00:01Welcome to the ArcGIS Online, Developing with ArcGIS Online session. I'm Sud.

00:05We have Andrea and Jeremy, work on the ArcGIS Online development team.

00:10And we'd like to go through how you as a developer can build applications with ArcGIS Online.

00:16So, our agenda today, we have an overview section.

00:20And then we'd like to talk about some customizations to ArcGIS Online that you can do that don't actually require code.

00:27I want to just clarify that. And we'll talk about developing using the client APIs.

00:33Talk about this cool new online API that we're introducing at this conference, and then wrap up.

00:42So the overview sort of corresponds to what you've already heard of at the plenary. I assume most folks were there.

00:48We'll sort of fly through it. The basic way that you build applications with Online is...

00:55...using the ArcGIS APIs that you already know about.

00:58These are the web APIs and these are the ArcGIS Runtime APIs...

01:04...and you use them to build web, device, and desktop applications.

01:07So there's nothing new there, right?

01:08Those are the same APIs that you use to work with ArcGIS Online.

01:12The additional thing that you do, as part of working with Online...

01:16...is that you connect to portals and you work with the users, groups, and items that are in those portals.

01:23And the ability to do that is integrated into those client APIs.

01:28There's also a new ArcGIS Portal REST API that you can use, that's supported by the servers.

01:35And you can use that to work directly with users, groups, and items.

01:40And the service of that API is basically everything that you can do with ArcGIS Online and ArcGIS Portal.

01:47But you don't have to directly use that REST API. You can use the client APIs, as we'll show you.

01:53Now, who are these APIs for?

01:56They're for organizational developers who want to build custom applications for their end user.

02:02Like we talked about, folks can get an organizational subscription to ArcGIS Online...

02:07...and that enables them to publish hosted services and create web maps on top of them. And they have users and groups.

02:14And working with all of those, you can build applications that enhance productivity. So it's for those folks.

02:21It's also for you as a developer might have an idea for building an application that's a geospatial application.

02:29And you're looking for a platform where you can store your data...

02:32...and that allows you to preauthor web maps that you can bring into your apps.

02:37So that's another example of use of Online.

02:42This is the architecture of Online that we talked about.

02:45This is very relevant to you as a developer with Online.

02:48You're working with the portal on the left here, and you're also working with...

02:52...services that have the standard ArcGIS Server REST API.

02:58And there's two kinds of services. There's services that live within Online. We call those hosted services.

03:05They are what get created when you publish data to Online.

03:10And those are the services that you pull into web maps.

03:15Other services could come from your external ArcGIS servers.

03:20So, when you're developing with Online, that spans these things I talked about.

03:25Working with portals, working with the ArcGIS Server REST API, and that's what we call the geoservices REST API.

03:32Use those to work with hosted GIS services as well as these registered GIS services from your organization's ArcGIS Server.

03:40And then you're also working with foundation content and task services.

03:44And these are also coming from ArcGIS servers that Esri deploys as part of ArcGIS Online.

03:51And you might have already been using these. You get the basemaps from them.

03:54You get things like geocoding, routing from them. So these are the set of APIs.

04:01In this session, we'll primarily focus on the first one, because we assume that you already know the others.

04:08You've been doing it for a while. There's nothing really new there.

04:12So like we described at the plenary, working with those portals involves working with a very simple information model.

04:19A portal has users, groups, and items. There are different kinds of items.

04:26They're classified into web maps, web map layers, applications, tools, and data files.

04:34The types of layers are the standard ArcGIS Server services that you know about...

04:39...feature services, tiled map services, dynamic map services, image services, WMS, KML.

04:48The ones that are hosted today, they correspond to feature services and tiled map services.

04:54These can be living entirely within Online, within the hosted capability.

04:59The rest come from ArcGIS servers.

05:02Applications themselves are items inside this portal.

05:06You can think of the portal also as a catalog or a directory if you want.

05:10It's a directory of users, groups, and items.

05:15So applications themselves are items within that catalog, and users can search for applications, find them, and open them.

05:23And you as a developer could actually register an application with ArcGIS Online or with the portal using this API.

05:32The tools correspond to services. The data files are just that.

05:37They are files that are passive, as far as their behavior on the web goes.

05:42But they can be activated by creating services.

05:45So you upload a shapefile and then you create a feature service from that shapefile.

