Description
Describe the bug
The APIKeyManager.create() method has two issues:
- When attempting to create an API key with item access privileges (
portal:app:access:item:*), the request fails with a server 500 error and "Invalid Privileges" message - When creating an API key without specifying privileges, it creates a "Legacy" API key, which is deprecated and not fully functional
In both cases, the API key creation via the Python API does not match the functionality available in the ArcGIS Online UI, where proper API keys can be created successfully.
To Reproduce
Steps to reproduce the behavior:
import arcgis
from arcgis.gis import GIS
# Connect to ArcGIS Online
gis = GIS("https://www.arcgis.com", "username", "password")
# Get some item IDs to use for privileges
items = gis.content.search(query="", max_items=5)
item_ids = [item.id for item in items]
# Create API Key Manager
api_key_manager = arcgis.gis._impl.APIKeyManager(gis)
# Attempt 1: Create with item access privileges - This will fail with server error
try:
privileges = [
"portal:user:shareToGroup",
"portal:user:createItem",
f"portal:app:access:item:{item_ids[0]}" # Adding item access privilege
]
new_api_key = api_key_manager.create(
title="API Key With Privileges",
tags="api,key,test",
description="API Key for testing purposes",
privileges=privileges
)
except Exception as e:
print(f"Error creating API key with privileges: {e}")
# Output: "Error creating API key with privileges: Unable to register app. Invalid Privileges (Error Code: 500)"
# Attempt 2: Create without privileges - This creates a legacy API key
new_api_key = api_key_manager.create(
title="API Key Without Privileges",
tags="api,key,test",
description="API Key for testing purposes"
)
print(f"Created API key: {new_api_key}")
# This succeeds but creates a "Legacy" API key in the UIError for Attempt 1:
WARNING:arcgis.gis._impl._content_manager.folder.core:Creating an empty item.
Error creating API key with privileges: Unable to register app. Invalid Privileges (Error Code: 500)
Expected behavior
The create() method should create proper, non-legacy API keys with all specified privileges, including item access privileges (portal:app:access:item:*), just as can be done through the ArcGIS Online UI.
Screenshots
Screenshots showing that API keys created via the Python API appear as "API key (legacy)" in the ArcGIS Online UI, indicating they're not being created correctly.
Platform
- OS: Databricks
- Python API Version: 2.4.0
Additional context
This issue appears to be a fundamental problem with the API Key creation process in the Python API. While the UI allows creation of proper API keys with item access privileges, the Python API either fails or creates deprecated legacy keys. This is a significant limitation for anyone attempting to automate API key management via the Python API.