How to implement app authentication

This topic outlines the high-level steps of how to implement app authentication.

1. Create OAuth credentials

A set of OAuth 2.0 credentials are required for app authentication. These credentials are created as an item in your portal.

Sign in to your portal.
Click Content > My content > New item and select Developer credentials.
In the Credential types menu, select OAuth credentials.
In the Privileges menu, select privileges to determine the operations your application will be authorized to perform.
In the Item access menu, select items to determine what content your application will be authorized to access.
Review your selections and, when you are ready, click Generate credentials.

2. Implement a client credentials flow

The client credentials authorization flow

App authentication uses an OAuth 2.0 authorization flow with a grant type of client_credentials. This involves making a request to the token endpoint with a client_id and client_secret from OAuth credentials. The high-level steps to implement this flow are as follows:

Paste the client_id and client_secret from a set of OAuth credentials into your application.
Submit a POST request to the token endpoint, either directly or through a helper class provided by an ArcGIS API.
Use the access token returned in the response. If you made the request on a server, you can now send the access token to your client application.

ArcGIS APIs

ArcGIS REST JS provides an ApplicationCredentialsManager class that can be used to implement app authentication.

Use dark colors for code blocksCopy
import { ApplicationCredentialsManager } from "@esri/arcgis-rest-request";
import { geocode } from "@esri/arcgis-rest-geocoding";

const appManager = ApplicationCredentialsManager.fromCredentials({
  clientId: "YOUR_CLIENT_ID",
  clientSecret: "YOUR_CLIENT_SECRET"
});

appManager.refreshToken().then((manager) => {

Go to topic

Server-side examples

The following examples show how to set up a web server that implements app authentication and passes the resulting access token to a client application.

3. Make a request

Implementing app authentication successfully will grant an access token to your application when it requests one. The access token will have privileges defined by the OAuth credentials used to supply the client_id and client_secret.

ArcGIS APIs and SDKs

The examples below show how to display a map using an access token.

ArcGIS Maps SDK for JavaScriptArcGIS Maps SDK for JavaScriptArcGIS Maps SDK for .NETArcGIS Maps SDK for KotlinArcGIS Maps SDK for SwiftArcGIS Maps SDK for JavaArcGIS Maps SDK for QtArcGIS API for PythonEsri LeafletMapLibre GL JSOpenLayers
Use dark colors for code blocksCopy
      esriConfig.apiKey= "YOUR_ACCESS_TOKEN";
      const map = new Map({
        basemap: "arcgis-topographic" // Basemap layer
      });

      const view = new MapView({
        map: map,
        center: [-118.805, 34.027],
        zoom: 13, // scale: 72223.819286
        container: "viewDiv",
        constraints: {
          snapToZoom: false
        }
      });

ArcGIS REST APIs

Your application can also include the access token in requests to REST APIs by setting the token parameter.

This example shows how to geocode an address with the geocoding service.

cURL

HTTP

Use dark colors for code blocks

Copy

1
2
3
4
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"

Go to topic

Use dark colors for code blocksCopy
{
    "spatialReference": {
      "wkid": 4326,
      "latestWkid": 4326
    },
    "candidates": [
      {
        "address": "1600 Pennsylvania Ave NW, Washington, District of Columbia, 20500",
        "location": {
          "x": -77.036548499999995,
Expand

Tutorials

Create OAuth credentials for app authentication

Create and configure OAuth credentials to set up app authentication.

ArcGIS portal