05:49And it's still the county's shapefile, it's the county's feature service...

05:53...but in terms of what you put inside a web map, it's the county's feature service...

05:58...'cause that's what's the active layer on the web.

06:02So, let's start with looking at how you can customize an organization's home page.

06:09And we're now switching, switching gears, and Jeremy's going to show us that.

06:21Okay. Thanks, Sud.

06:23So just to...just to make sure everybody knows what you can do.

06:27This is even without any programming at all to this site.

06:30I'm going to sign in to ArcGIS Online as a...someone who belongs...who has a subscription for an organization.

06:38And I happen to be the admin of this organization.

06:47Now this is a fake demo organization, City of Louisville.

06:52And I've got a, you know, a different home page.

06:55I also have a different gallery of maps. They're all focused for me, and so on.

07:01A different set of featured groups.

07:04As an administrator, I can configure this site, changing the name, you know, change the description...

07:13...I can pick my language, do simple changes on the home page.

07:19I could upload my own image.

07:30And in this case, this is pretty fixed image though. It's 960 by 180...

07:34...so it's a...it's a particular size and it's going to go into a particular spot.

07:42Now it'll appear once I save. I could also say I want to have...

07:45...a different set of...a set of featured maps show up on the home page.

07:51And I could also decide to include my organization description on the home page.

07:59So by saving that and going back to the home page, I get quite a different view.

08:07Now...that's basically it. That's what you can do without any programming.

08:14You can also embed some HTML into this home page, and longer term you'll be able to have more control over that.

08:23So the reason we wanted to do...the reason we wanted to cover that is because we've got questions about that, right?

08:29And we just wanted to say that the developer API, you don't need to use the developer API to do that...

08:34...even though you could. And that's available, you know, through the user experience.

08:40Now, coming back to working with that portal information model, portal contains users, groups, and items.

08:47How do I work with it?

08:48Well, access to portals is integrated into the client APIs.

08:53It's part of the JavaScript API that was released very recently.

08:58So release 2.8, which is already out there, has this capability.

09:02And it's also built into the Runtime SDKs, so the iOS SDK and the Android SDK have this capability.

09:11And if you attended sessions on those SDKs, they would have demonstrated these and you would have seen it...

09:18...and those are going to be available to developers next week.

09:24So our basic message there is that if you want to build these...the kind of apps that, you know, we'll show you...

09:29...use the client SDKs, you do not need to use the REST API directly.

09:34It'll be simpler as an application developer to do that.

09:39Before launching into that, we wanted to say something about authentication and the security model.

09:45Basically, any application connects to Online or to a portal as either an anonymous user or as an authenticated user.

09:54And if connecting as an authenticated user, that requires the credentials for that user.

10:00So the application connects to Online, and once it's connected, the applications see what that user was privileged to see.

10:09So the user that...the credentials that were used, that user belonged to an organizational subscription...

10:16...then that application would see that user's content, including all of the hosted services that they published.

10:22So it's really no different than the model of what you can see when you log in to the website.

10:26You log in to the website as a person, and, you know, you see things that were shared with you or that you have permissions to see.

10:33It's exactly the same thing with the API. So if you use the API without credentials...

10:38...then you get an anonymous view of the portal or of ArcGIS Online.

10:45And the general model there is to present the credentials to the application, and for that we have...

10:55...in all of the client SDKs, there is an Identity Manager widget that manages that process that lets the user log in.

11:03And, that's the recommended way for a client application to handle that authentication process.

11:11That process itself uses an underlying API that issues tokens in exchange for credentials, and that's part of the REST API.

11:19But, if you work at that level, then you have more responsibilities...

11:22...and we'll talk about those later in the security flow section.

11:27So let's switch back to now looking at an application that works with portal using the JavaScript web API.

11:46Okay, just a second.

12:01There we go. Cool. Okay. So, just...I'm going to show a few demos here.

12:08First, calling out the JavaScript API is the...is currently the only one that has the released Portal API components.

12:18Just to highlight where it's at, under the arcgis name space, there's the Portal class...

12:25...and this is the one you would use when working with ArcGIS Online.

12:29Let's look at a few samples and then we'll drill into it in a little bit more detail.

12:42Okay, this is just a simple application that's going to work anonymously with the REST API...

12:50...get content from a group, in this case they're all web maps...

12:54...and then display them in a simple little gallery map viewer.

