diff --git a/guide/03-the-gis/working-with-different-authentication-schemes.ipynb b/guide/03-the-gis/working-with-different-authentication-schemes.ipynb index 25768c629d..4b623a7462 100644 --- a/guide/03-the-gis/working-with-different-authentication-schemes.ipynb +++ b/guide/03-the-gis/working-with-different-authentication-schemes.ipynb @@ -453,6 +453,96 @@ "The recommended suggestion for non-interactive login scripts is to use the built-in identity provider instead of SAML." ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## App Authentication using API Key Credentials" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "This workflow demonstrates how to use an Administrative connection to register a new Application, define its security boundaries (Privileges, Expiration, and Referers), and subsequently initialize a restricted GIS session using the generated `client_id`" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "##### 1. Establish Administrative Connection\n", + "Before creating credentials, you must connect to your Portal as an Administrator. This \"Master Connection\" is used to manage the lifecycle of your application identities." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from arcgis.gis import GIS\n", + "\n", + "# Initialize the Admin session\n", + "gis_admin = GIS(url=\"your_organization_url\", username=\"your_admin_username\", password=\"your_admin_ password\")" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "##### 2. Creating the App Identity\n", + "\n", + "The `developer_credentials.create` is a method of the `DeveloperCredentialManager` class that registers the app. Here, we define the \"Security Perimeter\" of the application before it ever logs in." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "from arcgis.gis.admin import TokenPrivilege\n", + "import datetime as dt\n", + "\n", + "# Define the restricted sandbox\n", + "apiKeyCredentials = gis_admin.admin.developer_credentials.create(\n", + " title=\"API Key Credentials\",\n", + " privileges=[TokenPrivilege.PORTAL_USER_VIEWORGUSERS], # Restricted Scope\n", + " expiration=dt.datetime(2026, 3, 8, 11, 29, 22), # Time-limited\n", + " referers=[\"https://example.com\"] # Domain-locked\n", + ")\n", + "\n", + "# Retrieve the Client ID (The App's Username) and the Client Secret (The App's Password)\n", + "client_id = apiKeyCredentials.app_info['client_id']" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "##### 3. Initializing the App Session (App Authentication)\n", + "\n", + "Now, we initialize a new GIS object using the `client_id`. This session is App-authenticated. It does not represent the Admin; it represents the \"API Key Credentials\" app itself." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "# Authenticate as the App\n", + "gis_app = GIS(url=\"https://arcgis.com\", client_id=client_id)" + ] + }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "After running the above cell, it will ask for a token. A browser window will be open up, copy the token from the browser" + ] + }, { "cell_type": "markdown", "metadata": {}, @@ -655,7 +745,7 @@ "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", - "version": "3.13.5" + "version": "3.13.12" }, "toc": { "base_numbering": 1,