Skip To Content
ArcGIS Developer
Dashboard

/generateToken: Generate Token

  • URL:https://[root]/generateToken(POST only)

Example usage

The following is a sample ArcGIS Enterprise POST request for the generateToken operation. For more examples, see the Additional example usage section below.


POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=referer&ip=&referer=https://myserver/mywebapp&expiration=60&f=pjson

Description

Note:

In ArcGIS Enterprise, this operation has been superceded by the OAuth Token resource; generateToken is no longer the default.

The generateToken operation generates an access token in exchange for user credentials that can be used by clients. The access token represents the authenticated user for a certain amount of time to all other API functionality. Developers using the API must take care to protect the token against malicious use just as they would the original credentials, and they must be prepared to renew the token. Expired tokens will be rejected by the server. This operation also supports generation of a server-token in exchange for a portal token. This server-token is required for clients to access resources from a federated server. The parameters token and serverUrl are required to generate a server-token.

The default token length when using OAuth is two weeks. The esri_authcookie containing that token is set as a session cookie by default, or set to two weeks if the Keep me signed in check box is checked.

Organizations that choose to implement higher levels of security for their organizations can set the allSSL setting to true for their organization or portal. The effect of setting allSSL to true is that all non-HTTPS requests for resources belonging to the organization will be rejected. Setting allSSL to true guarantees that all transmissions of access tokens as well as data between clients and servers is over a secure encrypted channel and provides protection to tokens and data in transit. When generateToken is called for a user in such an organization, it returns a response property of ssl as true, and the token must always be passed back via HTTPS to the portal.

The call is only allowed over HTTPS.

Request parameters

ParameterDetails
username

The case-sensitive username of the user who wants to get a token.

Example

username=admin
password

The password of the user who wants to get a token.

Example

password=test1234
client

The client type that will be granted access to the token. Users will be able to specify whether the token will be generated for a client application's base URL, a user-specified IP address, or the IP address that is making the request.

Values: ip | referer | requestip

ip

The IP address that will be using the created token for access. On the Generate Token page, the IP address is specified in the IP Address field. This is required when client has been set as ip.

Example

ip=11.11.111.111
referer

The base URL of the client application that will use the token. On the Generate Token page, the referer URL is specified in the Webapp URL field. This is required when client has been set as referer.

Example

referer=https://myserver/mywebapp
expiration

The token expiration time in minutes. The default is 60 minutes (one hour). The maximum expiration period is 15 days. The maximum value of the expiration time is controlled by the server. Requests for tokens larger than this time will be rejected. Applications are responsible for renewing expired tokens; expired tokens will be rejected by the server on subsequent requests that use the token.

Example

expiration=60
token

Portal token generated in exchange for user credentials for use by clients working with a federated server. This parameter is required only when generating a server-token. User name, password, client, referer, and expiration parameters are not required for generating a server-token. The referer and expiration time of the portal token will be applied to the server-token.

token=G6943LMReKj_kqdAVrAiPbpRloAfE1fqp0eVAJ-IChQcV-kv3gW-gBAzWztBEdFY
serverURL

URL of a federated server for which a server-token needs to be generated. A server-token will be returned only if the serverUrl contains the URL of a server that is registered with the portal. A server-token will not be generated for a server that is not registered with the portal.

Example

serverUrl=<https://myserver.esri.com/arcgis>
f

The response format. The default response format is html.

Values: html | json | pjson

Response properties

PropertyDetails
token

The generated token.

Example

"token": "6hrFDATxrG9w14QY9wwnmVhLE0Wg6LIvwOwUaxz761m1JfRp4rs8Mzozk5xhSkw0_MQz6bpcJnrFUDwp5lPPFC157dHxbkKlDiQ9XY3ZIP8zAGCsS8ruN2uKjIaIargX"
expires

The expiration time of the token in milliseconds since January 1, 1970 (UTC).

Example

"expires": "1582930261424"
ssl

This property will show as true if the token must always pass over ssl.

Values: true | false

Additional example usage

The examples below illustrate three ways in which users can generate tokens with this operation.

Example one: IP address

The following example demonstrates how an ArcGIS Enterprise user can generate a token with a user-specified IP address:


POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=ip&ip=11.11.111.111&referer=&expiration=60&f=json

Example two: Referer

The following example demonstrates how an ArcGIS Enterprise user can generate a token with a client application's base URL:


POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=referer&ip=&referer=https://myserver/mywebapp&expiration=60&f=json

Example three: Request IP

The final example demonstrates how an ArcGIS Enterprise user can generate a token with the IP address that is performing the Generate Token request:


POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=requestip&ip=&referer=&expiration=60&f=json

JSON Response syntax


{
  "token": "<token generated>",
  "expires": <date shown in UNIX time>,
  "ssl": false | true
}

JSON Response example


{
  "token": "6hrFDATxrG9w14QY9wwnmVhLE0Wg6LIvwOwUaxz761m1JfRp4rs8Mzozk5xhSkw0_MQz6bpcJnrFUDwp5lPPFC157dHxbkKlDiQ9XY3ZIP8zAGCsS8ruN2uKjIaIargX",
  "expires": 1582930261424,
  "ssl": true
}