ArcGIS uses token-based authentication. All service requests made to secure resources must include an access token for authorization.
The general steps to implement authentication in your application are:
1. Create developer credentials
The first step in authentication is to create a set of developer credentials. Developer credentials are a type of item that contain the properties and values required for authentication.
API key authentication requires a set of API key credentials. These credentials are used to generate API keys and determine their privileges. Please review the product and account requirements for API key authentication prior to creation.
The steps to create API key credentials for API key authentication are:
-
Sign in to your ArcGIS portal.
-
Click Content > My content > New item and select Developer credentials.
-
In the Credential types menu, select API key credentials.
-
Set the credential privileges to determine the operations your API key will be authorized to perform.
-
Set the credential item access privileges to determine the items your API key will be authorized to access.
-
Review your selections and, when you are ready, click Generate token. Save the API key as you will not be able to view it again.
2. Get an access token
The next step is to get an access token by implementing a type of authentication. The implementation details depend on the type of authentication you choose:
3. Make a request
Once you have an access token, you can use it in your application to make requests to secure resources.
Mapping APIs
Display a basemap
If you use API key authentication with an ArcGIS API, the API key value is typically set once when the application is initialized and is applied every time a service request is made.
The examples below show how to use an API key to access the basemap styles service.
esriConfig.apiKey= "YOUR_ACCESS_TOKEN";
const map = new Map({
basemap: "arcgis/topographic" // Basemap layer
});
const view = new MapView({
map: map,
center: [-118.805, 34.027],
zoom: 13, // scale: 72223.819286
container: "viewDiv",
constraints: {
snapToZoom: false
}
});
ArcGIS REST APIs
Access tokens returned from all three types of authentication can be used in REST API requests. To make a direct request to ArcGIS resources, you can use an HTTP request and include the access token as the token parameter. The format to access most REST API endpoints is as follows:
https://<RESOURCE_URL>?token=<YOUR_ACCESS_TOKEN>Geocode an address
This example shows how to authenticate a request to the geocoding service.
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"Get item details
This example shows how to authenticate to get the details of an item from your organization's portal service.
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'Tutorials
Create an API key
Create and configure API key credentials to get a long-lived API key access token.
Sign in with user authentication
Create an application that requires users to sign in with an ArcGIS account.