Tutorial: Create OAuth credentials for app authentication

Learn how to create OAuth credentials to support app authentication.

The developer credentials creation interface in a portal

OAuth credentials are an item required to implement app authentication. They contain client_id and client_secret parameters that are used to implement an OAuth 2.0 client credentials flow. The item page of OAuth credentials allows you to manage settings related to app authentication, including the authorized privileges of an application.

This tutorial shows you how to create OAuth credentials for use in app authentication and do the following:

Configure privileges to allow your application to access ArcGIS services, content, and functionality.
Set authorized referrer URLs.
Manage settings of the OAuth credentials and monitor usage using its item page.

Prerequisites

Steps

You use your portal to create and manage items, including OAuth credentials.

Access your portal by navigating to ArcGIS.com or the URL of your ArcGIS Enterprise portal instance.
Sign in with your ArcGIS account.

Create a new item

In your portal, click Content > My content > New item.
Click Developer credentials > OAuth credentials and click Next.

ArcGIS Online accounts:
If you have an ArcGIS Online account, your account must have administrator access or a custom role with the Assign privileges to OAuth applications privilege. To learn more, go to the FAQ.

Set referrer URLs

You can set referrer URLs on OAuth credentials that restrict the credentials to only be usable from authorized domains. This is highly recommended for security purposes.

In the next window, scroll down to Referrer URLs.
Set the Referrers field to the web domains you would like to restrict the access token to. To learn more about referrers, go to OAuth credentials (for app authentication).
Under Application environment, select the type of environment your application will run in. This will affect when the OAuth credentials appear in portal search results.
Click Next.

Select privileges

You use developer credentials to configure the privileges of access tokens. For an access token to work in your application, it needs to have the correct privileges to access the content and services your app is using. Select the privileges you require to apply them to your API key access token.

In the Create developer credentials > Privileges window, browse the available privileges.
Tip
If a privilege is not visible in your developer credentials, it may not be available for the following reasons:
- Your account does not have the correct user type or roles.
- You have the wrong type of subscription. Some privileges are only available to ArcGIS Location Platform users, and some are only available to ArcGIS Online users.
- You do not have pay-as-you-go enabled in your ArcGIS Location Platform account.
- You are using a type of authentication that does not support the privilege you require. To learn more, go to Types of authentication.

Browse the table below to view the available privileges, privilege strings, and descriptions based on your account type:

ArcGIS Location Platform accounts

ArcGIS Online accounts

ArcGIS Enterprise accounts

Category	Label	Privilege string	Description
Basemaps	Basemap styles service	`premium:user:basemaps`	Allow application to access the basemap styles service.
Data enrichment	GeoEnrichment service	`premium:user:geoenrichment`	Allow application to access the GeoEnrichment service. Learn more
Geocoding	Geocode (stored)	`premium:user:geocode:stored`	Allow application to access the geocoding service and perform stored geocodes. Learn more
Geocoding	Geocode (not stored)	`premium:user:geocode:temporary`	Allow application to access the geocoding service and perform geocodes that are not stored. Learn more
Places	Place finding	`premium:user:places`	Allow application to access the places service. Learn more
Routing	Routing	`premium:user:networkanalysis:routing`	Allow application to access the routing service and perform standard routing operations. Learn more
Routing	Closest facility	`premium:user:networkanalysis:closestfacility`	Allow application to access the routing service and perform closest facility routing operations. Learn more
Routing	Location allocation	`premium:user:networkanalysis:locationallocation`	Allow application to access the routing service and perform location allocation operations. Learn more
Routing	Optimized routing	`premium:user:networkanalysis:optimizedrouting`	Allow application to access the routing service and perform optimized routing operations. Learn more
Routing	Origin/destination cost matrix	`premium:user:networkanalysis:origindestinationcostmatrix`	Allow application to access the routing service and generate travel cost matrices. Learn more
Routing	Service area	`premium:user:networkanalysis:servicearea`	Allow application to access the routing service and generate service areas. Learn more
Routing	Multi-vehicle routing	`premium:user:networkanalysis:vehiclerouting`	Allow application to access the routing service and perform fleet routing operations. Learn more
Routing	Last mile	`premium:user:networkanalysis:lastmiledelivery`	Allow application to access the routing service and perform routing operations for last mile delivery. Learn more

