Skip to content

Introduction to app authentication

App authentication is a type of authentication that generates short-lived access tokens based on a set of OAuth credentials. The access tokens are associated with your ArcGIS account, and can be used to to authenticate requests to access secure ArcGIS services and items.

App authentication is typically implemented on a web server or in standalone console scripts. This is to avoid exposing the confidential client_id and client_secret values contained within OAuth credentials. App authentication is not recommended for client applications without a web server, or in private applications that require users to sign in.

You can use app authentication to:

  • Create web servers and automation scripts that access the portal service and spatial analysis services.
  • Create public applications that do not require users to sign in.
  • Build applications that access location services and items such as hosted layers and data services.
  • Authenticate with an OAuth 2.0 process that provides better security than API key authentication.
  • Access secure resources with the privileges of your ArcGIS account.

How app authentication works

Client credentials flow
The client credentials flow used in app authentication. To learn more, go to Client credentials flow

Apps that implement app authentication submit requests for access tokens using an OAuth 2.0 client_id and client_secret. These values are generated from OAuth credentials and should remain confidential at all times.

The high-level process of app authentication is as follows:

  1. Include a client_id and client_secret from OAuth credentials in your server script.
  2. Create an endpoint for clients to request access tokens.
  3. When a client requests a token, submit a request to the token endpoint of your portal service.
  4. Deliver the resulting access token to the client.
  5. The client uses the access token to access secure resources.

OAuth credentials

OAuth credentials are an item used to support multiple types of authentication. They are required to implement app authentication. The most common pattern is to create a new OAuth credentials item for each application. OAuth credentials are used to obtain a client ID and client secret for your app, as well as to determine the privileges your application will have access to.

Product and account requirements

App authentication is available with ArcGIS Location Platform, ArcGIS Online, and ArcGIS Enterprise.

To create and manage OAuth credentials for app authentication, you need an ArcGIS account with a user type of Creator or higher. Your account must also have these additional privileges:

  • General privileges > Content > Assign privileges to OAuth 2.0 applications

ArcGIS Location Platform accounts have this privilege by default. If you have an ArcGIS Online or ArcGIS Enterprise account, your administrator can grant you this privilege using a custom role. Learn more in the FAQ.

Tutorials

Create OAuth credentials for app authentication

Create and configure OAuth credentials to set up app authentication.


Service support

The following table provides an overview of the functionality available with each type of authentication:

API key authenticationUser authenticationApp authentication
ArcGIS Location Services111
Data services (Item access)
Spatial analysis services11
Portal service (General privileges)
Portal service (Admin privileges)
Full supportPartial supportNo support
  • 1. Supported with ArcGIS Online and ArcGIS Location Platform.

API support

App authentication
ArcGIS Maps SDK for JavaScript
ArcGIS Maps SDK for .NET
ArcGIS Maps SDK for Kotlin
ArcGIS Maps SDK for Swift
ArcGIS Maps SDK for Flutter
ArcGIS Maps SDK for Java
ArcGIS Maps SDK for Qt
ArcGIS API for Python
ArcGIS REST JS
Esri Leaflet
MapLibre GL JS
OpenLayers
CesiumJS
Full supportPartial supportNo support

    Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.