13:29Once it loads, it's going to have all the information it needs for me to be able to work with it.
13:34And all I'm going to do is do a simple query against...
13:37...for a group that has the title Community Basemaps and the owner Esri.
13:41So, this is just a simple search string that I want to pass to this query.
13:47So, I'm going to call the queryGroups method, passing in that query parameter...
13:50...then, when it's finished, it's going to give me back the response and I can do what I need to do.
13:56In this case, I really just needed to get the group back and then I can query that group.
14:04So this first group, I know that I'm only going to get one group back, and I'd like to do a query against this group.
14:09And I want to get all the web maps, but no web mapping applications.
14:15I'm going to sort by average rating and description, and I only want five to come back.
14:20So then on that group, I'm going to query for the items, passing in that query parameter...
14:26...and then when it's finished, for each item that came back, I'm going to go ahead and load the web map.
14:34It's going to give me back the item and from there I can pass it to the utility, createMap utility...
14:40...which will take that web map and bring it to life.
14:47Another type of application that you might make, again, doesn't require any authentication...
14:53...queries a particular group, and as I move around, I'm displaying the summary of each of these items...
15:01...and I've locked in a particular application to each one of those items.
15:08So in this case, I pass that item's web map to this simple viewer application...
15:14...which is tied in with the elevation profile. This is a very powerful concept, to take...
15:21...have an application that is written to work off of any web map, then it makes it real easy...
15:26...now that we have the sharing API to be able to put those two concepts together.
15:35Now I'm going to show you an application where I need to actually log in to get more information.
15:41So it's asking me to log in. And then once I sign in, I'm simply going to print out all of the items...
15:51...that are part of my content, my root folder for my user, in this little table.
15:57I have a lot of items in here. I also printed out, in the console, each of those items.
16:10Not just the title, but the whole item object.
16:13And here we see all of the information that's coming back from the REST API, and I can access that on the client.
16:26This was a very simple application, but I think it illustrates a few important points.
16:37That's automatically going to include the Identity Manager components and widget that I need.
16:45I'm going to connect to that portal, passing in the URL to the ArcGIS Online REST API...
16:53...and when it loads, I'm going to get the content.
16:57So once it loads, it's going to give me back this portal object and simply on that portal object I'm going to call signIn.
17:04That's going to prompt me to log in...prompt the user to log in using Identity Manager...
17:10...then upon successful connection, we're going to give...pass back that user object to me...
17:18...and from that user object I can just get all of his items.
17:22And then, for each item, I can pass it to this function to print it out onto the screen and to print it out to the console.
17:44And that little application...basically it made two calls to the REST API...
17:48...one to initialize the portal, and the other to access the user's content.
18:01Okay. Now you can take this API and build something even more sophisticated.
18:09So I'm going to log in with the same credentials.
18:15It's going to load all of that...all of that content in a, you know, a different view on the My Content space.
18:22So it shows me...it gives me a count of all the items that I have.
18:26What are the different types of items?
18:29And I want to see all of the shapefile components or all of the feature services that I've registered.
18:36It gives me a summary of all the tags that I've used, and gives me a simple view of all of the items itself, and I can sort on it.
18:45So this is just to give you an idea on the types of applications that you'll be able to build...
18:50...using the Portal API in conjunction with the ArcGIS Online REST API.
18:57[Inaudible audience comment]
19:13Creating the code and creating the widgets, that's going to be on your web server.
19:17You're going to create that application, that HTML, and you'll serve it there.
19:21It's just accessing the resources to run the API and accessing the resources to actually communicate with ArcGIS Online.
19:35We're not doing "generate," right? That's next? Okay.
19:38Yeah. That's next. Yeah.
19:43Okay. So, I'm going to sort of dive a little bit deeper into the REST API itself.
19:53When you look at the REST API, we've sort of subdivided it into sort of some logical groupings.
20:03So your portal has some search capabilities, has some community capabilities...
20:13...which have to do with users and groups management, and then content capabilities...
20:18...which have to do with managing your items.
20:22So I'll go through each one of these in some more detail.
20:27So the first part of the REST API is to do with managing your portal, your organizational portal...
20:37...and sort of the main call there is the self call, which allows you to get the configuration of the portal that you are talking to.
20:50This self call is...if you access it anonymously, will give you the configuration of the portal.
20:57If you access it as an organizational user, using a token...
