User Management and Access Control > Configuring Public Access to ThingWorx
  
Configuring Public Access to ThingWorx
In Vuforia Studio, Experiences contained in a published project can be made publicly accessible by setting the project's Access property to Public. This enables the content that is published to the Experience Service to be accessible without authentication. If the public Experiences require access to data in ThingWorx, then the Experience Service must be configured to allow the public Experiences to access ThingWorx anonymously.
The Experience Service acts as a proxy for the ThingWorx server. When an experience makes a request to ThingWorx to retrieve a property value or invoke a service, request is first routed through the Experience Service. If the experience is public, then the Experience Service proxy appends an application key to the request before forwarding the request to the ThingWorx server. This application key identifies the ThingWorx credentials used to execute the request. The Experience Service must be configured with an appropriate application key for the required ThingWorx public access to be granted Experiences.
If an experience provides data from ThingWorx, public access to the data in ThingWorx must also be provided.
Application Key Configuration
* 
When configuring the ThingWorx Server in the installer, if you chose the option to Configure Public Access to ThingWorx Core Server, then the public access application key configuration described in this section is automatically completed by the installer. If you choose to manually create this application key, follow the instructions below.
To allow public Experiences access to ThingWorx without prompting users to authenticate, the Experience Service and the associated ThingWorx server must be configured to enable public access. To allow public access to ThingWorx, an application key must be created in ThingWorx that can be used to access any properties or services in ThingWorx required by publicly connected Experiences. Use the following steps to create the necessary application key in ThingWorx.
1. Create a user named es-public-access.
2. Create an organization named es-public-access-org.
3. Add the es-public-access user to the es-public-access-org organization.
4. Configure the user so that it has the necessary permissions to access the ThingWorx data required by the public Experiences. For more information about the permissions that must be granted to the es-public-access user, see the “User Authorization” section below.
5. Configure the es-public-access-org organization so that it has the necessary visibility permissions to access the ThingWorx data required by the public Experiences. For more information about the visibility permissions that must be granted to the es-public-access-org organization, see the “User Authorization” section below.
6. Create an application key and associate it with the es-public-access user. For more information, see Generate an Application Key.
* 
Be sure to set an appropriate expiration date for the application key.
7. Edit the configuration.json file located in the Experience Service installation directory, and set the value of the proxies.0.appKey parameter equal to the value of the keyId property for the application key that was created in Step 6.
User Authorization for WebSocket Connections
* 
When configuring the ThingWorx Server in the installer, if you chose the option to Configure Public Access to ThingWorx Core Server, then the access control configuration described in this section will be completed automatically by the installer. These instructions are included in case you choose to manually configure the required permissions.
To allow users of public Experiences to access the required properties and services in ThingWorx, the es-public-access user defined above must be granted the following permissions in ThingWorx for WebSocket connections:
Run Time Service Execute—permission for the GetClientApplicationKey service on the EntityServices resource
Visibility—permission on the EntityServices resource
Run Time Instance Service Execute—permission for the SDKGateway thing template
Visibility Instance—permission on the SDKGateway thing template
For more information on granting these permissions, see the “Enabling WebSocket Connections” section in Granting User Permissions.
User Authorization for Experience Data
* 
This section describes permissions that must be granted to allow users of your public connected Experiences to access ThingWorx properties, services, and events required by those Experiences. Since each experience has its own unique requirements for access to ThingWorx properties, services, and events, the configuration described in this section is not performed by the installer and must be completed manually.
To allow users of public Experiences to access the ThingWorx properties, services and events used by your public connected Experiences, the es-public-access user defined above must be granted the following permissions in ThingWorx:
Run Time Property Read—permission for any additional properties whose values are displayed in a public experience
Run Time Property Write—permission for any additional properties whose values are modified in a public experience
Run Time Service Execute—permission for any additional services used by a public experience
Visibility—permission for any entities accessed by a public experience
For more information on granting these permissions, see the “Enabling Access to Properties, Services, and Events” section in Granting User Permissions.