12:57Then I can navigate and there're live maps and if they had pop-ups, I would get those, and so on.

13:11So the main...the main thing that...well, actually, go down to here...a little bigger.

13:23So I'm just creating an instance of this Portal class and I'm going to listen for the onLoad.

13:29Once it loads, it's going to have all the information it needs for me to be able to work with it.

13:34And all I'm going to do is do a simple query against...

13:37...for a group that has the title Community Basemaps and the owner Esri.

13:41So, this is just a simple search string that I want to pass to this query.

13:47So, I'm going to call the queryGroups method, passing in that query parameter...

13:50...then, when it's finished, it's going to give me back the response and I can do what I need to do.

13:56In this case, I really just needed to get the group back and then I can query that group.

14:04So this first group, I know that I'm only going to get one group back, and I'd like to do a query against this group.

14:09And I want to get all the web maps, but no web mapping applications.

14:15I'm going to sort by average rating and description, and I only want five to come back.

14:20So then on that group, I'm going to query for the items, passing in that query parameter...

14:26...and then when it's finished, for each item that came back, I'm going to go ahead and load the web map.

14:34It's going to give me back the item and from there I can pass it to the utility, createMap utility...

14:40...which will take that web map and bring it to life.

14:47Another type of application that you might make, again, doesn't require any authentication...

14:53...queries a particular group, and as I move around, I'm displaying the summary of each of these items...

15:01...and I've locked in a particular application to each one of those items.

15:08So in this case, I pass that item's web map to this simple viewer application...

15:14...which is tied in with the elevation profile. This is a very powerful concept, to take...

15:21...have an application that is written to work off of any web map, then it makes it real easy...

15:26...now that we have the sharing API to be able to put those two concepts together.

15:35Now I'm going to show you an application where I need to actually log in to get more information.

15:41So it's asking me to log in. And then once I sign in, I'm simply going to print out all of the items...

15:51...that are part of my content, my root folder for my user, in this little table.

15:57I have a lot of items in here. I also printed out, in the console, each of those items.

16:10Not just the title, but the whole item object.

16:13And here we see all of the information that's coming back from the REST API, and I can access that on the client.

16:26This was a very simple application, but I think it illustrates a few important points.

16:32In this case, my simple JavaScript application, I'm just going to require this portal name space.

16:37That's automatically going to include the Identity Manager components and widget that I need.

16:45I'm going to connect to that portal, passing in the URL to the ArcGIS Online REST API...

16:53...and when it loads, I'm going to get the content.

16:57So once it loads, it's going to give me back this portal object and simply on that portal object I'm going to call signIn.

17:04That's going to prompt me to log in...prompt the user to log in using Identity Manager...

17:10...then upon successful connection, we're going to give...pass back that user object to me...

17:18...and from that user object I can just get all of his items.

17:22And then, for each item, I can pass it to this function to print it out onto the screen and to print it out to the console.

17:44And that little application...basically it made two calls to the REST API...

17:48...one to initialize the portal, and the other to access the user's content.

18:01Okay. Now you can take this API and build something even more sophisticated.

18:09So I'm going to log in with the same credentials.

18:15It's going to load all of that...all of that content in a, you know, a different view on the My Content space.

18:22So it shows me...it gives me a count of all the items that I have.

18:26What are the different types of items?

18:29And I want to see all of the shapefile components or all of the feature services that I've registered.

18:36It gives me a summary of all the tags that I've used, and gives me a simple view of all of the items itself, and I can sort on it.

18:45So this is just to give you an idea on the types of applications that you'll be able to build...

18:50...using the Portal API in conjunction with the ArcGIS Online REST API.

18:57[Inaudible audience comment]

19:13Creating the code and creating the widgets, that's going to be on your web server.

19:17You're going to create that application, that HTML, and you'll serve it there.

19:21It's just accessing the resources to run the API and accessing the resources to actually communicate with ArcGIS Online.

19:35We're not doing "generate," right? That's next? Okay.

19:38Yeah. That's next. Yeah.

19:43Okay. So, I'm going to sort of dive a little bit deeper into the REST API itself.

19:53When you look at the REST API, we've sort of subdivided it into sort of some logical groupings.

20:03So your portal has some search capabilities, has some community capabilities...

20:13...which have to do with users and groups management, and then content capabilities...

20:18...which have to do with managing your items.