Category	Label	Privilege string	Description
Feature analysis	Spatial analysis service	`premium:user:spatialanalysis`	Allow application to access the spatial analysis service. Learn more
Content	Create, update, and delete	`portal:user:createItem`	Allow member to create, edit, and delete their own content. Learn more
Content	Publish hosted feature layers	`portal:publisher:publishFeatures`	Allow member to publish hosted feature layers from shapefiles, CSVs, etc. Learn more

Category	Label	Privilege string	Description
Members	View	`portal:user:viewOrgUsers`	Allow application to view members of the organization.
Groups	Join organizational groups	`portal:user:joinGroup`	Allow application to join groups within your organization.
Groups	Join external groups	`portal:user:joinNonOrgGroup`	Allow application to join groups external to your organization.
Groups	View groups shared with organization	`portal:user:viewOrgGroups`	Allow application to view groups shared with the organization.
Content	Create, update, and delete	`portal:user:createItem`	Allow application to create, edit, and delete their own content.
Content	Publish hosted feature layers	`portal:publisher:publishFeatures`	Allow application to publish hosted feature layers from shapefiles, CSVs, etc.
Content	Publish hosted tile layers	`portal:publisher:publishTiles`	Allow application to publish hosted tile layers from tile packages, features, etc.
Content	Publish hosted scene layers	`portal:publisher:publishScenes`	Allow application to publish hosted scene layers.
Content	Published hosted tiled imagery layers	`portal:publisher:publishTiledImagery`	Allow application to publish hosted tiled imagery layers from a single image or collection of images. Requires an ArcGIS Image for ArcGIS Online user type extension.
Content	View content shared with organization	`portal:user:viewOrgItems`	Allow application to view content shared to the organization.
Content	View location tracks	`portal:user:viewTracks`	Allow application to view members' location tracks via shared track views when location sharing is enabled.
Content	Reassign content	`portal:user:reassignItems`	Allow application to reassign ownership of content owned by the account to another member.
Content	Receive content	`portal:user:receiveItems`	Allow application to receive content assigned to them by another member.
Content	Create and run data pipelines	`portal:publisher:createDataPipelines`	Allow application to create, edit, and run data pipelines.
Content	View hosted feature services	`portal:user:viewHostedFeatureServices`	Allow application to view hosted feature services.
Content	View hosted tile services	`portal:user:viewHostedTileServices`	Allow application to view hosted tile services.
Content	Categorize items	`portal:user:categorizeItems`	Allow application to set the category of items you own.
Sharing	Share with groups	`portal:user:shareToGroup`	Allow application to share content to groups.
Sharing	Share with organization	`portal:user:shareToOrg`	Allow application to share content to your organization.
Sharing	Share with public	`portal:user:shareToPublic`	Allow application to share their content publicly if permitted by the organization's public sharing policy.
Sharing	Make groups visible to organization	`portal:user:shareGroupToOrg`	Allow application to make groups discoverable by your organization.
Sharing	Make groups visible to public	`portal:user:shareGroupToPublic`	Allow application to make groups discoverable by the public.
Sharing	Make groups available to Open Data	`opendata:user:designateGroup`	Allow application to designate groups as being available for use in Open Data sites.
Features	Edit	`features:user:edit`	Allow application to edit features in editable layers that are not public, based on the edit options enabled on the layer.
Features	Edit with full control	`features:user:fullEdit`	Allow application to add, delete, and update features in an editable, hosted feature layer, regardless of the editing options enabled on the layer.

