Authentication | ArcGIS Maps SDK for Unity v1

ArcGISArcGIS is the brand name for all of the desktop, server, and developer products and technologies offered by Esri.Learn more supports secure access to location servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more and private data. It ensures that only valid, authorized users and applications access protected information. To access secure resources, you need to implement an authentication method so your applications can make authenticated requests for services.

An authentication method is a process used to obtain an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more. Your app must present an access token when it makes a request to an ArcGIS location serviceArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more. Access tokens define the scope and permissions available to your application. The type of authentication you use to get an access token will vary.

There are two methods for authenticating users and three types of authentication that can be used to obtain an access token:

API key: A simple method to authenticate users.
- API key authentication: This creates a long-lived access token that grants your application access to location servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more and private content.
OAuth 2.0: This method uses application credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more to manage and authorize access for authenticated users.
- User authentication (formerly ArcGIS identity): This generates a short-lived token via OAuth 2.0, authorizing your application to access ArcGIS content, services, and resources on behalf of a logged-in ArcGIS user.
- App authentication: This generates a short-lived token via OAuth 2.0, authorizing a developer's application to access ready-to-use servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more on their behalf.

To make authenticated requests to services, you need to set the token parameter to an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more.

API key authentication

An API key is a long-lived access token that authorizes your application to access secure services, content, and functionality in ArcGIS. Using API keys is typically the easiest way to access ArcGIS location servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more in your applications.

To use API keys, you need to have one of the following ArcGIS accountsAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more:

ArcGIS Location Platform accountAn ArcGIS Location Platform account, formerly known as an ArcGIS Developer account, is an identity associated with an ArcGIS Location Platform subscription.Learn more
ArcGIS Online accountAn ArcGIS Online account, also known as an ArcGIS Organization account, is an identity associated with an ArcGIS Online subscription. It can be used to access ArcGIS tools and develop applications with ArcGIS location services for an organization.Learn more

Use API keys when you want to:

Quickly write applications that consume ready-to-use services.
Provide access to services without requiring users to sign in with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.
Use an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more that doesn't expire.
Meter service usage to the ArcGIS subscription that owns the API key.

Set a global API key for your project

You can set a global API key to use across different scenes in a project.

To set a global API key:

Go to Edit > Project Settings, in the ArcGIS Maps SDK tab, and enter the API key.

Set an API key for a specfic scene

To set an API key for a specific scene:

You need an ArcGIS Location Platform account or ArcGIS Online account and an API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more to access ArcGIS servicesA service, also known as an ArcGIS service, is software that supports an ArcGIS REST API and provides geospatial functionality or data. A service can be hosted by Esri or in ArcGIS Enterprise.Learn more. If you don't have an account, sign up for free.
Open the Map Creator UI in the Unity Editor, and click the Auth tab.
Set the API key in the API Key field.

With the Map Creator UI, the API key is used for all your content. If you want to use different API keys for each data, use the C# API.

Learn more about API key authentication

Learn how to create and manage an API key in your portal

OAuth 2.0

OAuth 2.0 is an industry-standard protocol for authorization. ArcGIS stores private user identities and content; 3rd party applications access those resources through a secure OAuth 2.0 user authorization protocol.

Learn more about OAuth 2.0

Learn how to register an OAuth application in your portal

User authentication

User authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more is a type of authentication that allows users with an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth 2.0. When a user signs into an application, an access tokenAn access token is an authorization string that provides access to secure ArcGIS content, data, and services. Its capabilities are determined by the privileges it supports. It is obtained by implementing API key authentication, User authentication, or App authentication.Learn more is granted that authorizes the application to access services and content on their behalf. The resources and functionality available to the application depend on the user type, roles, and privileges assigned to the user's ArcGIS account.

Implement user authentication when you want to:

Ensure users are signed in and authenticated with their own ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more.
Meter service usage to your app user's ArcGIS subscription to pay for their private data, contentContent is a collection of items in a portal that belong to a user, group, or organization.Learn more, or service transactions.
Limit the length of time users can sign in to your app with a temporary token.

To set up OAuth 2.0 with user authentication:

For the editor mode, there is a sample OAuth challenge handler that allows you to configure OAuth 2.0 with user authentication. To load private data in the Scene view:

Have an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more, register an OAuth app, and have a Client ID and Redirect URI for your app to access a private layer. If you don't have an account, sign up for free.
Open the Map Creator UI and click the Auth tab.
In the Add Authentication Configuration section, set a name for the configuration and introduce the Client ID and the Redirect URI for the private content.
Click the Add button.
Click the tab where you have private content, such as Basemap, Elevation, or Layers, and select the configuration name from the Authentication drop-down.
Save and reload the scene.

When you add a configuration, you can find it under the Authentication Configurations section. When you reload your scene, the login window opens in a default web browser window. To add basemap, elevation, and layers, see the Layers section.