21:03...will give you the configuration that the administrator of your organization has set up for you.
21:10So sort of what Jeremy showed where he was setting up what shows up in the gallery and what shows up on your front page.
21:21On these slides, when we publish the slides, we have links to the actual documentation...
21:32...so I'll quickly jump over to the documentation here and show you.
21:37So there's a section...here is our...this is the API documentation itself that is now available online...
21:43...and it's linked off of our help site.
21:45And so we have this portals section down here and when you go to the self...is it visible? I had to increase the font size, so...yeah.
22:01So, self call has a lot of the properties that come back when you call it...
22:07...and so we've documented these under the self documentation...
22:12...and I won't go through the specific, individual properties...
22:15...but I'll just show you when I call the self call itself in ArcGIS Online as an anonymous user, what you get back.
22:27So, self...so this is an example of the JSON that you get back.
22:34You get things back like the portal name that you're accessing...
22:38...the various groups that you should go and look at in order to render your gallery or your basemaps.
22:49The default basemap that might...that you should use for your map, the default extent...
22:57...and also, sort of what goes onto the front page, what we call rotator panels.
23:03Now, if I actually log in and I generate a token...
23:07...so let me jump to just a quick command line tool here that I'm using, cURL...
23:16...just to make a call to get a token off of our server.
23:20This is a simple HTTP tool that you can download off the web.
23:24So here, I'm calling our Generate token end point, getting a token back, I'm passing it my credential and the file...
23:34...so you guys won't see it, but... and I get back a token that I can then use.
23:41One thing to mention quickly, I think it's pretty visible, down at the bottom here, there's an SSL property that returns.
23:50So if you are part of an organization, the organization can set up security...
23:56...so that all your communication to that organization needs to go over SSL.
24:07Move the window over.
24:09Oh, is it chopped off?
24:10Sorry about that.
24:12We're in the middle?
24:13There we go, okay. So, I was saying, the organization can set up your organization to be all SSL.
24:26So all communication to your organizational content will be over...it needs to be over SSL.
24:33So when you get a token, you also get this property that tells you that this particular user is an SSL user...
24:42...and all the communication back to the server, it needs to be over SSL or not.
24:47In my case, it is not. And we will reject a token if it does not come over SSL, and it is required to.
24:58So if I tack on the token to my request here...
25:05And then there are APIs for administrators to update the portal...
25:10You see that the actual output changes here, so there's different properties.
25:15They're pretty similar, but the content is different because now I'm accessing this call as part of an organization...
25:25...and so the things that the administrator set up are different, so my default extent might be different...
25:31...my feature groups might be different, my gallery groups might be different, and so on.
25:38Also as part of the portal section you have other calls like getting all the languages that the portal supports...
25:47...so we support, I believe, 15 languages currently on ArcGIS Online.
25:54The regions, so there's localized content for different regions that shows up, for instance, for different countries.
26:10...so this is what Jeremy did through the administration UI, but you can actually do through the API.
26:19And there's a user resource, which gives you all the users of your organization, if you're part of one.
26:27Switch back to the slides. The next section of the API is about search.
26:36So the portal is built on a search engine that indexes the various items or the various things that the portal manages...
26:46...the items, the users, and the groups.
26:48And so for each one of those there is an end point that you can use to query for them.
26:54And the query is very similar to your typical, sort of search engine.
26:58If you just put a keyword, it'll search for that keyword, sort of do a full text search on the various fields that we index.
27:09Or you can get more sophisticated and actually ask for certain keywords to be in certain fields, and so on.
27:19So, here's an example of, I want to get all my...all the web maps...all items of type web map.
27:29If I put a minus in front of the query, I don't want that particular keyword.
27:36For instance, I don't want "test" in the title. And the same thing for users and groups.
27:43And so you can do these searches and you can customize them however you want them.
27:49All the searches are based on what your user can see.
27:54So, whatever privileges you have, they will be reflected in the search.
28:01So if you are anonymous and you just do a search...
28:04...you will see all the public content that whoever published said that, you know, everybody could see.
28:13If you are part of an organization, you might see more content because you have access to all the organization's content.
28:24The next part is the community section of things.
28:28So this is the...this is where you manage and create groups and also where you manage users.
28:39Each group and each user has an end point that you can reference to get information about that particular thing.
28:48So groups are referenced by a group ID, whereas users are referenced by user name.
