Types of authentication

ArcGIS supports secure access to ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more and portal items to ensure that only valid, authorized users and services can access protected information. This SDK supports various authentication methods. The type of authentication you use depends on the security and access requirements of your app. The available authentication methods are described below. See the Choose a type of authentication section for help determining which type of authentication is best suited to your use case.

There are three types of authentication that you can use to get an access token:

• API key authentication: grants a long-lived access token to authenticate requests to ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more and secure portal items. For more information see the Introduction to API key authentication. To obtain an API key access token, go to the Create an API key tutorial using your ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more. Here you can configure the API key privileges to authorize access to different services and portal items.

• User authentication: a collection of authentication workflows that connect your app to a user's ArcGIS account.

  • OAuth 2.0: manage ArcGIS authentication and grant a short-lived access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more generated via OAuth 2.0. This gives your application permission to access ArcGIS secured services authorized to an existing ArcGIS user's account. For more information see the OAuthUserCredential.
  • Identity-Aware Proxy: manage identity-aware proxy authentication and grant a short-lived ID token generated from an Identity-Aware Proxy (IAP). This token gives your application permission to access the ArcGIS Enterprise portal and its services that are protected behind an Identity-Aware Proxy (IAP). ArcGIS Maps SDK for Kotlin currently supports the Microsort Entra Application Proxy via the Microsoft Identity Platform. For more information see the IapCredential.
  • Generate token: manages ArcGIS authentication and grants a short-lived access token generated via Esri's proprietary token-based authentication mechanism. This gives your application permission to access ArcGIS secured services authorized to an existing ArcGIS user's account. For more information see the TokenCredential and PregeneratedTokenCredential.
  • Network credential: manage network authentication (also known as web-tier authentication) for ArcGIS Enterprise. This gives your application permission to access network secured services authorized to your web-tier's identity store user accounts. Supports Public Key Infrastructure (PKI), Integrated Windows Authentication (IWA) and HTTP Basic. For more information see the PasswordCredential and CertificateCredential.
    
    

• App authentication: uses the registered application's credentials to access location servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more on ArcGIS. It manages ArcGIS authentication and grants a short-lived access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more generated via OAuth 2.0 using the Application itemAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more's Client ID and Client Secret outside of the context of a user. For more information see the OAuthApplicationCredential topic.

API key authentication

An API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more can grant your public-facing application access to specific ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more and portal items.

Use API key authenticationAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more when you want to:

• Quickly write applications that consume ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more.
• Provide access to services without requiring users to sign in with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.

To authorize your app to access secured resources, obtain an API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more access token using the Create an API key tutorial. Set the API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more access token on the ArcGISEnvironment.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
    ArcGISEnvironment.apiKey = ApiKey.create(YOUR_ACCESS_TOKEN)

    val map = remember {
        ArcGISMap(basemapStyle = BasemapStyle.ArcGISTopographic)
    }

    Scaffold {
        MapView(
            modifier = Modifier
                .fillMaxSize()
                .padding(it),
            arcGISMap = map
        )
    }

You can view the app's usage telemetry on the respective ArcGIS Location PlatformArcGIS Location Platform, formerly known as ArcGIS Platform, is a Platform as a Service (PaaS) product that gives developers access to location services, APIs, and tools to build mapping and spatial analysis applications. It is subscription-based and requires an ArcGIS Location Platform account.Learn more or ArcGIS OnlineArcGIS Online is a GIS mapping, analytics, data hosting, and content management software as a service (SaaS) product. It includes applications, tools, APIs, and location services for users and developers. It is subscription-based and requires an ArcGIS Online account.Learn more account. You can also set the API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more access token on any class that implements ApiKeyResource. This overrides any access token you have set on the ArcGISEnvironment and enables more granular usage telemetry.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
    val map = remember {
        // Create a new ArcGUS basemap and apply an access token.
        val basemap = Basemap(basemapStyle = BasemapStyle.ArcGISTopographic)

        basemap.apiKey = ApiKey.create(BuildConfig.YOUR_ACCESS_TOKEN)

        // Create a a new map with the basemap.
        ArcGISMap(basemap = basemap)
    }

Classes that implement ApiKeyResource include:

• ArcGISSceneLayer
• ArcGISTiledLayer
• ArcGISVectorTiledLayer
• Basemap
• BasemapStylesService
• ClosestFacilityTask
• ExportTileCacheTask
• ExportVectorTilesTask
• GeodatabaseSyncTask
• LocatorTask
• RouteTask
• ServiceAreaTask
• ServiceFeatureTable

User authentication

User authentication is a set of authentication workflows that allow users with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more to sign into an application and access ArcGIS contentContent is a collection of items in a portal that belong to a user, group, or organization.Learn more, servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more, and resources. The typical authentication protocol used is OAuth2.0. When a user signs into an application with their ArcGIS account, an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more is generated that authorizes the application to access services and content on their behalf. The resources and functionality available depend on the user type, roles, and privileges of the user's ArcGIS account.

Services that your app accesses with user authentication are billed to the authenticated user's ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more and its associated ArcGIS subscriptionAn ArcGIS subscription is a free or paid plan that defines the capabilities of an ArcGIS account and the method of billing for the consumption of location services.Learn more. If your application will access your users' secure content in ArcGIS or if you plan to distribute your application through ArcGIS Marketplace, you must use user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more.

Implement user authentication when you want to:

• Ensure users are signed in and authenticated with their own ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.
• Use your app user's creditsCredits are the currency used by ArcGIS Online Organization accounts to account for data storage and location service consumption. Credits are consumed for specific transactions, such as accessing location services, and types of storage, such as storing features, performing analytics, and using premium content.Learn more to pay for their private data, contentContent is a collection of items in a portal that belong to a user, group, or organization.Learn more, or service transactions.
• Limit the length of time users can be signed in to your app with a temporary token.
• Distribute your app through ArcGIS Marketplace.

App authentication

App authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more grants a short-lived access token, generated via OAuth 2.0, authorizing your application to access ArcGIS location servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more, such as basemap layers, search, and routing.

Use app authentication when you want to:

• Access location servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more with a more secure process and a short-lived token.
• Provide access to services without requiring users to have an ArcGIS account.

Choose a type of authentication

The following considerations can help determine which type of authentication to implement:

• Access to resources—Your app can access ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more and portal items using API key authenticationAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more, User authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more, or App authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more.

• User experience—If you don't want to make users log in, your app can access ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more using API key authenticationAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more or App authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more. In this case, users will not need to have an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more in order to use your app.

• Usage charges—If you want service usage to be charged to the user's account, your app must request that the user log in using User authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more. When using API key authenticationAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more or App authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more, all access to services from your app will be charged to your ArcGIS account.

You might also need to consider the level of security required for your app, how your app will be distributed, and your available ArcGIS products and accounts.