How to use authentication | Documentation

ArcGIS uses token-based authentication. All service requests made to secure resourcesA secure resource is any item or service in an ArcGIS that requires an ArcGIS account and authentication to access. Examples include ArcGIS Location Services, and items and data services in an ArcGIS portal.Learn more must include an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more for authorization.

The general steps to implement authentication in your application are:

1. Create developer credentials

The first step in authentication is to create a set of developer credentialsDeveloper credentials are a type of item in a portal that contains parameters for authentication. There are two types of developer credentials: API key credentials and OAuth credentials.Learn more. Developer credentials are a type of itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more that contain the properties and values required for authentication.

API key authenticationAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more requires a set of API key credentialsAPI key credentials are an item that contains the parameters used to create and manage long-lived access tokens for API key authentication. They are a type of developer credential.Learn more. These credentials are used to generate API keys and determine their privileges. Please review the product and account requirements for API key authentication prior to creation.

User authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more requires a set of OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more. These credentials are used to generate a client IDA Client ID is an identifier associated with an application that assists with client / server OAuth 2.0 authentication for ArcGIS client APIs.Learn more for your application and authorize redirect URLs. Please review the product and account requirements for user authentication prior to creation.

App authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more requires a set of OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more. These credentials determine the privileges available to your application, and are used to generate a client ID and client secret. Please review the product and account requirements for app authentication prior to creation.

2. Get an access token

The next step is to get an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more by implementing a type of authentication. The implementation details depend on the type of authentication you choose:

Diagram showing the ArcGIS API key workflow, where an app includes an API key in requests to authenticate and access ArcGIS services without user sign-in.

The API key authentication workflow

3. Make a request

Once you have an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more, you can use it in your application to make requests to secure resourcesA secure resource is any item or service in an ArcGIS that requires an ArcGIS account and authentication to access. Examples include ArcGIS Location Services, and items and data services in an ArcGIS portal.Learn more.

Mapping APIs

Display a basemap

If you use API key authenticationAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more with an ArcGIS APIAn ArcGIS API is a web, native, game engine, or scripting API that has advanced mapping and spatial analysis capabilities and can be used to access ArcGIS services. ArcGIS APIs are designed to work optimally with the ArcGIS system and provide the most advanced GIS features and the highest performance possible.Learn more, the API key value is typically set once when the application is initialized and is applied every time a service request is made.

The examples below show how to use an API key to access the basemap styles serviceThe ArcGIS Basemap Styles service, also referred to as the Basemap Styles service, is a location service that provides basemap styles and data for the world. It returns styles as Mapbox styles and web maps, and data as vector tiles and/or map tiles. It supports all of the styles in the ArcGIS Basemap style and Open Basemap style family. An ArcGIS Location Platform or ArcGIS Online account is required to use the service.Learn more.

ArcGIS Maps SDK for JavaScript

ArcGIS Maps SDK for .NET

ArcGIS Maps SDK for Kotlin

ArcGIS Maps SDK for Swift

ArcGIS Maps SDK for Java

ArcGIS Maps SDK for Qt

ArcGIS API for Python

Leaflet

MapLibre GL JS

OpenLayers

Expand

Use dark colors for code blocks

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
      esriConfig.apiKey = "YOUR_ACCESS_TOKEN";
      const map = new Map({
        basemap: "arcgis/topographic", // Basemap layer
      });

      const view = new MapView({
        map: map,
        center: [-118.805, 34.027],
        zoom: 13, // scale: 72223.819286
        container: "viewDiv",
        constraints: {
          snapToZoom: false,
        },
      });

Expand

Go to tutorial

If you use user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more with an ArcGIS Maps SDKArcGIS Maps SDKs are developer products for building mapping and spatial analysis applications for web browsers, native devices, and game engines.Learn more, the AuthenticationManager or IdentityManager classes automatically handle authentication with the access token, requiring no additional action from you.

The examples below show how to display a map in apps that implement user authentication.

ArcGIS Maps SDK for JavaScript

ArcGIS Maps SDK for .NET

ArcGIS Maps SDK for Kotlin

ArcGIS Maps SDK for Swift

ArcGIS Maps SDK for Qt

Expand
Use dark colors for code blocksCopy
        function handleSignedIn() {

          map = new Map({
            basemap: "arcgis/topographic", // basemap styles service
          });
          const view = new MapView({
            map: map,
            center: [-118.805, 34.027], // Longitude, latitude
            zoom: 13, // Zoom level
            container: "viewDiv", // Div element
          });

        }
Expand
Go to tutorial

If you use app authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more, the access token returned from the /oauth2/token endpoint can be used directly in requests.

The examples below show how to display a map using an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more.

ArcGIS Maps SDK for JavaScript

ArcGIS API for Python

Leaflet

MapLibre GL JS

OpenLayers

Use dark colors for code blocksCopy
      esriConfig.apiKey = "YOUR_ACCESS_TOKEN";
      const map = new Map({
        basemap: "arcgis/topographic", // Basemap layer
      });

      const view = new MapView({
        map: map,
        center: [-118.805, 34.027],
        zoom: 13, // scale: 72223.819286
        container: "viewDiv",
        constraints: {
          snapToZoom: false,
        },
      });

ArcGIS REST APIs

Access tokens returned from all three types of authentication can be used in REST API requests. To make a direct request to ArcGIS resources, you can use an HTTP request and include the access token as the token parameter. The format to access most REST API endpoints is as follows:

Use dark colors for code blocksCopy
https://<RESOURCE_URL>?token=<YOUR_ACCESS_TOKEN>

Geocode an address

This example shows how to authenticate a request to the geocoding serviceA geocoding service is a service that can search for addresses, place addresses, businesses, reverse geocode coordinates to addresses, provide suggestions for places, and perform bulk geocoding. It is hosted by Esri as the ArcGIS Geocoding service and can also be hosted in ArcGIS Enterprise.Learn more.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
4
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"

Go to topic

Use dark colors for code blocksCopy
{
    "spatialReference": {
      "wkid": 4326,
      "latestWkid": 4326
    },
    "candidates": [
      {
        "address": "1600 Pennsylvania Ave NW, Washington, District of Columbia, 20500",
        "location": {
          "x": -77.036548499999995,
Expand

Get item details

This example shows how to authenticate to get the details of an itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more from your organization's portal serviceA portal service provides the functionality to securely create, access, and manage content, data services, users, and groups in a portal. The service can be hosted by Esri or in ArcGIS Enterprise.Learn more.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'

Go to topic

Use dark colors for code blocksCopy
{
    "id": "ITEM_ID",
    "owner": "OWNER",
    "orgId": "ORG_ID",
    "created": "DATE_CREATED",
    "modified": "DATE_MODIFIED",
    "guid": null,
    "name": null,
    "title": "ITEM_TITLE",
    "type": "ITEM_TYPE"
Expand

Tutorials

Create an API key

Create and configure API key credentials to get a long-lived API key access token.

ArcGIS portal REST JS

Sign in with user authentication

Create an application that requires users to sign in with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.

JavaScript Maps SDK .NET Maps SDK Kotlin Maps SDK Swift Maps SDK Java Maps SDK Qt Maps SDK REST JS (Server)REST JS (Browser)

Create OAuth credentials for app authentication

Create and configure OAuth credentials to set up app authentication.

ArcGIS portal