robert-claypool
commented
5 years ago @JedGrubbs, I have published all iCreek streams (healthy, unhealthy, and unassessed) at https://25.maps.arcgis.com/home/item.html?id=9f2e3de95f38483b8ec22077cbba13f0
The description and metadata are intentionally empty to discourage use because also this feature layer is public.
My account has 2,500 service credits - more than I'll ever need - so iCreek streams can live in this account while we develop the app. As we near deployment and a public announcement of the new site, we can revisit this issue and decide if a proxy is needed and where the streams layer should live permanently.
JedGrubbs
Problem
If we use an ArcGIS Online hosted feature service for streams, then we can either make it
publicor keep itprivate.Hosting this data as
publichas a certain risk: no matter how the data is used (by iCreek, by some other app, or by any user on arcgis.com), that usage will be charged to our ArcGIS Online account. There are thousands of water related layers on arcgis.com, so unless we advertise or promote our particular layer, I doubt anyone will use it outside of iCreek, but there is no guarantee.Solution
A hosted feature service can be used privately (securely) if we also use a proxy to handle logins. In this setup, iCreek would request streams from our proxy, the proxy would use a named login to get a token, then the proxy would request the streams and send them to iCreek. As far as iCreek is concerned, the proxy becomes our feature service. Since login credentials are hidden by the proxy, the proxy becomes a secure gate-keeper to our private feature service. This stops any random person or app from using iCreek streams except though iCreek itself. It also gives us an easy place to rate limit the flow of data; the proxy can, for example, limit requests to ArcGIS Online at a rate of 1000 per minute - thereby protecting our account from overuse which would otherwise eat up too many Esri service credits.
Unfortunately, Esri won't host the proxy for us (they do have a proxy service, but it only works with premium services like routing, not with hosted feature layers), so we'd have to choose a host like Microsoft Azure or Amazon AWS to run our proxy code. Hosting a proxy won't be expensive (probably pennies per month if we go "serverless"!), but still the proxy is one more thing to maintain and the hosting account is one more thing to setup, secure, and have attached to a credit card.
As you can see, proxies are a pain to setup and I'm not sure if we need one. Will we run into issues with a
publichosted feature service? I don't know. The proxy would protect us from abuse and overuse of our streams data, but probably the data won't be abused or overused even if it is public.This issue is to document our options and have a place for discussion.