Tutorial: Create an API key

Learn how to create and manage an API key using API key credentials.

The developer credentials creation interface in a portal

An API key is a long-lived access token that authorizes your application to access secure services, content, and functionality in ArcGIS. API keys are generated using API key credentials, a type of item hosted in your portal. API key credentials contain settings that allow you to generate API keys and manage properties such as their privileges and expiration date. The process of creating API key credentials and using an API key in your application is known as API key authentication.

This tutorial shows you how to create API key credentials and do the following:

Generate long-lived API keys and save them in your application.
Configure privileges to allow your API keys to access ArcGIS services, content, and functionality.
Set the expiration date and referrer URLs of an API key.
Manage API keys using the item page of your API key credentials.

Prerequisites

Steps

You use your portal to create and manage items, including API key credentials.

Create a new item

In your portal, click Content > My content > New item.
Click Developer credentials > API key credentials and click Next.

Set the expiration date and referrers

API key credentials generate long-lived access tokens called API keys. API keys are valid for up to one year, and their expiration date is set when they are generated. You can also set referrers on an API key, which restrict the key to only be usable from authorized domains.

In the Create developer credentials window, click on the Expiration date field. Set the expiration date of the access token to one month from today's date.
Set the Referrers field to the web domains you would like to restrict the access token to. This is highly recommended for security purposes. To learn more about referrers, go to API key credentials.
Click Next.

Select privileges

You can configure the settings of API key credentials to configure the privileges of access tokens. For an access token to work in your application, it needs to have the correct privileges to access the content and services your app is using. Select the privileges you require to apply them to your API key access token.

In the Create developer credentials > Privileges window, browse the available privileges.
Tip
If a privilege is not visible in your developer credentials, it may not be available for the following reasons:
- Your account does not have the correct user type or roles.
- You have the wrong type of subscription. Some privileges are only available to ArcGIS Location Platform users, and some are only available to ArcGIS Online users.
- You do not have pay-as-you-go enabled in your ArcGIS Location Platform account.
- You are using a type of authentication that does not support the privilege you require. To learn more, go to Types of authentication.

Browse the table below to view the available privileges, privilege strings, and descriptions based on your account type:

Category	Label	Privilege string	Description
Basemaps	Basemap styles service	`premium:user:basemaps`	Allow application to access the basemap styles service.
Basemaps	Static basemap tiles (beta)	`premium:user:staticbasemaptiles`	Allow application to access the static basemap tiles service.
Data enrichment	GeoEnrichment service	`premium:user:geoenrichment`	Allow application to access the GeoEnrichment service. Learn more
Elevation	Elevation service (beta)	`premium:user:elevation`	Allow application to access the elevation service.
Geocoding	Geocode (stored)	`premium:user:geocode:stored`	Allow application to access the geocoding service and perform stored geocodes. Learn more
Geocoding	Geocode (not stored)	`premium:user:geocode:temporary`	Allow application to access the geocoding service and perform geocodes that are not stored. Learn more
Places	Place finding	`premium:user:places`	Allow application to access the places service. Learn more
Routing	Routing	`premium:user:networkanalysis:routing`	Allow application to access the routing service and perform standard routing operations. Learn more
Routing	Closest facility	`premium:user:networkanalysis:closestfacility`	Allow application to access the routing service and perform closest facility routing operations. Learn more
Routing	Location allocation	`premium:user:networkanalysis:locationallocation`	Allow application to access the routing service and perform location allocation operations. Learn more
Routing	Optimized routing	`premium:user:networkanalysis:optimizedrouting`	Allow application to access the routing service and perform optimized routing operations. Learn more
Routing	Origin/destination cost matrix	`premium:user:networkanalysis:origindestinationcostmatrix`	Allow application to access the routing service and generate travel cost matrices. Learn more
Routing	Service area	`premium:user:networkanalysis:servicearea`	Allow application to access the routing service and generate service areas. Learn more
Routing	Multi-vehicle routing	`premium:user:networkanalysis:vehiclerouting`	Allow application to access the routing service and perform fleet routing operations. Learn more
Routing	Last mile	`premium:user:networkanalysis:lastmiledelivery`	Allow application to access the routing service and perform routing operations for last mile delivery. Learn more

Select the the privileges required by your application and click Next.

In the Create developer credentials > Privileges window, browse the available privileges.
Tip
If a privilege is not visible in your developer credentials, it may not be available for the following reasons:
- Your account does not have the correct user type or roles.
- You have the wrong type of subscription. Some privileges are only available to ArcGIS Location Platform users, and some are only available to ArcGIS Online users.
- You do not have pay-as-you-go enabled in your ArcGIS Location Platform account.
- You are using a type of authentication that does not support the privilege you require. To learn more, go to Types of authentication.

Browse the table below to view the available privileges, privilege strings, and descriptions based on your account type:

Category	Label	Privilege string	Description
Basemaps	Basemap styles service	`premium:user:basemaps`	Allow application to access the basemap styles service.
Data enrichment	GeoEnrichment service	`premium:user:geoenrichment`	Allow application to access the GeoEnrichment service. Learn more
Geocoding	Geocode service	`premium:user:geocode`	Allow application to access the geocoding service. Learn more
Routing	Routing (Network analysis)	`premium:user:networkanalysis`	Allow application to access the routing service. Learn more
Routing	Last mile	`premium:user:networkanalysis:lastmiledelivery`	Allow application to access the routing service and perform routing operations for last mile delivery. Learn more

Select the the privileges required by your application and click Next.

Select items (optional)

If your application will require access to specific private items, you will need to configure your developer credentials to access them. The Item access menu allows you to browse your portal's content and grant your key fine-grained access to specific items.

If your token does not require item access, click Skip.
In the Grant item access window, click Browse items.
Select the items you want to grant access to. You can select up to 100 items in this menu.

Warning
Certain privileges such as features:user:edit will grant global access to all items associated with your account. Setting fine-grained item access privileges using this menu will override any global privileges you have set.
Click Add items.

Save the item

After configuring the properties of your API key credentials, you can save the credentials as a new item.

In the Create developer credentials window, set the following properties:
- Title: My API key credentials
- Folder: Developer credentials (Create a new folder)
- Tags: Add tags related to the privileges of the credentials.
- Description: Describe the application that these developer credentials will be used in.
Click Next.
In the Summary window, review the properties, privileges, and item access you have set. Click Next.

Copy the API key

In the Create developer credentials > Generate API key window, select Generate the API key and go to item details page. I am ready to copy and save the key.
Click Next.
Copy the API key from the window that appears and paste it into your application.

Attention
This is the only time you will be able to access the value of your API key access token. You will not be able to view it again. To get a new key, you need to regenerate one using the API key credentials item page.

Manage your credentials (optional)

After creating an API key credentials item, its properties can be managed at any time by going to the item page. The Settings menu allows you to manage the following properties of API keys:

Generate a secondary API key: You can generate a secondary API key in the same credentials with identical privileges and a new expiration date.
Regenerate an API key: If you lose access to an API key, you can regenerate it with a new expiration date.
Invalidate an API key: You can invalidate an API key so that it no longer functions in applications.
Edit privileges: You can edit the privileges of your API key credentials to adjust the authorization level of your API keys.
Edit item access: You can edit the items that your API key credentials are authorized to access.
Monitor key usage: You can monitor the usage of your API keys to track their consumption of services and view billing information. To learn more, go to API key credentials.

What's next?

Learn how to use your API key to access secure ArcGIS resources in the following guides:

Mapping and location services

Portal and data services

Spatial analysis services

Offline mapping apps