20:22So I'll go through each one of these in some more detail.

20:27So the first part of the REST API is to do with managing your portal, your organizational portal...

20:37...and sort of the main call there is the self call, which allows you to get the configuration of the portal that you are talking to.

20:50This self call is...if you access it anonymously, will give you the configuration of the portal.

20:57If you access it as an organizational user, using a token...

21:03...will give you the configuration that the administrator of your organization has set up for you.

21:10So sort of what Jeremy showed where he was setting up what shows up in the gallery and what shows up on your front page.

21:21On these slides, when we publish the slides, we have links to the actual documentation...

21:32...so I'll quickly jump over to the documentation here and show you.

21:37So there's a section...here is our...this is the API documentation itself that is now available online...

21:43...and it's linked off of our help site.

21:45And so we have this portals section down here and when you go to the self...is it visible? I had to increase the font size, so...yeah.

22:01So, self call has a lot of the properties that come back when you call it...

22:07...and so we've documented these under the self documentation...

22:12...and I won't go through the specific, individual properties...

22:15...but I'll just show you when I call the self call itself in ArcGIS Online as an anonymous user, what you get back.

22:27So, self...so this is an example of the JSON that you get back.

22:34You get things back like the portal name that you're accessing...

22:38...the various groups that you should go and look at in order to render your gallery or your basemaps.

22:49The default basemap that might...that you should use for your map, the default extent...

22:57...and also, sort of what goes onto the front page, what we call rotator panels.

23:03Now, if I actually log in and I generate a token...

23:07...so let me jump to just a quick command line tool here that I'm using, cURL...

23:16...just to make a call to get a token off of our server.

23:20This is a simple HTTP tool that you can download off the web.

23:24So here, I'm calling our Generate token end point, getting a token back, I'm passing it my credential and the file...

23:34...so you guys won't see it, but... and I get back a token that I can then use.

23:41One thing to mention quickly, I think it's pretty visible, down at the bottom here, there's an SSL property that returns.

23:50So if you are part of an organization, the organization can set up security...

23:56...so that all your communication to that organization needs to go over SSL.

24:03So that...

24:07Move the window over.

24:09Oh, is it chopped off?

24:10Sorry about that.

24:12We're in the middle?

24:13There we go, okay. So, I was saying, the organization can set up your organization to be all SSL.

24:26So all communication to your organizational content will be over...it needs to be over SSL.

24:33So when you get a token, you also get this property that tells you that this particular user is an SSL user...

24:42...and all the communication back to the server, it needs to be over SSL or not.

24:47In my case, it is not. And we will reject a token if it does not come over SSL, and it is required to.

24:58So if I tack on the token to my request here...

25:02...which is something that the Identity Manager would do for you if you're using JavaScript.

25:05And then there are APIs for administrators to update the portal...

25:10You see that the actual output changes here, so there's different properties.

25:15They're pretty similar, but the content is different because now I'm accessing this call as part of an organization...

25:25...and so the things that the administrator set up are different, so my default extent might be different...

25:31...my feature groups might be different, my gallery groups might be different, and so on.

25:38Also as part of the portal section you have other calls like getting all the languages that the portal supports...

25:47...so we support, I believe, 15 languages currently on ArcGIS Online.

25:54The regions, so there's localized content for different regions that shows up, for instance, for different countries.

26:10...so this is what Jeremy did through the administration UI, but you can actually do through the API.

26:19And there's a user resource, which gives you all the users of your organization, if you're part of one.

26:27Switch back to the slides. The next section of the API is about search.

26:36So the portal is built on a search engine that indexes the various items or the various things that the portal manages...

26:46...the items, the users, and the groups.

26:48And so for each one of those there is an end point that you can use to query for them.

26:54And the query is very similar to your typical, sort of search engine.

26:58If you just put a keyword, it'll search for that keyword, sort of do a full text search on the various fields that we index.

27:09Or you can get more sophisticated and actually ask for certain keywords to be in certain fields, and so on.

27:19So, here's an example of, I want to get all my...all the web maps...all items of type web map.

27:29If I put a minus in front of the query, I don't want that particular keyword.

27:36For instance, I don't want "test" in the title. And the same thing for users and groups.

27:43And so you can do these searches and you can customize them however you want them.

27:49All the searches are based on what your user can see.

27:54So, whatever privileges you have, they will be reflected in the search.

