Access tokens

What is an access token?

An is an authorization string that provides access to secure ArcGIS resources such as ArcGIS applications, , , and . You can get an access token by implementing a type of authentication. You use an access token to make HTTP requests to authenticated services. The services the token can access and the operations it can perform are determined by the privileges associated with the token.

Below is an example of an access token:

1
AAPT85fOqywZsicJupSmVSCGrjmBjlVZupd64H9kjIjy5FrwIJkpxFMIvd88p32f1vWWpuyzGx7-1nPCMc4XljyuVu-fQSxU4r1Nq17OQo5kjJBVcAw1bKKYM9GYeB98hlK9cwRNzi8H7z3SNb8hCLYvrNwKhXPJo971vH22psnikowztg6ckFD-1zi3TasXKe0e3sSNrmBRunl0SLM7hPgNzuPQkvVES1fDgDL-Thsc2XU.AT2_WilXzfTa

Types of access tokens

There are three types of access tokens that you can create: API keys, user tokens, and app tokens. The type of access token created depends on the type of authentication you use to create it. The main difference between the tokens is how you create them, the duration they are valid for, the account they are associated with, and who is billed for service usage.

Type of tokenDescriptionCreated fromDurationAccountBilling
(API token)A static, long-lived API key created with .Valid for up to one year.Developer's Developer's
User tokenA unique, short-lived token generated for each user that signs into a custom application with user authentication.Valid for 30 minutes by default, or up to 2 weeks.User's ArcGIS accountArcGIS subscription of the user's
App tokenAn access token generated using with a client_credentials token request.Valid for 2 weeks.Developer's ArcGIS accountDeveloper's ArcGIS subscription

How to use an access token

You can use an to make HTTP requests to ArcGIS services. To do so, you need to set the token parameter of the request to include the access token. If the token is authenticated successfully, the request is granted access to the service operation or resource.

Steps to use an access token:

  1. Get an access token by implementing authentication.

  2. Find the ArcGIS service URL you want to access.

  3. Set the token parameter.

  4. Access the ArcGIS service endpoint or operation.

1
https://<ARCGIS_SERVICE_URL>?token=<YOUR_ACCESS_TOKEN>

Access token privileges

have privileges associated with them that determine the ArcGIS services, service operations, and content they can access. Privileges are assigned to access tokens as part of the authentication process.

The privileges of an access token are based on the privileges of the used to create it. With and , specific privileges from your account can be assigned to access tokens. With , access tokens inherit all of the privileges of the signed-in user's account.

Type of tokenCreation methodHow privileges are assigned
API keyCreated by the developerDeveloper assigns specific privileges to API keys using in your .
User tokenCreated when a user signs inUser tokens inherit all privileges of the signed-in user's ArcGIS account.
App tokenCreated programmaticallyDeveloper assigns specific privileges to app tokens using in your .

View access token properties

You can view the properties and capabilities of an access token by making a /self request to the . This allows you to get information such as the:

  • of the access token.
  • Access token expiration date.
  • Organization ID of the the access token belongs to.
  • of the associated .
  • of the associated developer credentials.
  • Owner of the associated developer credentials.

The steps to get an access token's properties are:

  1. Find the URL to your .
  2. Define the /self request.
  3. Set the token and appInfoToken parameters to your access token.

URL request

1
https://<PORTAL_URL>/self?token=<YOUR_ACCESS_TOKEN>&appInfoToken=<YOUR_ACCESS_TOKEN>&f=pjson

Required parameters

NameDescriptionExamples
fThe format of the data returned. Must be set to view output.f=json f=pjson
tokenA valid (API key or OAuth 2.0).token=<ACCESS_TOKEN>
appInfoTokenThe access token you want to view information about. Can be valid or expired.appInfoToken=<ACCESS_TOKEN>

Properties of token with standard privileges

This example shows a sample response from a /self request when your access token has .

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
    "appInfo": {
        "appId": "<CREDENTIAL_CLIENT_ID>",
        "itemId": "<CREDENTIAL_ITEM_ID>",
        "appOwner": "<USERNAME_OF_OWNER>",
        "orgId": "<ORGANIZATION_ID>",
        "appTitle": "<CREDENTIAL_TITLE>",
        "privileges": [
            "premium:user:basemaps",
            "premium:user:elevation",
Expand

Properties of token with personal privileges

This example shows a sample response from a /self request when your access token has . Some of the additional properties returned include:

  • The full name associated with your ArcGIS account
  • The email associated with your ArcGIS account
  • Timestamp of your last account login
  • All privileges your account has
  • All groups that your account belongs to
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
{
    "username": "<USERNAME>",
    "udn": null,
    "id": "<USER_ID>",
    "fullName": "<USER_FULL_NAME>",
    "categories": [],
    "emailStatus": "notverified",
    "firstName": "<USER_LASTNAME>",
    "lastName": "<USER_FIRSTNAME>",
    "preferredView": null,
Expand

Code examples

The following code examples show how to use access tokens to make requests to ArcGIS services.

Access the basemap styles service

This example accesses the ArcGIS Outdoor basemap style from the .

cURLcURLHTTP
1
2
curl https://basemapstyles-api.arcgis.com/arcgis/rest/services/styles/v2/styles/arcgis/outdoor? \
-d "token=<YOUR_ACCESS_TOKEN>"

Access the geocoding service

This example performs a forward geocode by making a request to the .

cURLcURLHTTP
1
2
3
4
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"

Access a feature service

This example retrieves from a .

cURLcURLHTTP
1
2
3
4
5
curl https://services3.arcgis.com/GVgbJbqm8hXASVYi/arcgis/rest/services/LA_County_Parcels/FeatureServer/0/query? \
-d "where=1=1" \
-d "outFields=*" \
-d "f=json" \
-d "token=<YOUR_ACCESS_TOKEN>"

Access a portal item

This example accesses a private hosted in ArcGIS.com and retrieves its properties.

cURLcURLHTTP
1
2
3
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'

Tutorials

Create an API key

Create and configure API key credentials to get a long-lived API key access token.


Create OAuth credentials for user authentication

Create and configure OAuth credentials to set up user authentication.


Create OAuth credentials for app authentication

Create and configure OAuth credentials to set up app authentication.


Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.

You can no longer sign into this site. Go to your ArcGIS portal or the ArcGIS Location Platform dashboard to perform management tasks.

Your ArcGIS portal

Create, manage, and access API keys and OAuth 2.0 developer credentials, hosted layers, and data services.

Your ArcGIS Location Platform dashboard

Manage billing, monitor service usage, and access additional resources.

Learn more about these changes in the What's new in Esri Developers June 2024 blog post.

Close