Skip To Content ArcGIS for Developers Sign In Dashboard

Access the ArcGIS platform

The ArcGIS platform provides a full range of GIS capabilities. There are various ways to add powerful functionality and intelligence to your ArcGIS Runtime app by connecting to platform capabilities.

ArcGIS Online

ArcGIS Online is a cloud-based, collaborative content management system for maps, apps, data, and other geographic content. You can access ArcGIS Online through mobile devices, a website (, and desktop map viewers. With ArcGIS Online you can do the following:

  • Create web maps.
  • Web enable your data.
  • Share your maps, data, and applications.
  • Find relevant and useful basemaps, data, and configurable GIS resources.
  • Manage content and users in your organization.


With your free ArcGIS for Developers account, you have access to ArcGIS Online for development and testing. Sign in at or You may want to upgrade to a paid ArcGIS Developer Subscription.

Using ArcGIS Runtime SDK, you can work with content in a portal, for example you can access and edit existing content and create new content items, search for users and groups, and share and unshare items.

Learn more about developing with ArcGIS Online in ArcGIS Online Help.

ArcGIS for organizations

To access all the capabilities of ArcGIS Online, your organization can purchase a subscription. With this subscription, you can store and process geographic data, solve complex routing problems, perform spatial analysis, create reports, and enrich your own data with demographic and geographic attributes. You also gain access to various productivity apps. A subscription can help you make geospatial information more pervasive both within your organization and throughout the general public.


Your free ArcGIS for Developers account includes some subscription-only services for development and testing. Sign in at or If you upgrade your free account to a paid plan, you can still sign in using both of these sites.

Learn more about ArcGIS for organizations at ArcGIS Online.

Portals, users, roles, groups, and sharing

ArcGIS Online is an information portal and is represented in the API by the Portal class. This class is loadable.

When you sign in to ArcGIS Online with an organization account, you see a specialized view that your organization administrator has configured for you, giving you access to maps, content, and other services specific to your organization. You can also access all your own content and services.

A registered user of a portal is represented in the API by the PortalUser class. When you have signed in to a portal, you can get authentication information relating to the authenticated user from the portal class. Several options are available for signing in to a portal, such as OAuth 2.0, network credentials, tokens, and public keys (PKI). Two authentication patterns are available—named user and app login. For an overview of the ways to access secure services, see ArcGIS Security and Authentication.

Portals and named users have an essential role to play in some app licensing scenarios. For more information about licensing, see License your app.

Groups are a way to collaborate with other users who share a common interest. A user can create groups, join groups, and share items with those groups. Groups have titles, descriptions, thumbnails, and unique IDs to help users identify them. The sharing model within ArcGIS Online is based on groups. Groups are represented in the API by the PortalGroup class.

A free, public account is another way to access ArcGIS Online. These accounts are not associated with an organization and offer a limited set of functionality. A public account allows you to use and create maps and share your maps and apps with everyone. Public accounts are for noncommercial use only.

Connect to public content and services on ArcGIS Online

To connect to ArcGIS Online and access public content anonymously, you can begin by creating a portal, without authenticating with the portal.

From here, you can access public content; for example, you can access the data stored in a portal item. You can also search for content such as web maps, map services, map features, groups, and users.

Some organizations share content publicly and allow anonymous access to that content; connect to publicly accessible content from such organizations by specifying the organization URL.

Connect to secured content and services on ArcGIS Online

Apps that target organization users who are known to the ArcGIS platform (named users) should pass a credential for the user when creating the portal object.

Credential {
    id: portalCredential
    username: portalUsername
    password: portalPassword

Portal {
    id: portal
    url: ""
    credential: portalCredential

    onLoadStatusChanged: {
        if (loadStatus === Enums.LoadStatusLoaded) {
            var user = portal.portalUser;

    Component.onCompleted: portal.load();

The portal object now has access to all the secure content for which the user has access rights and can be used to find out more information about the user, such as the user's full name (instead of the account user name). Additionally, information about the organization such as the name, banner image, description, and so on, can be found as shown above. Apps often make use of this information when a user connects to a specific portal, to show the user organization branding and context.

Typically, the portal object with the authenticated user is cached and used throughout the app session, to provide the app with a view of a portal that is centered around a single user. When the app is restarted, the credential must be reinstated, or the user must repeat the authentication process.

To access secure content, an app needs to provide a way to sign in to the platform, a process often known as authentication. The recommended approach for authenticating a user known to the platform is to use a user login and OAuth. Apps that target users who are unknown to the ArcGIS platform can authenticate with the platform on behalf of the user by using an app login.

ArcGIS Enterprise

ArcGIS Enterprise provides you with the same core capabilities as ArcGIS Online, but it can be installed and hosted on your own premises, behind your firewall, for controlled distribution of content.

Learn more about ArcGIS Enterprise.

Connect to ArcGIS Enterprise portal

Connecting to an instance of ArcGIS Enterprise portal is done in a very similar way to connecting to ArcGIS Online and is represented in the API by the same class, Portal. Use the URL to the Enterprise portal website, along with an appropriate credential valid on that portal, or no credential if accessing public content anonymously.

ArcGIS Server

ArcGIS Server (a component of ArcGIS Enterprise) is a complete and integrated server-based GIS, allowing you to publish many different types of GIS services for use by a variety of clients including ArcGIS Runtime apps. Some services provide similar functionality to that available from ArcGIS Online—for example, you can create map layers based on map, feature, or WMS services, and perform geocoding, routing, or geoprocessing functions by using services hosted by ArcGIS Server.

