Access tokens

What is an access token?

An access token is an authorization string that provides access to secure ArcGIS resources such as ArcGIS applications, ArcGIS services, ArcGIS Location Services, and ArcGIS portal services. You can get an access token by implementing a type of authentication. You use an access token to make HTTP requests to authenticated services. The services the token can access and the operations it can perform are determined by the privileges associated with the token.

Below is an example of an API key access token:

1
AAPT85fOqywZsicJupSmVSCGrjmBjlVZupd64H9kjIjy5FrwIJkpxFMIvd88p32f1vWWpuyzGx7-1nPCMc4XljyuVu-fQSxU4r1Nq17OQo5kjJBVcAw1bKKYM9GYeB98hlK9cwRNzi8H7z3SNb8hCLYvrNwKhXPJo971vH22psnikowztg6ckFD-1zi3TasXKe0e3sSNrmBRunl0SLM7hPgNzuPQkvVES1fDgDL-Thsc2XU.AT2_WilXzfTa

Types of access tokens

There are three types of access tokens that you can create: API keys, user tokens, and app tokens. The type of access token created depends on the type of authentication you use to create it. The main difference between the tokens is how you create them, the duration they are valid for, the account they are associated with, and who is billed for service usage.

How to use an access token

You can use an access token to make HTTP requests to ArcGIS services. To do so, you need to set the token parameter of the request to include the access token. If the token is authenticated successfully, the request is granted access to the service operation or resource.

Steps to use an access token:

1. Get an access token by implementing authentication.

2. Find the ArcGIS service URL you want to access.

3. Set the token parameter.

4. Access the ArcGIS service endpoint or operation.

1
https://<ARCGIS_SERVICE_URL>?token=<YOUR_ACCESS_TOKEN>

Access token privileges

Access tokens have privileges associated with them that determine the ArcGIS services, service operations, and content items they can access. Privileges are assigned to access tokens as part of the authentication process.

The privileges of an access token are based on the privileges of the account used to create it. With API key and app authentication, specific privileges from your account can be assigned to access tokens. With user authentication, access tokens inherit all of the privileges of the signed-in user's account.

View access token properties

You can view the properties and capabilities of an access token by making a /self request to the portal service. This allows you to get information such as the:

• Privileges of the access token.
• Access token expiration date.
• Organization ID of the organization the access token belongs to.
• Client ID of the associated developer credentials.
• Item ID of the associated developer credentials.
• Owner of the associated developer credentials.

The steps to get an access token's properties are:

1. Find the URL to your portal service.
2. Define the /self request.
3. Set the token and appInfoToken parameters to your access token.

URL request

1
https://<PORTAL_URL>/self?token=<YOUR_ACCESS_TOKEN>&appInfoToken=<YOUR_ACCESS_TOKEN>&f=pjson

Required parameters

Properties of token with standard privileges

This example shows a sample response from a /self request when your access token has standard privileges.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
    "appInfo": {
        "appId": "<CREDENTIAL_CLIENT_ID>",
        "itemId": "<CREDENTIAL_ITEM_ID>",
        "appOwner": "<USERNAME_OF_OWNER>",
        "orgId": "<ORGANIZATION_ID>",
        "appTitle": "<CREDENTIAL_TITLE>",
        "privileges": [
            "premium:user:basemaps",
            "premium:user:elevation",

Properties of token with personal privileges

This example shows a sample response from a /self request when your access token has personal privileges. Some of the additional properties returned include:

• The full name associated with your ArcGIS account
• The email associated with your ArcGIS account
• Timestamp of your last account login
• All privileges your account has
• All groups that your account belongs to

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
{
    "username": "<USERNAME>",
    "udn": null,
    "id": "<USER_ID>",
    "fullName": "<USER_FULL_NAME>",
    "categories": [],
    "emailStatus": "notverified",
    "firstName": "<USER_LASTNAME>",
    "lastName": "<USER_FIRSTNAME>",
    "preferredView": null,

Code examples

The following code examples show how to use access tokens to make requests to ArcGIS services.

1
2
curl https://basemapstyles-api.arcgis.com/arcgis/rest/services/styles/v2/styles/arcgis/outdoor? \
-d "token=<YOUR_ACCESS_TOKEN>"

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
    "glyphs":"https://basemaps-api.arcgis.com/arcgis/rest/services/World_Basemap_v2/VectorTileServer/resources/fonts/{fontstack}/{range}.pbf?token=AAPKcc58d292d8d24415af677a38d7adbcc1vMHlBBqqnttVrFKhCQWB8nT8YPjlQs3HPY3fKeV7-__w6LuMKgmag1MubRUgaAaA",
    "layers":[
        {
            "filter":["in","_symbol",0],
            "id":"Land",
            "layout":{},
            "minzoom":0,
            "paint": {
                "fill-color": {

1
2
3
4
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
{
    "spatialReference": {
      "wkid": 4326,
      "latestWkid": 4326
    },
    "candidates": [
      {
        "address": "1600 Pennsylvania Ave NW, Washington, District of Columbia, 20500",
        "location": {
          "x": -77.036548499999995,

1
2
3
4
5
curl https://services3.arcgis.com/GVgbJbqm8hXASVYi/arcgis/rest/services/LA_County_Parcels/FeatureServer/0/query? \
-d "where=1=1" \
-d "outFields=*" \
-d "f=json" \
-d "token=<YOUR_ACCESS_TOKEN>"

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
{
    "objectIdFieldName":"OBJECTID",
    "uniqueIdField":{"name":"OBJECTID","isSystemMaintained":true},
    "globalIdFieldName":"",
    "geometryProperties":{"shapeAreaFieldName":"Shape__Area","shapeLengthFieldName":"Shape__Length","units":"esriMeters"},
    "geometryType":"esriGeometryPolygon",
    "spatialReference":{"wkid":102100,"latestWkid":3857},
    "fields":[
        {
            "name":"OBJECTID",

1
2
3
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'

1
2
3
4
5
6
7
8
9
10
11
{
    "id": "ITEM_ID",
    "owner": "OWNER",
    "orgId": "ORG_ID",
    "created": "DATE_CREATED",
    "modified": "DATE_MODIFIED",
    "guid": null,
    "name": null,
    "title": "ITEM_TITLE",
    "type": "ITEM_TYPE"

Tutorials