Skip to content

Authentication and access tokens

To build applications that use ArcGIS services and resources, you must first implement authentication to obtain an access token. There are two primary authentication methods: API key authentication and User authentication. The method you choose depends on several factors, including:

  • The ArcGIS product you are using
  • The type of application you're developing
  • The types of services and resources you need to access
  • The types of operations your application will perform

For an overview of these methods and tutorials, see the sections below.

API keys

As a developer working with ArcGIS Location Platform or ArcGIS Online, you can use API key authentication to authorize secure service requests without requiring users to sign in. This method embeds a long-lived access token directly in your application, granting access to specific services and content based on the API key’s configured privileges. It is well-suited for building public-facing applications.

General steps:

  1. Create an API key credential item in your portal.
  2. Assign privileges (scopes) to define accessible services and data.
  3. Use the access token to access services.

User tokens

If you're building applications with ArcGIS Online, you can use user authentication to authenticate users and access services on their behalf. This method requires each user to sign in with their ArcGIS account, which generates a unique access token tied to their individual privileges. It is well-suited for building private applications for your organization.

General steps:

  1. Create an OAuth credential item in your portal to obtain a client ID, client secret, and redirect URL.
  2. Use these credentials in your application to initiate the OAuth 2.0 flow and request an access token.
  3. Use the access token to access services on behalf of the signed-in user.

More resources

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.