28:55So the URLs are here. Now let me pop out into a browser here and I'll just show you some examples.
29:04So for instance, going back to search, I can search for a group using the community/groups search...
29:19...and I...let's say I search for anything that's...has owner Esri.
29:24So this'll basically return to me some JSON with...
29:29Again move the browser? Sorry about that. More like...hold on, shrink it a little bit, so...does that fit?
29:38A little bit more.
29:39A little bit more?
29:45So this'll return to me...this returns to me 17 results. It's showing me the first 10.
29:52I can page through the searches, through the pages here.
29:57And for each group it's...it gives me some information about the group, including the ID.
30:04So I can cut and paste this and generate the URL of that group resource and...
30:15...and this is the actual information about that group. That's when you see information...
30:23...sort of the details of a group in the web application in our website.
30:28This is what it's getting and sort of rendering nicely.
30:36From that group resource, if you are an administrator, you can do other things.
30:43And let me jump into the documentation here. You can update the group, you can delete the group...
30:50...you can reassign the group. If you're an organizational administrator...
30:53...you can actually reassign the group to other people in your organization...
30:58...in case someone leaves and you need to sort of move things around.
31:03The other concept with groups is that users...administrators can invite people to the groups or users can apply to join groups.
31:16So there is an API to look at applications.
31:20So the administrator of the group can actually look at a list of applications to join their group...
31:30...and on the flip side, the user itself can actually look at the invitations that they got for...
31:39...to join a particular group, and they can accept or decline. And same thing for group applications.
31:47The other thing I just quickly wanted to show you was the user resource.
31:51So each user has a resource that you can access.
31:56So if...if I go to user/ and a user name here, this is what I see just as an anonymous user.
32:06I don't see much information at all. But if I actually use the token, and I'm logged in, I'll see a lot more about my user.
32:17And...and as it is me, I see my e-mail and I see my...how much storage quota I have, and so on and so forth.
32:33I can also update my user to include a description and some tags and so on through the API.
32:41The other concept that's under community is the concept of notifications.
32:45So the group...anytime something happens in the system, there are certain events that get triggered.
32:54So if a user asks to join a group, the administrator of that group will get a notification of that...
33:02...and this...these notifications are then queried by this notification API.
33:08So you can, as that user, you can go to this end point, notifications...
33:13...and actually get a list of notifications that are to do with your user...
33:20...and then you can delete these notifications once you're done with them.
33:31The last set of APIs has to do with content.
33:36So it's all about managing the items in your portal for your user.
33:45So each item has a resource, again with an item ID, so an item ID is a UID basically.
33:53And so you can go to that item ID and actually see information about the item if you have access to the item.
34:00Now the user, when they're managing their own items, sees things a little bit differently.
34:05They see it...what's called user content, and this has links to these items.
34:12And they can also manage these items and put them into folders.
34:16So they can create a one-level hierarchy of folders, which is just for their organization, organizational purposes...
34:27...just to make things clearer for them. It's not really something that gets...that goes beyond their user.
34:35And nobody else will see these. And through this user view of things, they can add items, they can delete items...
34:44...update items, they can move items around. They can also share and unshare items into groups, so they can share these.
34:57If they are members of certain groups or a member of an organization, they can share the items to those.
35:07One...another thing that is under the content section, is the analyze, and generate, and publish.
35:18This is also...this is also the place where you can upload your CSV or shapefile right now...
35:26...and create a hosted service out of it or put it on a...convert it into features that you can then put on a web map.
35:37So there are different calls. There's analyze, there is...which...well, there's analyze...
35:44...which takes your file, and the purpose of it is really to give you back some information...
35:50...to your application about what fields are in that file.
35:56For instance, what geocoding fields might be in your CSV.
36:02For instance, we might detect that you have an address field and a city field and a state field and so on...
36:09...and then have the user sort of modify these inputs and then either call generate or publish.
36:16And generate will convert your CSV or your shapefile into JSON features...
36:23...or publish will actually create a feature service out of your input data so that you can actually consume it.
36:34And of course, you can only call publish if you're part of an organization...
36:36So this is just a very simple app. It's actually going to exercise generate to convert a shapefile...
36:38...who has a subscription and who has access to do hosted services.
36:43The...yeah, Jeremy has a little demo here on using analyze and generate.
36:54Alright, cool. Thanks, Andrea.
