Introduction to app authentication

App authentication is a type of authentication that generates short-lived access tokens based on a set of OAuth credentials. The access tokens are associated with your ArcGIS account, and can be used to to authenticate requests to location services and private items.

App authentication is typically implemented on a web server or in standalone console scripts. This is to avoid exposing the confidential client_id and client_secret values contained within OAuth credentials. App authentication is not recommended for client applications without a web server, or in private applications that require users to sign in.

You can use app authentication to:

  • Authenticate on web servers or standalone console scripts.
  • Access location services.
  • Access secure items in a portal.
  • Authenticate with an OAuth 2.0 process that provides better security than API key authentication.
  • Create public applications that allow users to remain anonymous.
  • Access secure resources with the privileges of your ArcGIS account.

How app authentication works

Client credentials flow
The client credentials flow used in app authentication. To learn more, go to Client credentials flow

Apps that implement app authentication submit requests for access tokens using an OAuth 2.0 client_id and client_secret. These values are generated from OAuth credentials and should remain confidential at all times.

The high-level process of app authentication is as follows:

  1. Include a client_id and client_secret from OAuth credentials in your server script.
  2. Create an endpoint for clients to request access tokens.
  3. When a client requests a token, submit a request to the token endpoint of your portal service.
  4. Deliver the resulting access token to the client.
  5. The client uses the access token to access secure resources.

OAuth credentials

OAuth credentials are an item used to support authentication workflows. They are required to implement user authentication and app authentication using OAuth 2.0 workflows.

Limitations

Service support

The following table provides an overview of the functionality available with each type of authentication:

API key authenticationUser authenticationApp authentication
Location services
Data services (Item access)
Spatial analysis services
Portal service (General privileges)
Portal service (Admin privileges)
Full supportPartial supportNo support

    Account types

    App authentication is available for ArcGIS Location Platform accounts, ArcGIS Online accounts, and ArcGIS Enterprise accounts.

    To create OAuth credentials with an ArcGIS Online account, your account must have a role with the Assign privileges to OAuth 2.0 applications privilege. To learn more, go to the FAQ.

    OAuth credentials

    Item access privileges: OAuth credentials can be configured to access a maximum of 100 items.

    Tutorials

    Create OAuth credentials for app authentication

    Create and configure OAuth credentials to set up app authentication.


    API support

    App authentication
    ArcGIS Maps SDK for JavaScript
    ArcGIS Maps SDK for .NET
    ArcGIS Maps SDK for Kotlin
    ArcGIS Maps SDK for Swift
    ArcGIS Maps SDK for Java
    ArcGIS Maps SDK for Qt
    ArcGIS API for Python
    ArcGIS REST JS
    Esri Leaflet
    MapLibre GL JS
    OpenLayers
    CesiumJS
    Full supportPartial supportNo support

      Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.