Access tokens

What is an access token?

An access token is an authorization string that provides secure access to ArcGIS resources. Your app must present an access token whenever it makes an authenticated request to location services or private content. They define the scope of privileges available to your application, and their properties vary based on the type of authentication used to obtain them. Access tokens are always associated with an ArcGIS account, and service usage with the token will be billed to that account's ArcGIS subscription.

Use dark colors for code blocksCopy
1
AAPTKUgfudpnh_cXrZ7wRiqGE4q0VCQENKpafTPqVh27cldNPiqORWEyVueCmI67s3ebSNEYl0Sn3IitIyf18X8PxF3N8m9ZE30i5iwGHtGfnv6-DoKA-C8-lJ9GM30s-Wxn75jLBdnQnMjIgwVXEjIoualIMSfk4IWraDv3GMV8XP3fAUA73P23Vfs-THx2QjfDNVD3iuGCqLG0udK_TVLchskcBFVbsj1PRWXGcFaKKzdPkwWMXps_4P_cZEBAZdImAT1_L1aY2CIy
A sample access token (API key)

You can get an access token by implementing a type of authentication in your app. Different types of authentication result in access tokens with different privileges.

Types of access tokens

There are different types of access tokens that have different durations.

Type of tokenType of authenticationDescription
API tokenAPI key authenticationA static, long-lived API key valid for up to one year. They are created, managed, and deleted using API key credentials.
User tokenUser authenticationExpires after a set amount of time, 30 minutes by default (max 2 weeks). A new token is generated for each user that signs in to a custom application with user authentication.
App tokenApp authenticationExpires after 2 weeks. They are generated using a client_id and client_secret from OAuth credentials.

Access token privileges

Access tokens have different privileges depending on the method used to obtain them:

  • Tokens from API key authentication and App authentication have their privileges managed by the developer credentials used to obtain them.

  • Tokens from user authentication have their privileges determined by the ArcGIS account of the signed-in user.

How to use an access token

You can make use an access token to make an authenticated request to ArcGIS resources. To make authenticated requests to location services, you need to set the token parameter of the REST API request.

Use dark colors for code blocksCopy
1
https://<LOCATION_SERVICE_URL>?token=<YOUR_ACCESS_TOKEN>
Sample REST API request to a location service that is authenticated using an access token

You can also make requests to ArcGIS REST APIs by using an ArcGIS Maps SDK.

Code examples

The following code examples show how to use access tokens to authenticate REST API requests to ArcGIS resources.

Access a basemap style

This example accesses the ArcGIS Outdoor basemap style from the basemap styles service.

cURLcURLHTTP
Use dark colors for code blocksCopy
1
2
curl https://basemapstyles-api.arcgis.com/arcgis/rest/services/styles/v2/styles/arcgis/outdoor? \
-d "token=<YOUR_ACCESS_TOKEN>"

Perform geocoding

This example performs a forward geocode by making a request to the geocoding service.

cURLcURLHTTP
Use dark colors for code blocksCopy
1
2
3
4
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"

Access a feature service

This example retrieves features from a feature service.

cURLcURLHTTP
Use dark colors for code blocksCopy
1
2
3
4
5
curl https://services3.arcgis.com/GVgbJbqm8hXASVYi/arcgis/rest/services/LA_County_Parcels/FeatureServer/0/query? \
-d "where=1=1" \
-d "outFields=*" \
-d "f=json" \
-d "token=<YOUR_ACCESS_TOKEN>"

Get item details

This example accesses a private item hosted in ArcGIS.com and retrieves its properties.

cURLcURLHTTP
Use dark colors for code blocksCopy
1
2
3
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'

Tutorials

Create an API key

Create and configure API key credentials to get a long-lived API key access token.


Create OAuth credentials for user authentication

Create and configure OAuth credentials to set up user authentication.


Create OAuth credentials for app authentication

Create and configure OAuth credentials to set up app authentication.


Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.