Access tokens | Documentation

What is an access token?

An access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more is an authorization string that provides access to secure ArcGIS resources such as ArcGIS applications, ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more, ArcGIS Location ServicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more, and ArcGIS portal servicesA portal service provides the functionality to securely create, access, and manage content, data services, users, and groups in a portal. The service can be hosted by Esri or in ArcGIS Enterprise.Learn more. You can get an access token by implementing a type of authentication. You use an access token to make HTTP requests to authenticated services. The services the token can access and the operations it can perform are determined by the privileges associated with the token.

Below is an example of an API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more access token:

Use dark colors for code blocksCopy
AAPT85fOqywZsicJupSmVSCGrjmBjlVZupd64H9kjIjy5FrwIJkpxFMIvd88p32f1vWWpuyzGx7-1nPCMc4XljyuVu-fQSxU4r1Nq17OQo5kjJBVcAw1bKKYM9GYeB98hlK9cwRNzi8H7z3SNb8hCLYvrNwKhXPJo971vH22psnikowztg6ckFD-1zi3TasXKe0e3sSNrmBRunl0SLM7hPgNzuPQkvVES1fDgDL-Thsc2XU.AT2_WilXzfTa

Types of access tokens

There are three types of access tokens that you can create: API keys, user access tokens, and app tokens. The type of access token created depends on the type of authentication you use to create it. The main difference between the tokens is how you create them, the duration they are valid for, the account they are associated with, and who is billed for service usage.

Note

Access tokensAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more are always tied to an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more. Services and resources accessed by a token are billed to the ArcGIS subscriptionAn ArcGIS subscription is a free or paid plan that defines the capabilities of an ArcGIS account and the method of billing for the consumption of location services.Learn more of the associated account.

Type of access token	Description	Created from	Duration	Account	Billing
API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more access token	A static, long-lived API key created with API key credentialsAPI key credentials are an item that contains the parameters used to create and manage long-lived access tokens for API key authentication. They are a type of developer credential.Learn more.	API key authenticationAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more	Valid for up to one year.	Developer's ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more	Developer's ArcGIS subscriptionAn ArcGIS subscription is a free or paid plan that defines the capabilities of an ArcGIS account and the method of billing for the consumption of location services.Learn more
User access token	A unique, short-lived token generated for each user that signs into a custom application with user authentication.	User authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more	Valid for 30 minutes by default, or up to 2 weeks.	User's ArcGIS account	ArcGIS subscription of the user's organizationAn organization a list of members from the same business, association, or entity who can sign in, access tools and applications, and collaborate with other members in a portal. All members have an ArcGIS account and are approved by an administrator to access the same portal.Learn more
App access token	An access token generated using OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a `client_id`, `client_secret`, and redirect URIs. They are a type of developer credential.Learn more with a `client_credentials` token request.	App authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more	Valid for 2 weeks.	Developer's ArcGIS account	Developer's ArcGIS subscription

How to use an access token

You can use an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more to make HTTP requests to ArcGIS services. To do so, you need to set the token parameter of the request to include the access token. If the token is authenticated successfully, the request is granted access to the service operation or resource.

Steps to use an access token:

Get an access token by implementing authentication.
Find the ArcGIS service URL you want to access.
Set the token parameter.
Access the ArcGIS service endpoint or operation.

Use dark colors for code blocksCopy
https://<ARCGIS_SERVICE_URL>?token=<YOUR_ACCESS_TOKEN>

Access token privileges

The privileges of an access token are based on the privileges of the accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more used to create it. With API keyAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more and app authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more, specific privileges from your account can be assigned to access tokens. With user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more, access tokens inherit all of the privileges of the signed-in user's account.

Type of access token	Creation method	How privileges are assigned
API key access token	Created by the developer	Developer assigns specific privileges to API keys using API key credentialsAPI key credentials are an item that contains the parameters used to create and manage long-lived access tokens for API key authentication. They are a type of developer credential.Learn more in your portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more.
User access token	Created when a user signs in	User access tokens inherit all privileges of the signed-in user's ArcGIS account.
App access token	Created programmatically	Developer assigns specific privileges to app tokens using OAuth credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a `client_id`, `client_secret`, and redirect URIs. They are a type of developer credential.Learn more in your portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more.