Category	Label	Privilege string	Description
Groups	View all	`portal:admin:viewGroups`	Allow application to view all groups within your organization.
Groups	Update	`portal:admin:updateGroups`	Allow application to update groups within your organization.
Groups	Delete	`portal:admin:deleteGroups`	Allow application to delete groups within your organization.
Groups	Reassign ownership	`portal:admin:reassignGroups`	Allow application to reassign groups to other members within your organization.
Groups	Assign members	`portal:admin:assignToGroups`	Allow application to assign your members to, update your member's group role, and remove your members from groups within your organization.
Groups	Create with update capabilities	`portal:admin:createUpdateCapableGroup`	Allow application to create groups with update capabilities.
Groups	Create with leaving disallowed	`portal:admin:createLeavingDisallowedGroup`	Allow application to create and own groups that do not allow members to leave (administrative groups).
Content	View all	`portal:admin:viewItems`	Allow application to view all content within your organization.
Content	Update items	`portal:admin:updateItems`	Allow application to update and categorize content and edit hosted feature layers in your organization.
Content	Delete items	`portal:admin:deleteItems`	Allow application to delete content within your organization.
Content	Reassign item ownership	`portal:admin:reassignItems`	Allow application to reassign content to other members within your organization.
Content	Categorize items	`portal:admin:categorizeItems`	Allow application to set the categories of organization content.
Content	Manage categories	`portal:admin:updateItemCategorySchema`	Allow application to configure organization content categories.
Content	Publish web tools	`portal:publisher:publishServerGPServices`	Allow application to publish web tools.
Content	Share member content with organization	`portal:admin:shareToOrg`	Allow application to share content owned by other members in your organization with the organization.
Content	Create and manage administrative reports	`portal:admin:createReports`	Allow application to create and manage administrative reports for your organization
Organization settings	Security and infrastructure	`portal:admin:manageSecurity`	Allow application to manage the organization's security and infrastructure settings.
Organization settings	Organization website	`portal:admin:manageWebsite`	Allow application to manage the organization's website settings.
Organization settings	Collaborations	`portal:admin:manageCollaborations`	Allow application to manage the organization's collaborations.
Organization settings	Credits	`portal:admin:manageCredits`	Allow application to manage the organization's credit budgeting settings.
Organization settings	Utility services	`portal:admin:manageUtilityServices`	Allow application to manage the organization's utility service settings

Category	Label	Privilege string	Description
Basemaps	Basemap styles service	`premium:user:basemaps`	Allow application to access the basemap styles service.
Data enrichment	GeoEnrichment service	`premium:user:geoenrichment`	Allow application to access the GeoEnrichment service. Learn more
Geocoding	Geocode service	`premium:user:geocode`	Allow application to access the geocoding service. Learn more
Routing	Routing (Network analysis)	`premium:user:networkanalysis`	Allow application to access the routing service. Learn more
Routing	Last mile	`premium:user:networkanalysis:lastmiledelivery`	Allow application to access the routing service and perform routing operations for last mile delivery. Learn more

Category	Label	Privilege string	Description
Feature analysis	Spatial analysis service	`premium:user:spatialanalysis`	Allow application to access the spatial analysis service. Learn more
Content	Create, update, and delete	`portal:user:createItem`	Allow member to create, edit, and delete their own content. Learn more
Content	Publish hosted feature layers	`portal:publisher:publishFeatures`	Allow member to publish hosted feature layers from shapefiles, CSVs, etc. Learn more
Image analysis	Image analysis service	`premium:publisher:rasteranalysis`	Allow application to access image services to perform analysis. Learn more
Content	Published hosted tiled imagery layers	`portal:publisher:publishTiledImagery`	Allow application to publish hosted tiled imagery layers from a single image or collection of images. Requires an ArcGIS Image for ArcGIS Online user type extension. Learn more
Content	Publish hosted dynamic imagery layers	`portal:publisher:publishDynamicImagery`	Allow application to publish hosted dynamic imagery layers from a single image or collection of images. Learn more

