Send token in X-Esri-Authentication header for GET requests

[dbouwman]

Still awaiting information re: scope of requests that we can send the token in a header for, but the bottom line is that the AGO portal API supports sending the token via headers for GET requests.

Clarifications requested:

• Is this supported only on GET’s or on all requests? A: All Requests for Portal API
• Is this supported for Enterprise as well as AGO? A: Yes
• Is this supported for Hosted Feature Server requests? no answer yet
• Is this supported for ArcGIS Server requests? if so, what version did it start at? no answer yet
• Is there a confluence page/??? For tracking these sort of API changes? no answer yet

Until we know this header is supported in Server + Hosted Services, we need a means to only apply this on requests originating from arcgis-rest-portal package. We could pass IRequestOptions.headers for those calls, however that breaks the current separation of concerns where request deals w/ session & tokens, and the individual functions remain ignorant of those details. Perhaps we can check if the request url contains the session.portal and if so, append the header... Research needed...

[jgravois]

👋 i wouldn't call it definitive, but i found some doc on X-Esri-Authentication back in the day.

#290 (comment)

[dbouwman]

Hey @jgravois! That's great!