Access tokens

What is an access token?

An access token is an authorization string that provides secure access to ArcGIS resources. Your app must present an access token whenever it makes an authenticated request to location services or private content. They define the scope of privileges available to your application, and their properties vary based on the type of authentication used to obtain them. Access tokens are always associated with an ArcGIS account, and service usage with the token will be billed to that account's ArcGIS subscription.

Use dark colors for code blocksCopy
AAPK033d7ed7a735484ebc15eb6d787d25a94MP1Gsh6eCLSeruJEVU0gD6CFSGqgVdz1naRx9QWKjOkdwYGLDJFJxIF_MRTAwLk

A sample access token (API key)

You can get an access token by implementing a type of authentication in your app. Different types of authentication result in access tokens with different privileges.

Types of access tokens

There are two types of access tokens that have different durations.

Type of token	Type of authentication	Description
Permanent	API key authentication	Permanent API keys do not expire. They are created, managed, and deleted in the developer dashboard.
Short-lived	User authentication, app credential authentication	Expires after a set amount of time, usually 30 minutes by default. Privileges vary based on the type of authentication used to obtain them. Short-lived tokens are usually paired with refresh tokens.

Access token privileges

Access tokens have different privileges depending on the method used to obtain them. The following table compares the privileges of access tokens from different types of authentication.

	API key access tokens	User authentication access tokens	App credential authentication access tokens
Ready-to-use services
Public content
Secure content	¹
Subscriber and premium content
Content management services	²

Full supportPartial supportNo support

1. ArcGIS Developer subscriptions only
2. ArcGIS Developer subscriptions only, limited

Access tokens from user authentication are associated with a user's ArcGIS account and access services and content on their behalf. The level of access authorized to a user authentication token is determined by the associated account's roles and privileges.

How to use an access token

You can make use an access token to make an authenticated request to ArcGIS resources. To make authenticated requests to location services, you need to set the token parameter of the REST API request.

Use dark colors for code blocksCopy
https://<LOCATION_SERVICE_URL>?token=<ACCESS_TOKEN>

Sample REST API request to a location service that is authenticated using an access token

You can also make requests to ArcGIS REST APIs by using an ArcGIS Maps SDK.

Code examples

The following code examples show how to use access tokens to authenticate REST API requests to ArcGIS resources.

Access a basemap style

This example accesses the ArcGIS Outdoor basemap style from the basemap styles service.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
curl https://basemapstyles-api.arcgis.com/arcgis/rest/services/styles/v2/styles/arcgis/outdoor? \
-d "token=<ACCESS_TOKEN>"

Go to topic

Use dark colors for code blocksCopy
{
    "glyphs":"https://basemaps-api.arcgis.com/arcgis/rest/services/World_Basemap_v2/VectorTileServer/resources/fonts/{fontstack}/{range}.pbf?token=AAPKcc58d292d8d24415af677a38d7adbcc1vMHlBBqqnttVrFKhCQWB8nT8YPjlQs3HPY3fKeV7-__w6LuMKgmag1MubRUgaAaA",
    "layers":[
        {
            "filter":["in","_symbol",0],
            "id":"Land",
            "layout":{},
            "minzoom":0,
            "paint": {
                "fill-color": {
Expand

Perform geocoding

This example performs a forward geocode by making a request to the geocoding service.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
4
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<ACCESS_TOKEN>"

Go to topic

Use dark colors for code blocksCopy
{
    "spatialReference": {
      "wkid": 4326,
      "latestWkid": 4326
    },
    "candidates": [
      {
        "address": "1600 Pennsylvania Ave NW, Washington, District of Columbia, 20500",
        "location": {
          "x": -77.036548499999995,
Expand

Access a feature service

This example retrieves features from a feature service.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
4
5
curl https://services3.arcgis.com/GVgbJbqm8hXASVYi/arcgis/rest/services/LA_County_Parcels/FeatureServer/0/query? \
-d "where=1=1" \
-d "outFields=*" \
-d "f=json" \
-d "token=<ACCESS_TOKEN>"

Go to topic

Use dark colors for code blocksCopy
{
    "objectIdFieldName":"OBJECTID",
    "uniqueIdField":{"name":"OBJECTID","isSystemMaintained":true},
    "globalIdFieldName":"",
    "geometryProperties":{"shapeAreaFieldName":"Shape__Area","shapeLengthFieldName":"Shape__Length","units":"esriMeters"},
    "geometryType":"esriGeometryPolygon",
    "spatialReference":{"wkid":102100,"latestWkid":3857},
    "fields":[
        {
            "name":"OBJECTID",
Expand

Get item details

This example accesses a private item hosted in ArcGIS.com and retrieves its properties.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<ACCESS_TOKEN>'

Go to topic

Use dark colors for code blocksCopy
{
    "id": "ITEM_ID",
    "owner": "OWNER",
    "orgId": "ORG_ID",
    "created": "DATE_CREATED",
    "modified": "DATE_MODIFIED",
    "guid": null,
    "name": null,
    "title": "ITEM_TITLE",
    "type": "ITEM_TYPE"
Expand

Tutorials

Create and manage an API key

Create and configure an API key to access ArcGIS resources.

Developer dashboard

Register an OAuth 2.0 application

Developer dashboard

Implement user authentication

Authenticate ArcGIS users with OAuth 2.0

JavaScript

ArcGIS REST JS

.NET

Mapping APIs and location services

Access tokens

Related video

Was this page helpful?

How-to video

Was this page helpful?