37:13Choose the file here. Something relatively small. And boom. I have that zipped shapefile now converted...
37:26...to features that are stored directly on this client-side map control.
37:33If we look at what actually happened...let's see here...start that again. One more time.
38:03Okay. So it made a call to generate. So the URL's sharing/REST/content/features/generate...
38:14...and we posted a multipart file upload, which has taken an actual ZIP file, plus some parameters that go with it...
38:27...publish parameters and file types and so on.
38:32Oh, just actually one more thing there.
38:37And it returned back this JSON right here, which is a featureCollection.
38:42Feature collections contain one or many individual feature layers...or feature collection layers. Excuse me.
38:49And in this case, there's just one. And a feature collection layer contain...is an object that contains a feature set...
38:57...which is a...basically, it contains all the features that make up that layer...
39:03...and it contains the layerDefinition, which is the JSON that represents that layer definition.
39:10This layerDefinition JSON, and the featureSet JSON are exactly the same as the JSON you would get...
39:15...if you went to a layer in a map service and got the JSON back, same type of information.
39:21Or if you did a query against a layer in a map service, that gives back a feature set.
39:25So we didn't invent anything new here.
39:26This is just following the basic geoservices API, ArcGIS Server REST API.
39:35We'll look at just a few things on the code here. I have to set a couple of parameters in.
39:41And these are all documented as part of the generate and publish parameters.
39:46The name that I'd like to call it, the target SR, what's the max record count?
39:51Location type is not needed for shapefiles. That's for CSVs.
39:55And then the specific publish parameters. Those are the publish parameters. Excuse me.
40:00And then a few other properties like that it's a shapefile. I want to also pass in the JSON parameter.
40:09Let's call back that HTML [unintelligible] worry about.
40:19...passing in the form that contains the file upload.
40:25And when it's returned, I get back that featureCollection.
40:30And I'm going to go through each of those layers and for each layer, it's quite simple...
40:36...I can create a client-side feature layer directly passing in that featureCollection object.
40:43And then I also passed in a few other things.
40:45But that's how easy it is to take that featureCollection JSON and create a client-side feature layer that then is a live map.
40:54Back to you.
41:04I just wanted to sort of conclude on the REST API with some information on adding items.
41:10So as far as the REST API goes, the additem call is probably one of the more complicated ones...
41:21...mainly because it involves doing things like multipart post in HTTP.
41:29So it could be that you use a client toolkit that easily does it for you, like a browser...
41:36...but if you're using something lower level, you might have to do some more work here...
41:41...but the addItem call really allows you to add all the information about the item, so it's sort of its item metadata, let's call it...
41:51...and then the information about the actual file itself, if the item is a file.
41:58So for instance, if you're uploading a shapefile, you call addItem, and what you have to do is...
42:05...you have to create a multipart post to the server where one of the sections is the actual binary of the file.
42:14There are different type...there are different ways that you can add the item to our servers.
42:22The first is just synchronous mode, sort of just regular...
42:26...you make one call and when that call has finished, you have an item resource that you can go and actually use.
42:40Now when a file gets uploaded to our server, it does take some time for us to process that file and to put it in the right place.
42:48We also virus scan it and we also analyze it and index it.
42:53So, we also have an option called asynchronous, which is just a switch on your addItem call.
43:01And that will actually...once the file has gotten to our servers, will actually return straight back to you with an item ID...
43:09...and it's the responsibility of the client to then check continually to see...
43:15...to make...until that call returns that the item has been processed.
43:24And that processing depends on how big your file is.
43:27So it could take minutes, sometimes, if you have large files.
43:32The other thing is if you have really large files, there is also a multipart upload.
43:37And so if you have...if you're familiar with sort of the Azure blob store...
43:42...the Amazon S3 store, they implement this concept of multipart upload, which we've also sort of implemented here...
43:53...where you chop up your file into many small pieces and then upload the individual pieces...
43:59...and all you have to tell us is where that piece goes in the entire file.
44:05And once you're done uploading all those pieces, we'll actually put them all together and process it as a regular file.
44:15And those pieces you can upload all at the same time. You can upload them backwards, forward...
44:20...it doesn't matter what order they're in as long as we have a part number...
44:24...for each one that tells us where to put it in the order.
44:28And so that allows you to upload very sizable amounts of data to our servers.
