Authentication | ArcGIS Maps SDK for Unity

ArcGIS supports secure access to ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more and portal items. It ensures that only valid, authorized users and services can access protected information. To access secure ArcGIS resources, you need an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more that you can obtain by implementing an authentication workflow in your app. The type of authentication you use depends on the security and access requirements of your app.

The available authentication methods are described below. See the Choose an authentication method section for help determining which type of authentication is best suited to your use case.

Currently, ArcGIS Maps SDK for Unity supports two types of authentication methods:

API key authentication: grants a long-lived access token to authenticate requests to ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more and secure portal items. For more information see the Introduction to API key authentication topic. To obtain an API key access token, go to the Create an API key tutorial. Here you can configure the API key privileges required to authorize access to different services and portal items for your ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.
- API key access tokens created with an ArcGIS EnterpriseAn ArcGIS Enterprise account is an identity for an instance of ArcGIS Enterprise. It can be used to access ArcGIS Enterprise tools, applications, and services, and to develop applications.Learn more account (from ArcGIS Enterprise version 11.4 onwards), provide access to secure itemsAn item, also known as a content item, is a resource stored in a portal such as a web map, hosted layer, style, script tool, file, or notebook.Learn more in an ArcGIS Enterprise portalArcGIS portal, also known as a portal, is a website with applications and tools that can be used to create, manage, access, and share geospatial content and data. It supports security and authentication, developer credentials, content and data service management, user and group management, and site administration. A portal can be hosted in Esri's infrastructure or your own infrastructure.Learn more.
OAuth 2.0: manage ArcGIS authentication and grant a short-lived access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more generated via OAuth 2.0. This gives your application permission to access ArcGIS secured services authorized to an existing ArcGIS user's account.
- User authentication: a collection of authentication workflows that connect your app to a user's ArcGIS account.

To make authenticated requests to services, you must set the token parameter to an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more.

API key authentication

An API key can grant your public-facing application access to specific ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more and portal items.

Use API key authenticationAPI key authentication is a type of authentication that uses an API key to authenticate requests to ArcGIS services and secure portal items.Learn more when you want to:

Quickly write applications that consume ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more.
Provide access to services without requiring users to sign in with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.

Tip

API key access tokens created with an ArcGIS Location PlatformArcGIS Location Platform, formerly known as ArcGIS Platform, is a Platform as a Service (PaaS) product that gives developers access to location services, APIs, and tools to build mapping and spatial analysis applications. It is subscription-based and requires an ArcGIS Location Platform account.Learn more or ArcGIS OnlineArcGIS Online is a GIS mapping, analytics, data hosting, and content management software as a service (SaaS) product. It includes applications, tools, APIs, and location services for users and developers. It is subscription-based and requires an ArcGIS Online account.Learn more account provide access to ArcGIS location servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more. API key access tokens created with an ArcGIS EnterpriseArcGIS Enterprise is a GIS mapping, analytics, data hosting, and content management product that can be hosted on-premise or in a cloud infrastructure. It includes software, applications, tools, APIs, and services for users and developers.Learn more account (from ArcGIS Enterprise version 11.4 onwards), provide access to ArcGIS Enterprise servicesArcGIS Enterprise services are services an organization can host in ArcGIS Enterprise. This includes map services, feature services, tile services, geometry services, geoprocessing services, spatial analysis services, and many others.Learn more.

Learn more about API key authentication

Learn how to create and manage an API key in your portal

Set a global API key for your project

You can set a global API key to use across different scenes in a project.

To set a global API key:

Go to Edit > Project Settings, in the ArcGIS Maps SDK tab, and enter the API key.

Set an API key for a specific scene

To set an API key for a specific scene:

You need an ArcGIS Location Platform account or ArcGIS Online account and an API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more to access ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more. If you don't have an account, sign up for free.
Open the Map Creator UI in the Unity Editor, and click the Auth tab.
Set the API key in the API Key field.

With the Map Creator UI, the API key is used for all your content. If you want to use different API keys for each data, use the C# API.

OAuth 2.0

OAuth 2.0 is an industry-standard protocol for authorization. ArcGIS stores private user identities and content; 3rd party applications access those resources through a secure OAuth 2.0 user authorization protocol.

Learn more about OAuth 2.0

Learn how to register an OAuth application in your portal

User authentication

User authentication is a set of authentication workflows that allow users with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more to sign into an application and access ArcGIS contentContent is a collection of items in a portal that belong to a user, group, or organization.Learn more, servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more, and resources. The typical authentication protocol used is OAuth2.0. When a user signs into an application with their ArcGIS account, an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more is generated that authorizes the application to access services and content on their behalf. The resources and functionality available depend on the user type, roles, and privileges of the user's ArcGIS account.

Services that your app accesses with user authentication will be billed to the authenticated user's ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more and its associated ArcGIS subscriptionAn ArcGIS subscription is a free or paid plan that defines the capabilities of an ArcGIS account and the method of billing for the consumption of location services.Learn more. If your application will access your users' secure content in ArcGIS or if you plan to distribute your application through ArcGIS Marketplace, you must use user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more.

Implement user authentication when you want to:

Ensure users are signed in and authenticated with their own ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.
Use your app user's creditsCredits are the currency used by ArcGIS Online Organization accounts to account for data storage and location service consumption. Credits are consumed for specific transactions, such as accessing location services, and types of storage, such as storing features, performing analytics, and using premium content.Learn more to pay for their private data, contentContent is a collection of items in a portal that belong to a user, group, or organization.Learn more, or service transactions.
Limit the length of time users can be signed in to your app with a temporary token.
Distribute your app through ArcGIS Marketplace.

