OAuth credentials (for app authentication)

OAuth credentials with personal privileges (for app authentication)

OAuth credentials that have privileges with a personal scope.

OAuth credentials are an item used to support authentication workflows. They are required to implement user authentication and app authentication using OAuth 2.0 workflows.

Both a client_id and client_secret are required to implement app authentication.

Create OAuth credentials (for app authentication)

You can create OAuth credentials by using the Developer credentials tool in your portal.

The steps to create OAuth credentials with an ArcGIS Location Platform account are:

Sign in to your ArcGIS portal.
Click Content > My content > New item and select Developer credentials.
In the Credential types menu, select OAuth credentials.
Add a redirect URL and click Next. This URL is required during creation, but will not be used in app authentication.
Set the credential privileges to determine the operations your access tokens will be authorized to perform.
Set the credential item access privileges to determine the items your access tokens will be authorized to access.
Review your selections and, when you are ready, click Generate credentials.

Redirect URLs

Redirect URLs are managed as a property of OAuth credentials. They can be added to your credentials during the creation process, or any time through the Settings panel of the credentials item page.

Privileges

The privilege selector for developer credentials

OAuth credentials include a privilege selector that can authorize access to secure ArcGIS services. Once privileges are configured using the selector, the resulting access token will be authorized to access the specified services and perform operations.

The privileges available to OAuth credentials include:

ArcGIS Location Services, such as the basemap styles service and routing service
Portal service operations, such as creating and managing users, items, and groups.
Spatial analysis services for performing feature and raster analysis operations.

The exact privileges available depend on the ArcGIS product you are using and the roles assigned to your ArcGIS account.

Edit privileges

You can edit the privileges of your OAuth credentials to adjust the authorization level of your application.

Go to Settings on the item page of your OAuth credentials.
Under Application > Privileges, click the Edit privileges button.
Select new privileges for your OAuth credentials using the privileges window. To view a list of all available privileges, go to Privileges.
Click Save.

Item access privileges

The item access menu for developer credentials

OAuth credentials also include an item access menu used to allow access to specific items in a portal. The resulting access tokens will be authorized to access any items you specify in this menu.

The items available in this menu include all of the items owned by your account with a sharing level of Private, Group, or Organization.

Edit item access

You can edit the items that your OAuth credentials are authorized to access.

Go to Settings on the item page of your OAuth credentials.
Under Application > Privileges, click the Edit item access button.
Select items to grant your OAuth credentials access to.
Click Save.

Referrers

The referrers field for developer credentials

A referrer is an HTTP header field used to identify the client requesting a server resource. This functions as a security measure, allowing applications to confirm their client's identity. When OAuth credentials have a specific HTTP referer header set, services can confirm that an incoming request's referrer matches one of the valid referrers assigned to that access token.

Specific domains can be provided or you can use wildcard characters (*) in the subdomain of your allowed referrer. For example https://*.your-app.com will allow the access token to be used on both https://dev.your-app.com and https://your-app.com. While it is also possible to restrict access token use to specific paths (https://your-app.com/page), we do not recommend this method because browsers may remove the path due to privacy concerns.

Usage tracking

All services and content accessed with OAuth credentials are tracked. You can monitor the usage of credentials in order to view the consumption of services and the billing amount.

The steps to monitor usage vary based on the type of ArcGIS account the credentials were created with:

ArcGIS Location Platform developers use their dashboard to monitor service usage. To monitor service usage of OAuth credentials, use the following steps:

Go to location.arcgis.com and sign in with an ArcGIS Location Platform account.
Click My dashboard > Usage > Developer credentials.
In the left sidebar, select the OAuth credentials item you would like to review usage for.
In the Billing cycle selector, choose a billing cycle to inspect. The main panel of the window will show a usage report.
Review the usage report for your OAuth credentials. Usage information is organized by secure resource. Click Download CSV to download the information as a .csv file.
Click the dropdown button on a specific service to view a usage timeline. The panel will show the resource consumption for each day of the billing cycle.