Category	Label	Privilege string	Description
Members	View	`portal:user:viewOrgUsers`	Allow application to view members of the organization.
Groups	Create, update, and delete	`portal:user:createGroup`	Allow application to create, edit, and delete their own groups.
Groups	Join organizational groups	`portal:user:joinGroup`	Allow application to join groups within your organization.
Groups	Join external groups	`portal:user:joinNonOrgGroup`	Allow application to join groups external to your organization.
Groups	View groups shared with organization	`portal:user:viewOrgGroups`	Allow application to view groups shared with the organization.
Groups	Invite partnered organization members	`portal:user:invitePartneredCollaborationMembers`	Allow application to invite members from partnered collaboration organizations to groups.
Groups	Add members from other organizations	`portal:user:addExternalMembersToGroup`	Allow application to create groups that allow members from other organizations, as well as invite external members to groups.
Content	Create, update, and delete	`portal:user:createItem`	Allow application to create, edit, and delete their own content.
Content	Publish hosted feature layers	`portal:publisher:publishFeatures`	Allow application to publish hosted feature layers from shapefiles, CSVs, etc.
Content	Publish hosted tile layers	`portal:publisher:publishTiles`	Allow application to publish hosted tile layers from tile packages, features, etc.
Content	Publish hosted scene layers	`portal:publisher:publishScenes`	Allow application to publish hosted scene layers.
Content	Published hosted tiled imagery layers	`portal:publisher:publishTiledImagery`	Allow application to publish hosted tiled imagery layers from a single image or collection of images. Requires an ArcGIS Image for ArcGIS Online user type extension.
Content	Publish hosted dynamic imagery layers	`portal:publisher:publishDynamicImagery`	Allow application to publish hosted dynamic imagery layers from a single image or collection of images.
Content	View content shared with organization	`portal:user:viewOrgItems`	Allow application to view content shared to the organization.
Content	View location tracks	`portal:user:viewTracks`	Allow application to view members' location tracks via shared track views when location sharing is enabled.
Content	Reassign content	`portal:user:reassignItems`	Allow application to reassign ownership of content owned by the account to another member.
Content	Receive content	`portal:user:receiveItems`	Allow application to receive content assigned to them by another member.
Content	Create and run data pipelines	`portal:publisher:createDataPipelines`	Allow application to create, edit, and run data pipelines.
Content	Publish real-time analytics	`portal:publisher:publishRealTimeAnalytics`	Allow application to publish real-time analytics to analyze and process real-time data using ArcGIS Velocity.
Content	Categorize items	`portal:user:categorizeItems`	Allow application to set the category of items you own.
Content	Publish big data analytics	`portal:publisher:publishBigDataAnalytics`	Allow application to publish big data analytics and process historical observation data using ArcGIS Velocity.
Content	Publish feeds	`portal:publisher:publishFeeds`	Allow application to publish feeds.
Sharing	Share with groups	`portal:user:shareToGroup`	Allow application to share content to groups.
Sharing	Share with organization	`portal:user:shareToOrg`	Allow application to share content to your organization.
Sharing	Share with public	`portal:user:shareToPublic`	Allow application to share their content publicly if permitted by the organization's public sharing policy.
Sharing	Make groups visible to organization	`portal:user:shareGroupToOrg`	Allow application to make groups discoverable by your organization.
Sharing	Make groups visible to public	`portal:user:shareGroupToPublic`	Allow application to make groups discoverable by the public.
Sharing	Make groups available to Open Data	`oprndata:user:designateGroup`	Allow application to designate groups as being available for use in Open Data sites.
Features	Edit	`features:user:edit`	Allow application to edit features in editable layers that are not public, based on the edit options enabled on the layer.
Features	Edit with full control	`features:user:fullEdit`	Allow application to add, delete, and update features in an editable, hosted feature layer, regardless of the editing options enabled on the layer.
Premium content	Create notebooks	`premium:publisher:createNotebooks`	Allow application to create and edit interactive notebooks.
Premium content	Schedule notebooks	`premium:publisher:scheduleNotebooks`	Allow application to schedule future automated runs of a notebook.
Premium content	Create advanced notebooks	`premium:publisher:createAdvancedNotebooks`	Allow application to import and use ArcPy modules in ArcGIS Notebooks.
Premium content	Demographic maps	`premium:user:demographics`	Allow application to access demographic maps in ArcGIS Living Atlas.
Premium content	Feature report	`premium:user:featurereport`	Allow application to create feature reports in ArcGIS Survey123.
Premium content	Run web tools	`portal:user:runWebTool`	Allow application to run web tools.