28:01So if you are anonymous and you just do a search...

28:04...you will see all the public content that whoever published said that, you know, everybody could see.

28:13If you are part of an organization, you might see more content because you have access to all the organization's content.

28:24The next part is the community section of things.

28:28So this is the...this is where you manage and create groups and also where you manage users.

28:39Each group and each user has an end point that you can reference to get information about that particular thing.

28:48So groups are referenced by a group ID, whereas users are referenced by user name.

28:55So the URLs are here. Now let me pop out into a browser here and I'll just show you some examples.

29:04So for instance, going back to search, I can search for a group using the community/groups search...

29:19...and I...let's say I search for anything that's...has owner Esri.

29:24So this'll basically return to me some JSON with...

29:29Again move the browser? Sorry about that. More like...hold on, shrink it a little bit, so...does that fit?

29:38A little bit more.

29:39A little bit more?

29:45So this'll return to me...this returns to me 17 results. It's showing me the first 10.

29:52I can page through the searches, through the pages here.

29:57And for each group it's...it gives me some information about the group, including the ID.

30:04So I can cut and paste this and generate the URL of that group resource and...

30:15...and this is the actual information about that group. That's when you see information...

30:23...sort of the details of a group in the web application in our website.

30:28This is what it's getting and sort of rendering nicely.

30:36From that group resource, if you are an administrator, you can do other things.

30:43And let me jump into the documentation here. You can update the group, you can delete the group...

30:50...you can reassign the group. If you're an organizational administrator...

30:53...you can actually reassign the group to other people in your organization...

30:58...in case someone leaves and you need to sort of move things around.

31:03The other concept with groups is that users...administrators can invite people to the groups or users can apply to join groups.

31:16So there is an API to look at applications.

31:20So the administrator of the group can actually look at a list of applications to join their group...

31:30...and on the flip side, the user itself can actually look at the invitations that they got for...

31:39...to join a particular group, and they can accept or decline. And same thing for group applications.

31:47The other thing I just quickly wanted to show you was the user resource.

31:51So each user has a resource that you can access.

31:56So if...if I go to user/ and a user name here, this is what I see just as an anonymous user.

32:06I don't see much information at all. But if I actually use the token, and I'm logged in, I'll see a lot more about my user.

32:17And...and as it is me, I see my e-mail and I see my...how much storage quota I have, and so on and so forth.

32:33I can also update my user to include a description and some tags and so on through the API.

32:41The other concept that's under community is the concept of notifications.

32:45So the group...anytime something happens in the system, there are certain events that get triggered.

32:54So if a user asks to join a group, the administrator of that group will get a notification of that...

33:02...and this...these notifications are then queried by this notification API.

33:08So you can, as that user, you can go to this end point, notifications...

33:13...and actually get a list of notifications that are to do with your user...

33:20...and then you can delete these notifications once you're done with them.

33:31The last set of APIs has to do with content.

33:36So it's all about managing the items in your portal for your user.

33:45So each item has a resource, again with an item ID, so an item ID is a UID basically.

33:53And so you can go to that item ID and actually see information about the item if you have access to the item.

34:00Now the user, when they're managing their own items, sees things a little bit differently.

34:05They see it...what's called user content, and this has links to these items.

34:12And they can also manage these items and put them into folders.

34:16So they can create a one-level hierarchy of folders, which is just for their organization, organizational purposes...

34:27...just to make things clearer for them. It's not really something that gets...that goes beyond their user.

34:35And nobody else will see these. And through this user view of things, they can add items, they can delete items...

34:44...update items, they can move items around. They can also share and unshare items into groups, so they can share these.

34:57If they are members of certain groups or a member of an organization, they can share the items to those.

35:07One...another thing that is under the content section, is the analyze, and generate, and publish.

35:18This is also...this is also the place where you can upload your CSV or shapefile right now...

35:26...and create a hosted service out of it or put it on a...convert it into features that you can then put on a web map.

35:37So there are different calls. There's analyze, there is...which...well, there's analyze...

35:44...which takes your file, and the purpose of it is really to give you back some information...

35:50...to your application about what fields are in that file.

35:56For instance, what geocoding fields might be in your CSV.

36:02For instance, we might detect that you have an address field and a city field and a state field and so on...

36:09...and then have the user sort of modify these inputs and then either call generate or publish.