For play mode, you should configure another OAuth challenge handler for your own app. You can attach your own script or the OAuth Challenge Handlers Initializer (which uses the sample scripts) to the game object with the ArcGIS Map Component.

Click ArcGIS Map in the Hierarchy window.
In the Inspector window, click the Add Components button.
Select OAuth Challenge Handlers Initializer.

When the secured feature service data is loaded, the login window will open in the default web browser.

For the editor mode, there is a sample OAuth challenge handler that helps you to configure OAuth 2.0 with user authentication. To load private data in the Scene view, complete the following steps:

Have an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more, register an OAuth app, and have a Client ID and Redirect URI to access a private layer. If you don't have an account, sign up for free.
Go to Unity Editor, and click the game object with the ArcGIS Map component in the Hierarchy window.
Open the Authentication section.
Click the + icon to add fields for a set of configuration under Authentication Configurations.
In the newly added fields, set the configuration name, and add the Client ID and the Redirect URI for the private content.
Under the section where you have private content, select the configuration name from the Authentication drop-down.
Save and reload the scene.

When you reload your scene, the login window opens in a default web browser window. To add basemap, elevation, and layers, see the Layers section.

For play mode, you should configure another OAuth challenge handler for your own app. You can attach your own script or attach the OAuth Challenge Handlers Initializer (which uses the sample scripts) to the game object with the ArcGIS Map Component.

Click ArcGIS Map in the Hierarchy window.
In the Inspector window, click Add Components button.
Select OAuth Challenge Handlers Initializer.

When the secured feature service data is loaded, the login window will open in the default web browser window.

To implement user authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more, you should have an ArcGIS accountAn ArcGIS account is an identity with a user type and set of privileges that can access specific ArcGIS products, tools, APIs, services, and resources. The main account types that can be used for development are an ArcGIS Location Platform account, ArcGIS Online account, and ArcGIS Enterprise account. ArcGIS Location Platform and ArcGIS Online accounts are also associated with a subscription.Learn more and a Client ID / Redirect URI to access a private layer. If you don't have an account, sign up for free.

Configure the Client ID and the Redirect URI with ArcGISOAuthAuthenticationConfiguration for the private content, and register it with the private content URL to the ArcGISAuthenticationManager. If you want to use a new OAuth configuration, clear the registered configurations from the ArcGISAuthenticationManager before you add it.

Use AuthenticationChallengeManager to set OAuth challenge handler.

For adding private content, see the Layers section.

You can find the sample code to implement user authentication with an ArcGIS Map in the OAuthScene.cs file. The sample script file is in:

Assets/Samples/ArcGIS Maps SDK for Unity/[version]/All Samples/Scripts/OAuthScene

The sample script is used in the OAuthAPISample scene in the Assets/ArcGISMapsSDKSamples/URP folder.

You can also find the sample OAuth challenge handler script for desktop and mobile devices in the folder at:

Assets/Samples/ArcGIS Maps SDK for Unity/[version]/All Samples/Scripts/Security

Learn more about user authentication

Learn how to add a redirect URI in your portal

App credential authentication

App credential authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more uses a set of application credentialsOAuth credentials are an item that contains parameters required to implement user authentication or app authentication, including a client_id, client_secret, and redirect URIs. They are a type of developer credential.Learn more to grant a short-lived access token generated via OAuth 2.0. The token authorizes your application to access ready-to-use servicesArcGIS Location Services, also referred to as Location Services, are services hosted by Esri that provide geospatial functionality for developing mapping applications. They include the ArcGIS Basemap Styles service, ArcGIS Static Basemap Tiles service, ArcGIS Places service, ArcGIS Geocoding service, ArcGIS Routing service, ArcGIS GeoEnrichment service, and ArcGIS Elevation service. An ArcGIS Location Platform or ArcGIS Online account is required to use the services.Learn more, such as basemap layers, search, and routing.

Use application credentials when you want to:

Access ready-to-use services with a more secure process and a short-lived token.
Provide access to services without requiring users to have an ArcGIS account.

Learn more about app credential authentication

Choose an authentication method

The choice of which type of authentication to implement is mostly dependent upon the resources required by your application.

Scenario	Solution
Your app requires access only to ready-to-use services, such as the basemap layer, geocoding, or routing services.	API keyAn API key is a long-lived access token created using API key credentials. They are valid for up to one year and are typically embedded directly into client applications.Learn more
Your app allows users to view and edit private data in ArcGIS.	User authenticationUser authentication is a type of authentication that allows users with an ArcGIS account to sign into an application and allow it to access ArcGIS content, services, and resources on their behalf. The typical authorization protocol used is OAuth2.0.Learn more
Your app is API backend and requires access only to basemaps and geocoding.	App credential authenticationApp authentication is a type of authentication that grants a short-lived access token based on an OAuth 2.0 client ID and client secret, authorizing an application to access ArcGIS services and items.Learn more