Generate Token

URL:
https://<host>:<port>/<site>/tokens/generateToken
Methods:
POST
Version Introduced:
10.0

Description

The generateToken operation generates an access token in exchange for user credentials that can be used by clients to access secured ArcGIS Server services. You must make this request over HTTPS and use POST. User credentials must be passed in the body of the POST request. Note that certain credentials, such as the username, are case sensitive. This operation is supported if Server Info resource includes tokenServicesUrl .

The access token represents the authenticated user for a certain amount of time to all other API functionality. When using the API, you must protect the token against malicious use just as you would the original credentials, and you must be prepared to renew the token. Expired tokens will be rejected by the server.

Request parameters

ParameterDetails

username

The case-sensitive username of the user who wants to get a token.

Example

Use dark colors for code blocksCopy
1
username=testAdmin89

password

The password of the user who wants to get a token.

Example

Use dark colors for code blocksCopy
1
password=test1234

client

The client identification type for which the token is to be generated. Users can specify whether the token will be generated for a client application's base URL, a user-specified IP address, or the IP address that is making the request.

Values: referer | ip | requestip

referer

The base URL of the web app that will invoke the request to access a secured resource. This parameter must be specified if the value of the client parameter is referer .

Example

Use dark colors for code blocksCopy
1
referer=https://myserver/mywebapp

ip

The IP address of the machine that will invoke the request to access a secured resource. This parameter must be specified if the value of the client parameter is ip .

Example

Use dark colors for code blocksCopy
1
ip=###.###.###.###

expiration

The token expiration time in minutes. The default is 60 minutes (one hour). The maximum value of the expiration time is controlled by the server. Requests for tokens larger than this time will return a token for the maximum allowed expiration time. Applications are responsible for renewing expired tokens; expired tokens will be rejected by the server on subsequent requests that use the token.

Example

Use dark colors for code blocksCopy
1
expiration=60

f

The response format. The default response format is html .

Values: html | json | pjson

Response properties

PropertyDetails

token

The generated token.

expires

The expiration time of the token in milliseconds since January 1, 1970.

Example usage

The following is a sample POST request for the generateToken operation:

Use dark colors for code blocksCopy
1
2
3
4
5
6
POST /arcgis/tokens/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=testUser&password=test1234&client=referer&referer=https://myserver.domain.com/mywebapp&expiration=60&f=json

JSON Response syntax

Use dark colors for code blocksCopy
1
2
3
4
{
  "token": "<token generated>",
  "expires": <date shown in EPOCH time>
}

JSON Response example

Use dark colors for code blocksCopy
1
2
3
4
{
  "token": "E60M4Gsc-h4Q8plqQ26PgOmVUKIwR6kOAHiAFl7cGzI.",
  "expires": 1345142184717
}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.