The Authorization header of HTTP requests can be used to provide credentials that authenticate a client with a server. You can use authorization headers to authenticate requests to ArcGIS services with an access token. Using an authorization header prevents intermediaries on the network, such as proxies, gateways or load-balancers from being able to access the token. This offers additional security benefits compared to sending the access token as a query parameter.
To use an authorization request header with ArcGIS services, you can use either the Authorization or X- HTTP request header.
-
Authorization header: This is the standard HTTP header for passing authentication credentials, such as Bearer tokens for OAuth 2.0. ArcGIS services that use non-web-tier authentication (not using Windows Integrated, PKI, etc.) typically accept tokens in this header. It is widely supported and recommended for most API authentication scenarios.
-
X-Esri-Authorization header: This is a custom header defined by Esri, primarily used for ArcGIS services that require web-tier authentication. Using this header can help avoid conflicts with other authentication systems that may already use the standard Authorization header, and is often required for compatibility with certain ArcGIS server configurations or versions (notably, web-tier security setups).
How to use an authorization header
The general steps to use an authorization header are:
- Implement an authentication type to obtain an access token.
- Set the server host domain.
- Set the authorization header and bearer using the access token.
- Send the request.
Example request
GET /arcgis/rest/services/styles/v2/styles/arcgis/navigation/ HTTP/1.1
Host: basemapstyles-api.arcgis.com
Authorization: Bearer {YOUR_ACCESS_TOKEN}
Code examples
Location services
This example demonstrates how to use authorization headers to access the ArcGIS Geocoding service.
To learn more about location services go to the Mapping and location services guide.
Request
GET https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates
?f=pjson
&singleLine=1600 Pennsylvania Ave NW, DC HTTP/1.1
Authorization: Bearer {YOUR_ACCESS_TOKEN}
Response
{
"spatialReference": {
"wkid": 4326,
"latestWkid": 4326
},
"candidates": [
{
"address": "1600 Pennsylvania Ave NW, Washington, District of Columbia, 20500",
"location": {
"x": -77.036546998209,
Portal and data services
Portal service
This example demonstrates how to use authorization headers to access an item from a portal service
To learn more about portal services go to the Portal and data services guide > Portal service.
Request
GET /sharing/rest/content/items/5a5147abe878444cbac68dea9f2f64e7/
?f=json HTTP/1.1
Host: www.arcgis.com
Authorization: Bearer {YOUR_ACCESS_TOKEN}
Response
{
"id": "5a5147abe878444cbac68dea9f2f64e7",
"owner": "esri_devlabs",
"orgId": "GVgbJbqm8hXASVYi",
"created": 1569537110000,
"modified": 1569537111000,
"guid": null,
"name": null,
"title": "Seven Natural Wonders of the World Map",
"type": "Web Map",
Feature service
This example demonstrates how to use authorization headers to query for features from a hosted feature layer.
To learn more about feature services go to the Portal and data services guide> Feature services.
Request
GET /GVgbJbqm8hXASVYi/arcgis/rest/services/LA_County_Parcels/FeatureServer/0/query
?where=UseType='Residential'
&resultRecordCount=1
&f=json
&outFields=APN,UseType,TaxRateCity,Roll_LandValue HTTP/1.1
Host: services3.arcgis.com
Authorization: Bearer {YOUR_ACCESS_TOKEN}
Response
{
"objectIdFieldName": "OBJECTID",
"uniqueIdField": { "name": "OBJECTID", "isSystemMaintained": true },
"globalIdFieldName": "",
"geometryProperties": {
"shapeAreaFieldName": "Shape__Area",
"shapeLengthFieldName": "Shape__Length",
"units": "esriMeters"
},
"geometryType": "esriGeometryPolygon",
Analysis services
This example demonstrate how to use authorization headers to access the spatial analysis service.
To learn more about analysis services go to the Spatial analysis developer guide.
Use a job request to generate buffer geometries from a layer of points.
Request
GET /arcgis/rest/services/tasks/GPServer/CreateBuffers/submitJob
?f=json
&inputLayer={"url":"https://services3.arcgis.com/GVgbJbqm8hXASVYi/arcgis/rest/services/DeriveHighSchools/FeatureServer/0"}
&distances=[1000]
&outputName={"serviceProperties": {"name":"Results of create buffers"}} HTTP/1.1
Host: analysis3.arcgis.com
Authorization: Bearer {YOUR_ACCESS_TOKEN}
Response
{
"jobId": "j06acd3e062b34987bd3feb394146e327",
"jobStatus": "esriJobSubmitted",
"results": {},
"inputs": {},
"messages": []
}