Learn more about user authentication

Learn how to add a Redirect URL in your portal

To set up OAuth 2.0 with user authentication:

For the editor mode, there is a Sample Authentication Handler Initializer that allows you to configure OAuth 2.0 with user authentication. To load private data in the Scene view:

Have an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more, register an OAuth app, and have a Client ID and Redirect URL for your app to access private data. If you don't have an account, sign up for free.
Open the Map Creator UI and click the Auth tab.
In the Authentication Configuration section, click the +Add New button in the lower right corner.
Enter the URL for the portal on the Add New Portal Item pop-up window and click Next. URL examples:
- For ArcGIS Online, enter https://www.arcgis.com or https://yourorg.maps.arcgis.com.
- For ArcGIS Enterprise, enter https://webadaptorhost.domain.com/webadaptorname.
Provide a Portal Name, Client ID, and Redirect URL. Click the Add button.
After successfully adding an authentication configuration, it will be displayed under the Authentication Configurations section.
To apply the User Authentication to your private data (e.g. private layers from the same portal), select the User Authentication option from the Authentication Type drop-down list.
You will be redirected to an external browser window to sign in to your ArcGIS account or grant permissions for OAuth credentials. Save and reload the scene if the login pop-up window does not open.

Standalone builds

To support OAuth authentication in standalone builds or Play mode, configure an OAuth login handler.

You can attach your own script or use the provided sample scripts by attaching the SampleAuthenticationHandlerInitializer component to the game object with the ArcGIS Map Component. This will automatically register the SampleOAuthUserLoginPromptHandler for handling OAuth login prompts during both Play mode and standalone app execution.

Click ArcGIS Map in the Hierarchy window.
In the Inspector window, click the Add Components button.
Select the Sample Authentication Handler Initializer Component.

When the secured feature service data is loaded, the login window will open in the default web browser. Upon successful login, an ArcGISCredential will be created and stored in the ArcGISCredentialStore, where it can be reused and refreshed automatically.

For the editor mode, there is a Sample Authentication Handler Initializer that allows you to configure OAuth 2.0 with user authentication. To load private data in the Scene view:

Have an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more, register an OAuth app, and have a Client ID and Redirect URL for your app to access private data. If you don't have an account, sign up for free.
Go to the Hierarchy window, and click the game object with the ArcGIS Map Component.
Find and expand the Authentication Configuration section.
Click the + icon to add fields for a set of configurations.
Input the Portal URL, a Portal Name, along with the Client ID and the Redirect URL for accessing private content.
Under the section where you add the private content (e.g. private layers), select the User Authentication option from the Authentication Type drop-down list.
If the portal information is successfully validated, you will be directed to an external browser window to log in to your ArcGIS account or grant permissions for OAuth credentials. If the login pop-up window does not appear, please save and reload the scene.

Standalone builds

To support OAuth authentication in standalone builds or Play mode, configure an OAuth login handler.

Click ArcGIS Map in the Hierarchy window.
In the Inspector window, click the Add Components button.
Select the Sample Authentication Handler Initializer Component.

To implement user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more, you should have an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more and a Client ID and Redirect URL for your app to access a private layer. If you don't have an account, sign up for free.

Configuring OAuth access

Configure an ArcGISOAuthUserConfiguration for the private content, and add it to the OAuthUserConfigurations list. To remove existing OAuth configurations before adding new ones, clear the registered configurations first. Clearing is not required before adding a new configuration.

Adding private layers

To add private content, see the Layers section. When adding a layer using the API, provide an empty string as the API key argument to ensure the OAuth workflow is deployed for loading the content.

OAuth sample code

You can find the sample code to implement user authentication with an ArcGIS Map in the OAuthScene.cs file. The sample script file is in:

Assets/Samples/ArcGIS Maps SDK for Unity/[version]/Sample Content/Scenes/Scripts/OAuthScene/

The sample script is used in the OAuthAPISample scene in the Assets/ArcGISMapsSDKSamples/URP or HDRP folder.

You can also find the Sample Authentication Handler Initializer script for desktop and mobile devices in the following folder:

Assets/Samples/ArcGIS Maps SDK for Unity/[version]/Sample Content/Scenes/Scripts/Security/

Standalone builds

To support OAuth authentication in standalone builds or Play mode, configure an OAuth login handler.

Click ArcGIS Map in the Hierarchy window.
In the Inspector window, click the Add Components button.
Select the Sample Authentication Handler Initializer Component.

Choose an authentication method

The choice of which type of authentication to implement is mostly dependent upon the resources required by your application.

Scenario	Solution
Your app requires access only to ready-to-use services, such as the basemap layer, geocoding, or routing services.	API key authentication
Your app needs to access private data hosted on your ArcGIS Location Platform accountAn ArcGIS Location Platform account, formerly known as an ArcGIS Developer account, is an identity associated with an ArcGIS Location Platform subscription.Learn more.	API key authentication
Your app allows users to view and edit private data hosted in ArcGIS OnlineArcGIS Online is a GIS mapping, analytics, data hosting, and content management software as a service (SaaS) product. It includes applications, tools, APIs, and location services for users and developers. It is subscription-based and requires an ArcGIS Online account.Learn more or ArcGIS EnterpriseArcGIS Enterprise is a GIS mapping, analytics, data hosting, and content management product that can be hosted on-premise or in a cloud infrastructure. It includes software, applications, tools, APIs, and services for users and developers.Learn more.	User authentication
Your app requires access to location servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more only and you want usage charged to the user.	User authentication
Your app needs to access content that requires an ArcGIS Online subscriptionAn ArcGIS subscription is a free or paid plan that defines the capabilities of an ArcGIS account and the method of billing for the consumption of location services.Learn more.	User authentication