36:16And generate will convert your CSV or your shapefile into JSON features...

36:23...or publish will actually create a feature service out of your input data so that you can actually consume it.

36:34And of course, you can only call publish if you're part of an organization...

36:36So this is just a very simple app. It's actually going to exercise generate to convert a shapefile...

36:38...who has a subscription and who has access to do hosted services.

36:43The...yeah, Jeremy has a little demo here on using analyze and generate.

36:54Alright, cool. Thanks, Andrea.

37:05...into JSON features that then get added to a JavaScript map.

37:13Choose the file here. Something relatively small. And boom. I have that zipped shapefile now converted...

37:26...to features that are stored directly on this client-side map control.

37:33If we look at what actually happened...let's see here...start that again. One more time.

38:03Okay. So it made a call to generate. So the URL's sharing/REST/content/features/generate...

38:14...and we posted a multipart file upload, which has taken an actual ZIP file, plus some parameters that go with it...

38:27...publish parameters and file types and so on.

38:32Oh, just actually one more thing there.

38:37And it returned back this JSON right here, which is a featureCollection.

38:42Feature collections contain one or many individual feature layers...or feature collection layers. Excuse me.

38:49And in this case, there's just one. And a feature collection layer contain...is an object that contains a feature set...

38:57...which is a...basically, it contains all the features that make up that layer...

39:03...and it contains the layerDefinition, which is the JSON that represents that layer definition.

39:10This layerDefinition JSON, and the featureSet JSON are exactly the same as the JSON you would get...

39:15...if you went to a layer in a map service and got the JSON back, same type of information.

39:21Or if you did a query against a layer in a map service, that gives back a feature set.

39:25So we didn't invent anything new here.

39:26This is just following the basic geoservices API, ArcGIS Server REST API.

39:35We'll look at just a few things on the code here. I have to set a couple of parameters in.

39:41And these are all documented as part of the generate and publish parameters.

39:46The name that I'd like to call it, the target SR, what's the max record count?

39:51Location type is not needed for shapefiles. That's for CSVs.

39:55And then the specific publish parameters. Those are the publish parameters. Excuse me.

40:00And then a few other properties like that it's a shapefile. I want to also pass in the JSON parameter.

40:09Let's call back that HTML [unintelligible] worry about.

40:11And then we're just using esri.request and the JavaScript API to post to this generate URL...

40:19...passing in the form that contains the file upload.

40:25And when it's returned, I get back that featureCollection.

40:30And I'm going to go through each of those layers and for each layer, it's quite simple...

40:36...I can create a client-side feature layer directly passing in that featureCollection object.

40:43And then I also passed in a few other things.

40:45But that's how easy it is to take that featureCollection JSON and create a client-side feature layer that then is a live map.

40:54Back to you.

41:04I just wanted to sort of conclude on the REST API with some information on adding items.

41:10So as far as the REST API goes, the additem call is probably one of the more complicated ones...

41:21...mainly because it involves doing things like multipart post in HTTP.

41:29So it could be that you use a client toolkit that easily does it for you, like a browser...

41:36...but if you're using something lower level, you might have to do some more work here...

41:41...but the addItem call really allows you to add all the information about the item, so it's sort of its item metadata, let's call it...

41:51...and then the information about the actual file itself, if the item is a file.

41:58So for instance, if you're uploading a shapefile, you call addItem, and what you have to do is...

42:05...you have to create a multipart post to the server where one of the sections is the actual binary of the file.

42:14There are different type...there are different ways that you can add the item to our servers.

42:22The first is just synchronous mode, sort of just regular...

42:26...you make one call and when that call has finished, you have an item resource that you can go and actually use.

42:40Now when a file gets uploaded to our server, it does take some time for us to process that file and to put it in the right place.

42:48We also virus scan it and we also analyze it and index it.

42:53So, we also have an option called asynchronous, which is just a switch on your addItem call.

43:01And that will actually...once the file has gotten to our servers, will actually return straight back to you with an item ID...

43:09...and it's the responsibility of the client to then check continually to see...

43:15...to make...until that call returns that the item has been processed.

43:24And that processing depends on how big your file is.

43:27So it could take minutes, sometimes, if you have large files.

43:32The other thing is if you have really large files, there is also a multipart upload.

43:37And so if you have...if you're familiar with sort of the Azure blob store...