Discover content and services on ArcGIS Server

Use the ArcGIS Services Directory to browse the available services on an ArcGIS Server site. Open the REST Services home page in a browser, for example,

Contact your ArcGIS Server system administrator if you're uncertain about the server URL or ArcGIS instance.

Connect to ArcGIS Server

Connecting to ArcGIS Server is a little different from connecting to portals—in the place of connecting to the portal itself, you pass the URL of the service you want to use to a class designed to work with that service type.

For example, you can create a map layer by passing in the URL to a dynamic map service:

ArcGISMapImageLayer {
    id: legendLayer
    url: Globals.url_WorldStreetMap // e.g. ""

If the service is secured, valid credentials or authentication will be required.

ArcGIS Server services are listed below, along with the classes that make use of them.

Service typeAPI classes

Feature service


Locator task


Map service—Dynamic


Map service—Tiled


ArcGIS Server services and related API classes

Learn more about ArcGIS for Server at

Authentication Manager

Your app may need to access secured resources that are restricted to authorized users. For example, your organization may host private data layers or feature services that are only accessible by verified users. You may also need to take advantage of premium ArcGIS Online services, such as routing, that require secured user access. The ArcGIS platform provides many ways to secure access to your organization's content and services. The ArcGIS Runtime SDK provides full support for access to secured ArcGIS Server, ArcGIS Online, or ArcGIS Enterprise resources using the following authorization methods:

  • ArcGIS Tokens: proprietary token-based authentication mechanism.
  • OAuth 2.0: secure delegated access to server resources.
  • Web-tier security: HTTP secured service / Integrated Windows Authentication (IWA).
  • Certificate: Public Key Infrastructure (PKI).

Implementing these security methods in your app (potentially for a variety of platforms) can be a lot of work. To simplify authentication, ArcGIS Runtime provides classes to automate the process: Authentication Manager (AuthenticationManager) and Authentication Challenge (AuthenticationChallenge).

The Authentication Manager manages access by the app to secured resources. This singleton creates an Authentication Challenge whenever an authentication or security issue is encountered anywhere in the API. The types of Authentication Challenge include the following:

  • Username / password: Challenges needing username / password authentication.
  • OAuth: Challenges needing an OAuth authorization code.
  • Client Certificate: Challenges needing a client certificate to be provided.
  • Secure Sockets Layer (SSL) Handshake - Challenges needing a response to certain SslError errors, usually an untrusted host due to a self-signed certificate.

Your app responds to an Authentication Challenge by providing the requested authentication information, which may be a certificate, credentials, or username and password. To satisfy the challenge, your app should do one of the following:

  • Invoke continueWithCredential with a valid credential. The task that issued the challenge will try to connect to the resource using the credential.
  • Invoke continueWithUsernamePassword with a valid username and password which is applied to the credential to continue with the request.
  • Invoke continueWithOAuthAuthorizationCode with a valid OAuth authorization code which is applied to the credential to continue to authenticate using OAuth.
  • Invoke continueWithClientCertificate with the index of the client certificate to use, obtained from AuthenticationManager::clientCertificateInfos which is applied to the credential to continue with the request.
  • Invoke continueWithSslHandshake if the challenge was due to an SSL error, such as an untrusted server certificate, and you want to either trust of reject the network request.
  • Invoke cancel to cancel the challenge. The task that issued the challenge will fail to connect to the resource and should emit an error signal.

switch (authChallenge.authenticationChallengeType) {
case Enums.AuthenticationChallengeTypeClientCertificate:
    console.log("authChallenge is AuthenticationChallengeTypeClientCertificate");
case Enums.AuthenticationChallengeTypeOAuth:
    console.log("authChallenge is AuthenticationChallengeTypeOAuth");
case Enums.AuthenticationChallengeTypeSslHandshake:
    console.log("authChallenge is AuthenticationChallengeTypeSslHandshake");
    var trustThisComputer = true;
    var rememberMyDecision = true;
    authChallenge.continueWithSslHandshake(trustThisComputer, rememberMyDecision);
case Enums.AuthenticationChallengeTypeUsernamePassword:
    console.log("authChallenge is AuthenticationChallengeTypeUsernamePassword");
    var credential = ArcGISRuntimeEnvironment.createObject("Credential", {
                                                           username: portalUsername,
                                                           password: portalPassword
case Enums.AuthenticationChallengeTypeUnknown:
    console.log("authChallenge is AuthenticationChallengeTypeUnknown");
    console.log("AuthenticationChallengeType is not recognized");

Because OAuth authorization requires additional information about the server, you must register servers using OAuth authorization with the authentication manager. In OAuth, client ID and client secret are created when an app is registered with a server. The client ID is considered public information, and represents a public identifier for an app. The client secret is a secret known only to the application and the authorization server, and must be kept confidential. The following types of OAuth authorization methods (grants) are available:

  • Implicit: registration requires a client ID and a redirect URL. The user enters a login with the server and receives an access token.
  • Authorization code: registration requires a client ID, client secret, and a redirect URL. The user enters a login with the server and receives an access token and refresh token.
  • Client credentials: registration requires a client ID, client secret, and a redirect URL. The user does not need to enter a login, but rather is granted access on behalf of the app.

After your app provides the authentication information, the Authentication Manager caches that information. The Authentication Manager contains an instance of a CredentialCache which maintains a cache of credentials, in memory, that have been previously used to satisfy authentication challenges. This allows a credential to be reused where appropriate, and prevents unnecessary or duplicate challenges from being issued while accessing secure resources from the same security realm. Caching happens automatically if credential caching is enabled on the Authentication Manager. When the app wants to sign out, clear the credential cache within the Authentication Manager.