"}],"short_description":"Read this blog article to learn about using OAuth in ArcGIS Velocity.","flexible_content":[{"acf_fc_layout":"content","content":"In modern web-based software, the need for secure and efficient authorization protocols is critical. Traditional methods of granting access to sensitive data often involve sharing usernames and passwords, which presents several risks to organizations. These risks include potential breaches of personal information, unauthorized access, and difficulties in managing permissions across various applications. These risks have resulted in many data providers choosing to secure their data using OAuth, which is an open standard authorization framework. To support ingesting or disseminating data using HTTP endpoints that are secured with OAuth, ArcGIS Velocity supports configuring the HTTP Poller feed and data source types and HTTP output type with OAuth.<\/p>\n
Open Authorization (OAuth) is one of the most commonly used authorization frameworks. OAuth allows you to give one application, in this case, ArcGIS Velocity, permission to access your data or use features in another without directly providing your username and password. Instead of accessing your data source directly with a username and password, OAuth allows you to authorize yourself with an access token.\u00a0An access token provides limited access to data at a secured endpoint for a specific period.<\/p>\n
We can think of access tokens like a key card you receive when checking into a hotel. You are authenticated at the front desk using your driver\u2019s license when you arrive at the hotel. Once this is complete, you are provided with a key card. This key card authorizes you to access your hotel room and other amenities like the gym or pool for the duration of your stay. It will only work for the rooms you can access and will not work after your hotel reservation ends. If you lose your key card, anyone else could use it, as it does not retain any information about how you were authenticated when you checked in. If needed, the hotel can also revoke the key card, which will stop working immediately.<\/p>\n
Access tokens work very similarly in that we obtain them by authenticating with the authorization server. They specify the resources we can access and the duration of that access. Anyone can use the access token and the token can be revoked at any time.<\/p>\n
We have three primary components when using OAuth \u2013 our client, in this example, ArcGIS Velocity, an authorization server, and a resource server. The authorization server is a key component of OAuth and is responsible for authenticating users and issuing access tokens with proper access policies. It can do this because of the trust it has established with the resource server. The resource server will hold our secured resource, such as an API providing vehicle data access.<\/p>\n
The first step of this workflow is for ArcGIS Velocity to request an access token from the authorization server. If this request is made correctly with the parameters the authorization server expects, the authorization server will return a response as shown in the image below. The response includes an access token, a refresh token, the token\u2019s type, and an expiration value that tells us when the access token will expire. Note that refresh tokens are a central part of OAuth but are not required.<\/p>\n"},{"acf_fc_layout":"content","content":"
{\r\n \"access_token\": \"08bf97c5r29a77b38eba32455e950f435dxe677\",\r\n \"token_type\": \"Bearer\",\r\n \"expires_in\": 3600,\r\n \"refresh_token\": \"2523f32db4aa52nalp906b2984301e4907b37x\"\r\n}<\/code><\/pre>\n"},{"acf_fc_layout":"content","content":"After ArcGIS Velocity obtains an access token, it can use this access token to request data from the resource server.<\/p>\n
ArcGIS Velocity can be configured to utilize the access token\u2019s expiration value and refresh token to send a request to the authorization server\u2019s refresh token endpoint when the access token expires. The refresh token endpoint will provide ArcGIS Velocity with a new access token and refresh token to use in subsequent requests.<\/p>\n
Configuring OAuth in ArcGIS Velocity<\/strong><\/h3>\nOAuth 2.0 authorization is currently available for HTTP endpoints that follow the Client Credentials or Password grant types. Refresh token configuration is available for the HTTP Poller feed type and HTTP output type when configured in real-time analytics. The HTTP Poller data source type does not support refresh token configuration, as the source will only need to get an access token at the beginning of every big data analytic run or only once in a real-time analytic the first time the analytic starts. The HTTP output does not support refresh token configuration when used in a big data analytic for the same reason.<\/p>\n
In the explanation below, I\u2019ve opted to utilize the HTTP Poller feed type, as this will allow me to demonstrate the optional refresh token configuration step. I start the configuration process by choosing Create Feed > Web and Messaging > HTTP > HTTP Poller.<\/p>\n