43:42...the Amazon S3 store, they implement this concept of multipart upload, which we've also sort of implemented here...

43:53...where you chop up your file into many small pieces and then upload the individual pieces...

43:59...and all you have to tell us is where that piece goes in the entire file.

44:05And once you're done uploading all those pieces, we'll actually put them all together and process it as a regular file.

44:15And those pieces you can upload all at the same time. You can upload them backwards, forward...

44:20...it doesn't matter what order they're in as long as we have a part number...

44:24...for each one that tells us where to put it in the order.

44:28And so that allows you to upload very sizable amounts of data to our servers.

44:35And this is also sort of what our desktop software, for instance...

44:39...does when you're uploading and publishing large sort of rasters and other things to your hosted services.

44:49So that pretty much concludes what I have to say about the REST API, so let me switch back.

44:58A few comments on security flows in terms of working with the API.

45:04Basically, they're...there's many different ways to think about applications...

45:09...but here's one way to think about apps.

45:12There're applications that allow the end user of the application to access content that belongs to the end user, right.

45:20So the examples that Jeremy showed were such. So the application developer wrote the application.

45:27The end user used it. The application allowed the end user to log in.

45:31And then the end user saw what belonged to them or what they were entitled to see.

45:35So that's the first kind of application.

45:38Second kind of application is an application that accesses secured content that belongs to the application.

45:45So I'm an application developer. I created an account with ArcGIS Online, and I stored some information there...

45:52...and now my application's going to access that information, and my users are going to see it.

45:56But my users are not going to log in to ArcGIS Online.

45:59They don't even know that this application's information was coming from ArcGIS Online.

46:04That's the second kind of application. And of course, you could have hybrid applications that do both of these.

46:10So for the first kind of application, the first thing is that the users who are using that application trust that application...

46:18...because they're allowing that application to access their data.

46:20So they know that...you know, they trust that application to work correctly with the data...

46:24...that the application doesn't delete all their data.

46:26Those are all properties of the application and the trust that the user has in that application.

46:32The users need to log in to their accounts by presenting credentials to ArcGIS Online or to the underlying portal...

46:38...and the applications can use this Identity Manager widget that's part of the client SDKs to manage that process.

46:46That's what we talked about earlier and that's what you saw.

46:49That login dialog that the end user saw, all that the application developer had to do...

46:57...they actually didn't have to write any code for that.

46:59They basically just included the appropriate portal module, or the Identity Manager module...

47:05...and then the user gets that dialog, and it's taken care of.

47:10And all the business that we talked about in terms of how it works at the REST API level, that's taken care of.

47:16The Identity Manager takes care of communicating with the service...

47:20...security token service over SSL or HTTPS, getting and renewing tokens...

47:25...and all the subsequent views and transmission of the tokens, the parameters...

47:29...the resulting content, it's also all over SSL, if like Andrea said, if that's been chosen, right.

47:37So the transmission of credentials is always over HTTPS.

47:42All subsequent requests that that application is making can also be configured to be over HTTPS.

47:49And that's a choice not of the application but actually of that user and of that organization.

47:53If they check that on, the application doesn't make requests over SSL, basically, those requests will fail.

48:01Now as far as applications that work with secured app content, that's that second kind of application.

48:07In that case, the application...it's the same model, mechanically, but it's...

48:12...the application has its own credentials for its login, but it needs to communicate with the server.

48:18The user doesn't see any login form. The application credentials should not be exposed to end users.

48:26This implies a server-side flow for these applications.

48:30Applications can use a server-side proxy that's configured with the application credentials.

48:35And all the requests that the applications make to ArcGIS Online, they don't make directly to ArcGIS Online.

48:41They make it back to this proxy servlet or HTTP handler that's part of their website, that's part of their web application...

48:48...and that forwards those requests on to ArcGIS Online with the appropriate credential for that application.

48:55And that's done using the same mechanism.

48:58That proxy's responsible for presenting the credentials and achieving authentication.

49:06And then all subsequent requests should also be over HTTPS as needed...

49:09...if you as an application developer want that for your subscription of your account.

49:15And the other thing is that that proxy should be secured to that application and there's different ways of doing that.

49:21And you can use referers or you can use server-side sessions to do that.

49:28So that concludes our overall presentation on ArcGIS Online, developing with the ArcGIS Online API.

49:35We have time for questions and we'd be glad to take them.