View access token properties

You can view the properties and capabilities of an access token by making a /self request to the portal serviceA portal service provides the functionality to securely create, access, and manage content, data services, users, and groups in a portal. The service can be hosted by Esri or in ArcGIS Enterprise.Learn more. This allows you to get information such as the:

PrivilegesPrivileges are a set of permissions assigned to ArcGIS accounts, developer credentials, and applications that grant access to secure resources and functionality in ArcGIS.Learn more of the access token.
Access token expiration date.
Organization ID of the organizationAn organization a list of members from the same business, association, or entity who can sign in, access tools and applications, and collaborate with other members in a portal. All members have an ArcGIS account and are approved by an administrator to access the same portal.Learn more the access token belongs to.
Client IDA Client ID is an identifier associated with an application that assists with client / server OAuth 2.0 authentication for ArcGIS client APIs.Learn more of the associated developer credentialsDeveloper credentials are a type of item in a portal that contains parameters for authentication. There are two types of developer credentials: API key credentials and OAuth credentials.Learn more.
Item IDAn item ID is a unique identifier representing a single item stored, managed, and accessed in a portal, such as a web map, hosted layer, or file.Learn more of the associated developer credentials.
Owner of the associated developer credentials.

The steps to get an access token's properties are:

Find the URL to your portal serviceA portal service provides the functionality to securely create, access, and manage content, data services, users, and groups in a portal. The service can be hosted by Esri or in ArcGIS Enterprise.Learn more.
Define the /self request.
Set the token and appInfoToken parameters to your access token.

URL request

Use dark colors for code blocksCopy
https://<PORTAL_URL>/self?token=<YOUR_ACCESS_TOKEN>&appInfoToken=<YOUR_ACCESS_TOKEN>&f=pjson

Required parameters

Name	Description	Examples
`f`	The format of the data returned. Must be set to view output.	`f=json` `f=pjson`
`token`	A valid access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more (API key or OAuth 2.0).	`token=<ACCESS_TOKEN>`
`appInfoToken`	The access token you want to view information about. Can be valid or expired.	`appInfoToken=<ACCESS_TOKEN>`

API key access token properties

This example shows a sample response from a /self request for an API key access token that has specific privilegesPrivileges are a set of permissions assigned to ArcGIS accounts, developer credentials, and applications that grant access to secure resources and functionality in ArcGIS.Learn more assigned to it. This type of access token is obtained from API key authentication.

Use dark colors for code blocksCopy
{
    "appInfo": {
        "appId": "<CREDENTIAL_CLIENT_ID>",
        "itemId": "<CREDENTIAL_ITEM_ID>",
        "appOwner": "<USERNAME_OF_OWNER>",
        "orgId": "<ORGANIZATION_ID>",
        "appTitle": "<CREDENTIAL_TITLE>",
        "privileges": [
            "premium:user:basemaps",
            "premium:user:elevation",
Expand

User access token properties

This example shows a sample response from a /self request for a user access token that impersonates an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more. This type of access token is known as a user access token and is primarily obtained from user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more. It can also be obtained from certain workflows in API key and app authentication.

The /self response for this type of token returns additional properties pertaining to the impersonated account, including:

The full name associated with the ArcGIS account
The email associated with the ArcGIS account
Timestamp of the last account sign-in
All privileges the account has
All groups that the account belongs to

Use dark colors for code blocksCopy
{
    "username": "<USERNAME>",
    "udn": null,
    "id": "<USER_ID>",
    "fullName": "<USER_FULL_NAME>",
    "categories": [],
    "emailStatus": "notverified",
    "firstName": "<USER_LASTNAME>",
    "lastName": "<USER_FIRSTNAME>",
    "preferredView": null,
Expand

App access token properties

This example shows a sample response from a /self request for an app access token that has specific privilegesPrivileges are a set of permissions assigned to ArcGIS accounts, developer credentials, and applications that grant access to secure resources and functionality in ArcGIS.Learn more assigned to it. This type of access token is obtained from app authentication.