On the \u201cConfigure HTTP Poller\u201d page, I will enter the HTTP endpoint used to access data on my resource server for the URL parameter. I\u2019ve chosen GET as the HTTP Method, as my resource server expects a GET request from clients to pull data. For the custom headers parameter, I\u2019ve set a parameter \u201cAuthorization\u201d: \u201cBearer $accessToken,\u201d as my resource server is configured to only return data if the incoming request includes an \u201cAuthorization\u201d header with a valid bearer token as a value.\u00a0Note that $accessToken is a global variable \u2013 ArcGIS Velocity will be able to populate this value and update it as needed based on the configuration we will complete below. Following these changes, I will select \u201cOAuth\u201d under \u201cAuthentication\u201d and then select \u201cConfigure OAuth\u201d. Your resource server may require URL parameters or additional headers, which should be added before preceding.<\/p>\n"},{"acf_fc_layout":"image","image":{"ID":2630282,"id":2630282,"title":"image2","filename":"Untitled-design-6.png","filesize":62363,"url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6.png","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-velocity\/real-time\/enhancing-data-security-a-guide-to-implementing-oauth-in-arcgis-velocity\/untitled-design-6-7","alt":"image showing configure http poller feed type in ArcGIS Velocity.","author":"349902","description":"","caption":"In the Configure HTTP Poller window, a URL endpoint is specified for the resource server, an HTTP Method of GET is chosen, Authentication type is set to OAuth, and a header \u201cAuthorization\u201d:\u201dBearer $accessToken\u201d is set. Optionally, URL parameters, additional headers, long polling, global variables, and additional logging can be configured.","name":"untitled-design-6-7","status":"inherit","uploaded_to":2629942,"date":"2024-12-17 20:07:23","modified":"2024-12-17 20:08:17","menu_order":0,"mime_type":"image\/png","type":"image","subtype":"png","icon":"https:\/\/www.esri.com\/arcgis-blog\/wp-includes\/images\/media\/default.png","width":826,"height":465,"sizes":{"thumbnail":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6-213x200.png","thumbnail-width":213,"thumbnail-height":200,"medium":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6.png","medium-width":464,"medium-height":261,"medium_large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6.png","medium_large-width":768,"medium_large-height":432,"large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6.png","large-width":826,"large-height":465,"1536x1536":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6.png","1536x1536-width":826,"1536x1536-height":465,"2048x2048":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6.png","2048x2048-width":826,"2048x2048-height":465,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6.png","card_image-width":826,"card_image-height":465,"wide_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-6.png","wide_image-width":826,"wide_image-height":465}},"image_position":"center","orientation":"horizontal","hyperlink":""},{"acf_fc_layout":"content","content":"
Next, I am prompted to configure options for requesting an access token. For the access token endpoint parameter, I will enter the HTTP endpoint to request an access token from my authorization server. Your HTTP Method, POST body, URL parameters, and custom headers will depend on the values expected by your access token endpoint. In this case, my authorization server expects a POST request with the expected values in the POST body for \u201cgrant_type\u201d, \u201cusername\u201d, \u201cpassword\u201d, \u201cclient_id\u201d, \u201cclient_secret\u201d, and \u201cscope.\u201d<\/p>\n"},{"acf_fc_layout":"image","image":{"ID":2630322,"id":2630322,"title":"image3","filename":"Untitled-design-7.png","filesize":57311,"url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7.png","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-velocity\/real-time\/enhancing-data-security-a-guide-to-implementing-oauth-in-arcgis-velocity\/untitled-design-7-5","alt":"image of the \"Configure OAuth\" modal in ArcGIS Velocity.","author":"349902","description":"","caption":"On the Configure options for requesting an access token window, the URL for the access token endpoint on the authorization server is set as the access token endpoint, an HTTP Method of POST is selected, and a POST body is configured based on the format expected by the authorization server. Optionally, URL parameters and custom headers can be configured.","name":"untitled-design-7-5","status":"inherit","uploaded_to":2629942,"date":"2024-12-17 20:11:29","modified":"2024-12-17 20:12:16","menu_order":0,"mime_type":"image\/png","type":"image","subtype":"png","icon":"https:\/\/www.esri.com\/arcgis-blog\/wp-includes\/images\/media\/default.png","width":826,"height":465,"sizes":{"thumbnail":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7-213x200.png","thumbnail-width":213,"thumbnail-height":200,"medium":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7.png","medium-width":464,"medium-height":261,"medium_large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7.png","medium_large-width":768,"medium_large-height":432,"large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7.png","large-width":826,"large-height":465,"1536x1536":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7.png","1536x1536-width":826,"1536x1536-height":465,"2048x2048":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7.png","2048x2048-width":826,"2048x2048-height":465,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7.png","card_image-width":826,"card_image-height":465,"wide_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Untitled-design-7.png","wide_image-width":826,"wide_image-height":465}},"image_position":"center","orientation":"horizontal","hyperlink":""},{"acf_fc_layout":"content","content":"
