- URL:https://<host>:<port>/<site>/tokens/generateToken(POST only)
- Version Introduced:10.0
This operation generates an access token in exchange for user credentials that can be used by clients to access secured ArcGIS Server services. You must make this request over HTTPS and use POST. User credentials must be passed in the body of the POST request. This operation is supported if Server Info resource includes tokenServicesUrl.
If your organization uses applications that rely on acquiring a token through an HTTP GET request, see Enable token acquisition through an HTTP GET request.
The access token represents the authenticated user for a certain amount of time to all other API functionality. When using the API, you must take care to protect the token against malicious use just as you would the original credentials, and you must be prepared to renew the token. Expired tokens will be rejected by the server.
Description: The response format. The default response format is HTML.
Description: username of user who wants to get a token.
Description: password of user who wants to get a token.
Description: The client identification type for which the token is to be generated.
Description: The base URL of the web app that will invoke the request to access secured resource. This parameter must be specified if the value of the client parameter is referer.
Description: The IP address of the machine that will invoke the request to access secured resource. This parameter must be specified if the value of the client parameter is ip.
Description: The token expiration time in minutes. The default is 60 minutes.
Example: expiration=60 (1 hour)
The maximum value of the expiration time is controlled by the server. Requests for tokens larger than this time will return a token for the maximum allowed expiration time. Applications are responsible for renewing expired tokens; expired tokens will be rejected by the server on subsequent requests that use the token.
Description: The generated token.
Description: The expiration time of the token in milliseconds since Jan 1st, 1970.
JSON response syntax
"token": "<token generated>",
"expires": <date shown in EPOCH time>
JSON response example