Category	Label	Privilege string	Description
Members	View all	`portal:admin:viewUsers`	Allow application to view full member account information within your organization.
Members	Update	`portal:admin:updateUsers`	Allow application to reset passwords, update member account information, and update member categories within your organization.
Members	Delete	`portal:admin:deleteUsers`	Allow application to delete member accounts within your organization.
Members	Invite	`portal:admin:inviteUsers`	Allow application to invite members to your organization.
Members	Disable	`portal:admin:disableUsers`	Allow application to enable and disable member accounts within your organization.
Members	Change roles	`portal:admin:changeUserRoles`	Allow application to change the role a member account is assigned. Note, only members with the Administrator role can assign or unassign the Administrator role to other accounts.
Members	Manage licenses	`portal:admin:manageLicenses`	Allow application to assign licenses to members of your organization.
Members	Manage categories	`portal:admin:updateMemberCategorySchema`	Allow application to configure organization member categories.
Groups	View all	`portal:admin:viewGroups`	Allow application to view all groups within your organization.
Groups	Update	`portal:admin:updateGroups`	Allow application to update groups within your organization.
Groups	Delete	`portal:admin:deleteGroups`	Allow application to delete groups within your organization.
Groups	Reassign ownership	`portal:admin:reassignGroups`	Allow application to reassign groups to other members within your organization.
Groups	Assign members	`portal:admin:assignToGroups`	Allow application to assign your members to, update your member's group role, and remove your members from groups within your organization.
Groups	Link to organization-specific group	`portal:admin:manageEnterpriseGroups`	Allow application to link group membership to an organization-specific group.
Groups	Create with update capabilities	`portal:admin:createUpdateCapableGroup`	Allow application to create groups with update capabilities.
Groups	Create with leaving disallowed	`portal:admin:createLeavingDisallowedGroup`	Allow application to create and own groups that do not allow members to leave (administrative groups).
Content	View all	`portal:admin:viewItems`	Allow application to view all content within your organization.
Content	Update items	`portal:admin:updateItems`	Allow application to update and categorize content and edit hosted feature layers in your organization.
Content	Delete items	`portal:admin:deleteItems`	Allow application to delete content within your organization.
Content	Reassign item ownership	`portal:admin:reassignItems`	Allow application to reassign content to other members within your organization.
Content	Categorize items	`portal:admin:categorizeItems`	Allow application to set the categories of organization content.
Content	Manage categories	`portal:admin:updateItemCategorySchema`	Allow application to configure organization content categories.
Content	Publish web tools	`portal:publisher:publishServerGPServices`	Allow application to publish web tools.
Content	Share member content with organization	`portal:admin:shareToOrg`	Allow application to share content owned by other members in your organization with the organization.
Content	Share member content with public	`portal:admin:shareToPublic`	Allow application to share content owned by other members in your organization with the public.
Content	Create and manage administrative reports	`portal:admin:createReports`	Allow application to create and manage administrative reports for your organization
ArcGIS Marketplace Subscriptions	Create and manage	`marketplace:admin:manage`	Allow application to create listings, list items, manage subscriptions within ArcGIS Marketplace, as well as manage purchasers and contact information for your organization. Use of this privilege depends on your organization obtaining listing and publishing access to the ArcGIS Marketplace.
ArcGIS Marketplace Subscriptions	Purchase and get free products	`marketplace:admin:purchase`	Allow application to send purchase requests and access free products from providers in ArcGIS Marketplace. To allow members to purchase products using credit cards, you must designate them as Marketplace purchasers. Learn more
ArcGIS Marketplace Subscriptions	Start trials	`marketplace:admin:startTrial`	Allow application to start trial subscriptions within ArcGIS Marketplace
Organization settings	Security and infrastructure	`portal:admin:manageSecurity`	Allow application to manage the organization's security and infrastructure settings.
Organization settings	Organization website	`portal:admin:manageWebsite`	Allow application to manage the organization's website settings.
Organization settings	Collaborations	`portal:admin:manageCollaborations`	Allow application to manage the organization's collaborations.
Organization settings	Credits	`portal:admin:manageCredits`	Allow application to manage the organization's credit budgeting settings.
Organization settings	Member roles	`portal:admin:manageRoles`	Allow application to manage the organization's member roles.
Organization settings	Utility services	`portal:admin:manageUtilityServices`	Allow application to manage the organization's utility service settings