Use dark colors for code blocksCopy
{
    "appInfo": {
        "appId": "<CREDENTIAL_CLIENT_ID>",
        "itemId": "<CREDENTIAL_ITEM_ID>",
        "appOwner": "<USERNAME_OF_OWNER>",
        "orgId": "<ORGANIZATION_ID>",
        "appTitle": "<CREDENTIAL_TITLE>",
        "privileges": [
            "premium:user:basemaps",
            "premium:user:elevation",
Expand

Code examples

The following code examples show how to use access tokens to make requests to ArcGIS services.

Access the basemap styles service

This example accesses the ArcGIS Outdoor basemap style from the basemap styles serviceThe ArcGIS Basemap Styles service, also referred to as the Basemap Styles service, is a location service that provides basemap styles and data for the world. It returns styles as Mapbox styles and web maps, and data as vector tiles and/or map tiles. It supports all of the styles in the ArcGIS Basemap style and Open Basemap style family. An ArcGIS Location Platform or ArcGIS Online account is required to use the service.Learn more.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
curl https://basemapstyles-api.arcgis.com/arcgis/rest/services/styles/v2/styles/arcgis/outdoor? \
-d "token=<YOUR_ACCESS_TOKEN>"

Go to topic

Use dark colors for code blocksCopy
{
    "glyphs":"https://basemaps-api.arcgis.com/arcgis/rest/services/World_Basemap_v2/VectorTileServer/resources/fonts/{fontstack}/{range}.pbf?token=YOUR_API_KEY",
    "layers":[
        {
            "filter":["in","_symbol",0],
            "id":"Land",
            "layout":{},
            "minzoom":0,
            "paint": {
                "fill-color": {
Expand

Access the geocoding service

This example performs a forward geocode by making a request to the geocoding serviceA geocoding service is a service that can search for addresses, place addresses, businesses, reverse geocode coordinates to addresses, provide suggestions for places, and perform bulk geocoding. It is hosted by Esri as the ArcGIS Geocoding service and can also be hosted in ArcGIS Enterprise.Learn more.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
4
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"

Go to topic

Use dark colors for code blocksCopy
{
    "spatialReference": {
      "wkid": 4326,
      "latestWkid": 4326
    },
    "candidates": [
      {
        "address": "1600 Pennsylvania Ave NW, Washington, District of Columbia, 20500",
        "location": {
          "x": -77.036548499999995,
Expand

Access a feature service

This example retrieves featuresA feature is a single record, also known as a row, that represents a real-world entity. It typically contains a geometry (point, multipoint, polyline, or polygon) and attributes but it can also contain just attributes.Learn more from a feature serviceA feature service is a data service that provides access to spatial and non-spatial data in feature layers, feature layer views, and tables.Learn more.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
4
5
curl https://services3.arcgis.com/GVgbJbqm8hXASVYi/arcgis/rest/services/LA_County_Parcels/FeatureServer/0/query? \
-d "where=1=1" \
-d "outFields=*" \
-d "f=json" \
-d "token=<YOUR_ACCESS_TOKEN>"

Go to topic

Use dark colors for code blocksCopy
{
    "objectIdFieldName":"OBJECTID",
    "uniqueIdField":{"name":"OBJECTID","isSystemMaintained":true},
    "globalIdFieldName":"",
    "geometryProperties":{"shapeAreaFieldName":"Shape__Area","shapeLengthFieldName":"Shape__Length","units":"esriMeters"},
    "geometryType":"esriGeometryPolygon",
    "spatialReference":{"wkid":102100,"latestWkid":3857},
    "fields":[
        {
            "name":"OBJECTID",
Expand

Access a portal item

This example accesses a private itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more hosted in ArcGIS.com and retrieves its properties.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'

Go to topic

Use dark colors for code blocksCopy
{
    "id": "ITEM_ID",
    "owner": "OWNER",
    "orgId": "ORG_ID",
    "created": "DATE_CREATED",
    "modified": "DATE_MODIFIED",
    "guid": null,
    "name": null,
    "title": "ITEM_TITLE",
    "type": "ITEM_TYPE"
Expand

Tutorials

Create an API key

Create and configure API key credentials to get a long-lived API key access token.

ArcGIS portal REST JS

Create OAuth credentials for user authentication

Create and configure OAuth credentials to set up user authentication.

ArcGIS portal

Create OAuth credentials for app authentication

Create and configure OAuth credentials to set up app authentication.

ArcGIS portal