44:35And this is also sort of what our desktop software, for instance...
44:39...does when you're uploading and publishing large sort of rasters and other things to your hosted services.
44:49So that pretty much concludes what I have to say about the REST API, so let me switch back.
44:58A few comments on security flows in terms of working with the API.
45:04Basically, they're...there's many different ways to think about applications...
45:09...but here's one way to think about apps.
45:12There're applications that allow the end user of the application to access content that belongs to the end user, right.
45:20So the examples that Jeremy showed were such. So the application developer wrote the application.
45:27The end user used it. The application allowed the end user to log in.
45:31And then the end user saw what belonged to them or what they were entitled to see.
45:35So that's the first kind of application.
45:38Second kind of application is an application that accesses secured content that belongs to the application.
45:45So I'm an application developer. I created an account with ArcGIS Online, and I stored some information there...
45:52...and now my application's going to access that information, and my users are going to see it.
45:56But my users are not going to log in to ArcGIS Online.
45:59They don't even know that this application's information was coming from ArcGIS Online.
46:04That's the second kind of application. And of course, you could have hybrid applications that do both of these.
46:10So for the first kind of application, the first thing is that the users who are using that application trust that application...
46:18...because they're allowing that application to access their data.
46:20So they know that...you know, they trust that application to work correctly with the data...
46:24...that the application doesn't delete all their data.
46:26Those are all properties of the application and the trust that the user has in that application.
46:32The users need to log in to their accounts by presenting credentials to ArcGIS Online or to the underlying portal...
46:38...and the applications can use this Identity Manager widget that's part of the client SDKs to manage that process.
46:46That's what we talked about earlier and that's what you saw.
46:49That login dialog that the end user saw, all that the application developer had to do...
46:57...they actually didn't have to write any code for that.
46:59They basically just included the appropriate portal module, or the Identity Manager module...
47:05...and then the user gets that dialog, and it's taken care of.
47:10And all the business that we talked about in terms of how it works at the REST API level, that's taken care of.
47:16The Identity Manager takes care of communicating with the service...
47:20...security token service over SSL or HTTPS, getting and renewing tokens...
47:25...and all the subsequent views and transmission of the tokens, the parameters...
47:29...the resulting content, it's also all over SSL, if like Andrea said, if that's been chosen, right.
47:37So the transmission of credentials is always over HTTPS.
47:42All subsequent requests that that application is making can also be configured to be over HTTPS.
47:49And that's a choice not of the application but actually of that user and of that organization.
47:53If they check that on, the application doesn't make requests over SSL, basically, those requests will fail.
48:01Now as far as applications that work with secured app content, that's that second kind of application.
48:07In that case, the application...it's the same model, mechanically, but it's...
48:12...the application has its own credentials for its login, but it needs to communicate with the server.
48:18The user doesn't see any login form. The application credentials should not be exposed to end users.
48:26This implies a server-side flow for these applications.
48:30Applications can use a server-side proxy that's configured with the application credentials.
48:35And all the requests that the applications make to ArcGIS Online, they don't make directly to ArcGIS Online.
48:41They make it back to this proxy servlet or HTTP handler that's part of their website, that's part of their web application...
48:48...and that forwards those requests on to ArcGIS Online with the appropriate credential for that application.
48:55And that's done using the same mechanism.
48:58That proxy's responsible for presenting the credentials and achieving authentication.
49:06And then all subsequent requests should also be over HTTPS as needed...
49:09...if you as an application developer want that for your subscription of your account.
49:15And the other thing is that that proxy should be secured to that application and there's different ways of doing that.
49:21And you can use referers or you can use server-side sessions to do that.
49:28So that concludes our overall presentation on ArcGIS Online, developing with the ArcGIS Online API.
49:35We have time for questions and we'd be glad to take them.
Developing with ArcGIS Online
Andrea Rosso, Jeremy Bartley, and Sud Menon illustrate concepts for using ArcGIS Online in building web and mobile applications.
- Recorded: Mar 29th, 2012
- Runtime: 49:38
- Views: 1809
- Published: Apr 26th, 2012
- Night Mode (Off)Automatically dim the web site while the video is playing. A few seconds after you start watching the video and stop moving your mouse, your screen will dim. You can auto save this option if you login.
- HTML5 Video (Off) Play videos using HTML5 Video instead of flash. A modern web browser is required to view videos using HTML5.