When I click \u201cTest\u201d, ArcGIS Velocity will attempt to obtain an access token from the endpoint specified. If this test fails, verifying that you\u2019ve configured the request successfully by attempting the same request outside of ArcGIS Velocity (ex: using Postman or PowerShell) can be helpful. You can also use the Developer Tools in your browser to see if your resource server returned a response or error to this test request.<\/p>\n
If this test is successful, ArcGIS Velocity will prompt you to identify which key\/value pair will be used to obtain your access token. In the case below, I will click \u201caccess_token\u201d. As a note, ArcGIS Velocity expects a key\/value pair and does not currently support other formats.<\/p>\n"},{"acf_fc_layout":"image","image":{"ID":2630332,"id":2630332,"title":"Image4","filename":"Image4.png","filesize":40147,"url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4.png","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-velocity\/real-time\/enhancing-data-security-a-guide-to-implementing-oauth-in-arcgis-velocity\/image4-24","alt":"In ArcGIS Velocity, OAuth is being configured.","author":"349902","description":"","caption":"On the Identify fields from a sample access token request window, the access token key\/value is selected. Optionally, users can configure a refresh token and expiration.","name":"image4-24","status":"inherit","uploaded_to":2629942,"date":"2024-12-17 20:13:57","modified":"2024-12-17 20:15:00","menu_order":0,"mime_type":"image\/png","type":"image","subtype":"png","icon":"https:\/\/www.esri.com\/arcgis-blog\/wp-includes\/images\/media\/default.png","width":1495,"height":489,"sizes":{"thumbnail":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4-213x200.png","thumbnail-width":213,"thumbnail-height":200,"medium":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4.png","medium-width":464,"medium-height":152,"medium_large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4.png","medium_large-width":768,"medium_large-height":251,"large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4.png","large-width":1495,"large-height":489,"1536x1536":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4.png","1536x1536-width":1495,"1536x1536-height":489,"2048x2048":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4.png","2048x2048-width":1495,"2048x2048-height":489,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4-826x270.png","card_image-width":826,"card_image-height":270,"wide_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image4.png","wide_image-width":1495,"wide_image-height":489}},"image_position":"center","orientation":"horizontal","hyperlink":""},{"acf_fc_layout":"content","content":"
ArcGIS Velocity also provides the option to configure the refresh token and access token expiration from this page, both of which are optional. If a refresh token is specified without an expiration, ArcGIS Velocity will attempt a refresh token request if a data request fails twice in a row. In my case, I\u2019ve chosen \u201crefresh_token\u201d as my refresh token and \u201cexpires_in\u201d as my expiration. My access tokens expire after 3600 seconds, so I\u2019ve selected \u201cduration\u201d and \u201cseconds\u201d for my expiration type. With these options selected, ArcGIS Velocity will automatically use the refresh token endpoint to obtain a new access token from the authorization server when the access token expires.<\/p>\n"},{"acf_fc_layout":"image","image":{"ID":2630392,"id":2630392,"title":"Image5","filename":"Image5.png","filesize":46371,"url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5.png","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-velocity\/real-time\/enhancing-data-security-a-guide-to-implementing-oauth-in-arcgis-velocity\/image5-21","alt":"Sample window of \"Configure OAuth\" in ArcGIS Velocity.","author":"349902","description":"","caption":"When an expiration is set in the Identify fields from a sample access token request window, users can choose a Duration or Timestamp and choose the units from the dropdown to identify the length of time that an access token can be used before it needs to be refreshed.","name":"image5-21","status":"inherit","uploaded_to":2629942,"date":"2024-12-17 20:22:22","modified":"2024-12-17 