Without an authorized ArcGIS Online account, you can only access public data through the Urban API. Use an access token to access private data associated with an account, organization, or group.
The Urban API uses the ArcGIS Online authentication workflows to authenticate a user.
Familiarize yourself with authentication in ArcGIS Online to understand how to handle authentication in your applications.
There are several methods for authentication but OAuth2 is probably the most common one. You can use the OAuth2 endpoints directly, as described in the OAuth2 documentation. You can also use a helper library such as ArcGIS REST JS (Javascript).
Access token
Get the access token authenticating an ArcGIS Online user by following the instructions in the section above.
Then, authenticate the user by adding the access token to the request using the X-Esri-Authorization header:
X-Esri-Authorization:
You can authenticate a user regardless of how you interact with the Urban API. See the sections below to learn how to use access tokens with cURL or GraphiQL.
Authentication with cURL
Authenticate the user through the cURL command by adding the access token to the request's header:
curl \
-X POST \
-H "Content-Type: application/json" \
-H "X-Esri-Authorization: Bearer ACCESS_TOKEN" \
--data '{ "query": "{ urbanModels { id title } }" }' \
https://urban-api.arcgis.com/graphqlAuthentication in GraphiQL
Authenticate the user in GraphiQL by adding the following content to the HTTP Headers tab:
{
"X-Esri-Authorization": "Bearer ACCESS_TOKEN"
}