Tutorial: Create OAuth credentials for app authentication

Learn how to create to support .

The developer credentials creation interface in a portal.
The developer credentials creation interface in a portal

are an required to implement . They contain client_id and client_secret parameters that are used to implement an client credentials flow. The of OAuth credentials allows you to manage settings related to app authentication, including the authorized of an application.

This tutorial shows you how to create OAuth credentials for use in app authentication and do the following:

  • Configure to allow your application to access ArcGIS services, content, and functionality.
  • Set authorized referrer URLs.
  • Manage settings of the OAuth credentials and monitor usage using its .

Prerequisites

Steps

Sign in to your portal

You use your to create and manage , including .

  1. Access your portal by navigating to or the URL of your portal instance.

  2. Sign in with your .

Create a new item

The following steps differ depending on if you have an , , or an account:

  1. In your , click Content > My content > New item.

    New item button
  2. Click > and click Next.

    OAuth credentials

Set referrer URLs

You can set referrer URLs on that restrict the credentials to only be usable from authorized domains. This is highly recommended for security purposes.

  1. In the next window, scroll down to Referrer URLs.

  2. Set the Referrers field to the web domains you would like to restrict the access token to. To learn more about referrers, go to OAuth credentials (for app authentication).

    Referrer selector
  3. Under Application environment, select the type of environment your application will run in. This will affect when the OAuth credentials appear in search results.

    Application environment
  4. Click Next.

Select privileges

You use to configure the of access tokens. For an to work in your application, it needs to have the correct privileges to access the content and services your app is using. Select privileges in this menu to apply them to your developer credentials.

The following steps differ depending on if you have an , , or an account:

  1. In the Create developer credentials > Privileges window, browse the available .

    Privileges window
  2. Browse the table below to view the available privileges, privilege strings, and descriptions based on your account type:

    CategoryLabelPrivilege stringDescription
    BasemapsBasemap styles servicepremium:user:basemapsAllow application to access the basemap styles service. Learn more
    BasemapsStatic basemap tiles (beta)premium:user:staticbasemaptilesAllow application to access the static basemap tiles service. Learn more
    Data enrichmentGeoEnrichment servicepremium:user:geoenrichmentAllow application to access the GeoEnrichment service. Learn more
    ElevationElevation service (beta)premium:user:elevationAllow application to access the elevation service.
    GeocodingGeocode (stored)premium:user:geocode:storedAllow application to access the geocoding service and perform stored geocodes. Learn more
    GeocodingGeocode (not stored)premium:user:geocode:temporaryAllow application to access the geocoding service and perform geocodes that are not stored. Learn more
    PlacesPlace findingpremium:user:placesAllow application to access the places service. Learn more
    RoutingRoutingpremium:user:networkanalysis:routingAllow application to access the routing service and perform standard routing operations. Learn more
    RoutingClosest facilitypremium:user:networkanalysis:closestfacilityAllow application to access the routing service and perform closest facility routing operations. Learn more
    RoutingLocation allocationpremium:user:networkanalysis:locationallocationAllow application to access the routing service and perform location allocation operations. Learn more
    RoutingOptimized routingpremium:user:networkanalysis:optimizedroutingAllow application to access the routing service and perform optimized routing operations. Learn more
    RoutingOrigin/destination cost matrixpremium:user:networkanalysis:origindestinationcostmatrixAllow application to access the routing service and generate travel cost matrices. Learn more
    RoutingService areapremium:user:networkanalysis:serviceareaAllow application to access the routing service and generate service areas. Learn more
    RoutingMulti-vehicle routingpremium:user:networkanalysis:vehicleroutingAllow application to access the routing service and perform fleet routing operations. Learn more
    RoutingLast milepremium:user:networkanalysis:lastmiledeliveryAllow application to access the routing service and perform routing operations for last mile delivery. Learn more
  3. Select the required and click Next.

Select items (optional)

If your application will require access to specific private , you will need to configure your developer credentials to access them. The Item access menu allows you to browse your content and grant your developer credentials access to specific items.

  1. If your token does not require item access, click Skip. Otherwise, follow the steps below based on your account type:
  1. In the Grant item access window, click Browse items.

    Item access button
  2. Select the you want to grant access to. You can select up to 100 items in this menu.

    Edit item access
  3. Click Add items.

Save the item

After configuring the properties of your API key credentials, you can save the credentials as a new .

  1. In the Create developer credentials window, set the following properties:

    • Title: My OAuth credentials (for app authentication)
    • Folder: Developer credentials (Create a new folder)
    • Tags: Add tags related to the of the credentials.
    • Description: Describe the application that these developer credentials will be used in.
    OAuth credential details

    Click Next.

  2. In the Summary window, review the properties, , and item access you have set. If you selected any privileges with a , you must acknowledge the security implications before moving forward.

    Personal privilege agreement
  3. Click Create to create your .

Copy the client ID and client secret

Your contain client_id and client_secret parameters that are required to implement . Copy these values and paste them into your application or script.

  1. On the of your OAuth credentials, scroll down to Credentials.

  2. Copy the Client ID and Client Secret values and paste them into your application. Never expose the value of your client secret.

    Client credentials

Manage your credentials

After creating an item, its privileges and item access can be managed at any time by going to the .

To learn more and see management steps, go to OAuth credentials (for app authentication).

Additional resources

Learn more about in the following topics:

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.

You can no longer sign into this site. Go to your ArcGIS portal or the ArcGIS Location Platform dashboard to perform management tasks.

Your ArcGIS portal

Create, manage, and access API keys and OAuth 2.0 developer credentials, hosted layers, and data services.

Your ArcGIS Location Platform dashboard

Manage billing, monitor service usage, and access additional resources.

Learn more about these changes in the What's new in Esri Developers June 2024 blog post.

Close