20:23:14","menu_order":0,"mime_type":"image\/png","type":"image","subtype":"png","icon":"https:\/\/www.esri.com\/arcgis-blog\/wp-includes\/images\/media\/default.png","width":1499,"height":549,"sizes":{"thumbnail":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5-213x200.png","thumbnail-width":213,"thumbnail-height":200,"medium":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5.png","medium-width":464,"medium-height":170,"medium_large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5.png","medium_large-width":768,"medium_large-height":281,"large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5.png","large-width":1499,"large-height":549,"1536x1536":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5.png","1536x1536-width":1499,"1536x1536-height":549,"2048x2048":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5.png","2048x2048-width":1499,"2048x2048-height":549,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5-826x303.png","card_image-width":826,"card_image-height":303,"wide_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image5.png","wide_image-width":1499,"wide_image-height":549}},"image_position":"center","orientation":"horizontal","hyperlink":""},{"acf_fc_layout":"content","content":"
If a refresh token was configured in the previous step, we will need to configure a sample request to the refresh token endpoint, which will allow ArcGIS Velocity to obtain a new access token and refresh token. Similarly to the access token endpoint, I will enter the HTTP endpoint to request a refresh token from my authorization server for the refresh token endpoint parameter. Your Method, POST body, URL parameters, and Custom headers will depend on the values expected by your refresh token endpoint. In my case, my authorization server expects a POST request with the expected values in the POST body for \u201cgrant_type\u201d, \u201crefresh_token\u201d, \u201cclient_id\u201d, \u201cclient_secret\u201d, and \u201cscope.\u201d<\/p>\n
My refresh token endpoint requires that I provide my refresh token value in the POST body to obtain a new access token. In the refresh token request, ArcGIS Velocity supports both the $refreshToken and $accessToken global variables in the POST body, URL parameters, and custom headers, as the expected format and location of these global variables will depend on the authorization server configuration.<\/p>\n"},{"acf_fc_layout":"image","image":{"ID":2630382,"id":2630382,"title":"Image6","filename":"Image6.png","filesize":69794,"url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6.png","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-velocity\/real-time\/enhancing-data-security-a-guide-to-implementing-oauth-in-arcgis-velocity\/image6-19","alt":"\"Configure OAuth\" modal in ArcGIS Velocity.","author":"349902","description":"","caption":"On the Configure options for requesting a refresh token window, the HTTP endpoint for requesting a refresh token from the authorization server is set as the refresh token endpoint, an HTTP Method of POST is selected, and a POST body is configured based on the configuration expected by the authorization server. Optionally, URL parameters and custom headers can be configured.","name":"image6-19","status":"inherit","uploaded_to":2629942,"date":"2024-12-17 20:21:12","modified":"2024-12-17 20:22:05","menu_order":0,"mime_type":"image\/png","type":"image","subtype":"png","icon":"https:\/\/www.esri.com\/arcgis-blog\/wp-includes\/images\/media\/default.png","width":1350,"height":803,"sizes":{"thumbnail":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6-213x200.png","thumbnail-width":213,"thumbnail-height":200,"medium":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6.png","medium-width":439,"medium-height":261,"medium_large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6.png","medium_large-width":768,"medium_large-height":457,"large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6.png","large-width":1350,"large-height":803,"1536x1536":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6.png","1536x1536-width":1350,"1536x1536-height":803,"2048x2048":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6.png","2048x2048-width":1350,"2048x2048-height":803,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6-782x465.png","card_image-width":782,"card_image-height":465,"wide_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image6.png","wide_image-width":1350,"wide_image-height":803}},"image_position":"center","orientation":"horizontal","hyperlink":""},{"acf_fc_layout":"content","content":"
When I click \u201cTest\u201d, ArcGIS Velocity will attempt to obtain a refresh token from the endpoint specified. Similarly to the access token sample request, Postman, PowerShell, and your browser\u2019s Developer tools can help troubleshoot unsuccessful connections. If this test is successful, ArcGIS Velocity will prompt you to identify which key\/value pair will be used to obtain your access token and refresh token, similar to the workflow we followed above for the access token configuration. In my case, I\u2019ve chosen \u201caccess_token\u201d and \u201crefresh_token.\u201d<\/p>\n"},{"acf_fc_layout":"image","image":{"ID":2630402,"id":2630402,"title":"Image7","filename":"Image7.png","filesize":45778,"url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7.png","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-velocity\/real-time\/enhancing-data-security-a-guide-to-implementing-oauth-in-arcgis-velocity\/image7-14","alt":"In the Identify fields from a sample refresh token request window, the access token and refresh token key\/value pairs are identified.","author":"349902","description":"","caption":"In the Identify fields from a sample refresh token request window, the access token and refresh token key\/value pairs are identified.","name":"image7-14","status":"inherit","uploaded_to":2629942,"date":"2024-12-17 20:24:03","modified":"2024-12-17 20:24:19","menu_order":0,"mime_type":"image\/png","type":"image","subtype":"png","icon":"https:\/\/www.esri.com\/arcgis-blog\/wp-includes\/images\/media\/default.png","width":1499,"height":446,"sizes":{"thumbnail":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7-213x200.png","thumbnail-width":213,"thumbnail-height":200,"medium":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7.png","medium-width":464,"medium-height":138,"medium_large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7.png","medium_large-width":768,"medium_large-height":229,"large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7.png","large-width":1499,"large-height":446,"1536x1536":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7.png","1536x1536-width":1499,"1536x1536-height":446,"2048x2048":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7.png","2048x2048-width":1499,"2048x2048-height":446,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7-826x246.png","card_image-width":826,"card_image-height":246,"wide_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image7.png","wide_image-width":1499,"wide_image-height":446}},"image_position":"center","orientation":"horizontal","hyperlink":""},{"acf_fc_layout":"content","content":"
Following this, we are brought back to the \u201cConfigure HTTP Poller\u201d page. When we click \u201cNext\u201d, ArcGIS Velocity will attempt a test connection call to your resource server using an access token from your authorization server. We can configure our schema, key fields, and feed polling interval as we would for any other HTTP Poller feed.<\/p>\n
As a helpful note, the HTTP Poller feed and HTTP output include the option to \u201cEnable Request Logging\u201d. If a feed or output that uses OAuth is not working as expected, this property can be enabled to assist with troubleshooting. When this parameter is enabled, all access token, refresh token, and data requests will be logged in ArcGIS Velocity\u2019s logs. If data is not being ingested or written as expected, view the responses from the access token, refresh token, and data requests to help identify if changes need to be made to your OAuth workflow. This property should only be enabled for troubleshooting purposes and disabled when troubleshooting is complete.<\/p>\n"},{"acf_fc_layout":"image","image":{"ID":2630412,"id":2630412,"title":"Image8","filename":"Image8.png","filesize":92303,"url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8.png","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-velocity\/real-time\/enhancing-data-security-a-guide-to-implementing-oauth-in-arcgis-velocity\/image8-11","alt":"Image of the Configure HTTP Poller window","author":"349902","description":"","caption":"Once OAuth is configured, the Configure HTTP Poller window will open. This window provides an optional \"Enable Request Logging\" parameter, which will log all access token, refresh token, and data requests to assist with troubleshooting.","name":"image8-11","status":"inherit","uploaded_to":2629942,"date":"2024-12-17 20:24:54","modified":"2024-12-17 20:25:28","menu_order":0,"mime_type":"image\/png","type":"image","subtype":"png","icon":"https:\/\/www.esri.com\/arcgis-blog\/wp-includes\/images\/media\/default.png","width":1345,"height":944,"sizes":{"thumbnail":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8-213x200.png","thumbnail-width":213,"thumbnail-height":200,"medium":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8.png","medium-width":372,"medium-height":261,"medium_large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8.png","medium_large-width":768,"medium_large-height":539,"large":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8.png","large-width":1345,"large-height":944,"1536x1536":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8.png","1536x1536-width":1345,"1536x1536-height":944,"2048x2048":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8.png","2048x2048-width":1345,"2048x2048-height":944,"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8-663x465.png","card_image-width":663,"card_image-height":465,"wide_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2024\/12\/Image8.png","wide_image-width":1345,"wide_image-height":944}},"image_position":"center","orientation":"horizontal","hyperlink":""},{"acf_fc_layout":"content","content":"
Conclusion<\/strong><\/h3>\nWe can now successfully configure an HTTP Poller feed, data source, or HTTP output using the OAuth authorization, allowing us to utilize HTTP endpoints secured with OAuth 2.0 in our analytics in ArcGIS Velocity. Using the configuration outlined above, ArcGIS Velocity can successfully obtain access tokens and refresh those tokens as necessary, all without any manual user interaction, and utilize these tokens to access secured data. As OAuth is\u00a0one of the most widely used authorization frameworks, this capability opens the door to utilizing these secured endpoints to support our GIS workflows.<\/p>\n