Category	Label	Privilege string	Description
Feature analysis	Spatial analysis service	`premium:user:spatialanalysis`	Allow application to access the spatial analysis service. Learn more
Content	Create, update, and delete	`portal:user:createItem`	Allow member to create, edit, and delete their own content. Learn more
Content	Publish hosted feature layers	`portal:publisher:publishFeatures`	Allow member to publish hosted feature layers from shapefiles, CSVs, etc. Learn more
Image analysis	Image analysis service	`premium:publisher:rasteranalysis`	Allow application to access image services to perform analysis. Learn more
Content	Published hosted tiled imagery layers	`portal:publisher:publishTiledImagery`	Allow application to publish hosted tiled imagery layers from a single image or collection of images. Learn more
Content	Publish hosted dynamic imagery layers	`portal:publisher:publishDynamicImagery`	Allow application to publish hosted dynamic imagery layers from a single image or collection of images. Learn more

Category	Label	Privilege string	Description
Members	View	`portal:user:viewOrgUsers`	Allow application to view members of the organization.
Groups	Create, update, and delete	`portal:user:createGroup`	Allow application to create, edit, and delete their own groups.
Groups	Join organizational groups	`portal:user:joinGroup`	Allow application to join groups within your organization.
Groups	Join external groups	`portal:user:joinNonOrgGroup`	Allow application to join groups external to your organization.
Groups	View groups shared with organization	`portal:user:viewOrgGroups`	Allow application to view groups shared with the organization.
Groups	Invite partnered organization members	`portal:user:invitePartneredCollaborationMembers`	Allow application to invite members from partnered collaboration organizations to groups.
Groups	Add members from other organizations	`portal:user:addExternalMembersToGroup`	Allow application to create groups that allow members from other organizations, as well as invite external members to groups.
Content	Create, update, and delete	`portal:user:createItem`	Allow application to create, edit, and delete their own content.
Content	Publish hosted feature layers	`portal:publisher:publishFeatures`	Allow application to publish hosted feature layers from shapefiles, CSVs, etc.
Content	Publish hosted tile layers	`portal:publisher:publishTiles`	Allow application to publish hosted tile layers from tile packages, features, etc.
Content	Publish hosted scene layers	`portal:publisher:publishScenes`	Allow application to publish hosted scene layers.
Content	Published hosted tiled imagery layers	`portal:publisher:publishTiledImagery`	Allow application to publish hosted tiled imagery layers from a single image or collection of images. Requires an ArcGIS Image for ArcGIS Online user type extension.
Content	Publish hosted dynamic imagery layers	`portal:publisher:publishDynamicImagery`	Allow application to publish hosted dynamic imagery layers from a single image or collection of images.
Content	View content shared with organization	`portal:user:viewOrgItems`	Allow application to view content shared to the organization.
Content	View location tracks	`portal:user:viewTracks`	Allow application to view members' location tracks via shared track views when location sharing is enabled.
Content	Reassign content	`portal:user:reassignItems`	Allow application to reassign ownership of content owned by the account to another member.
Content	Receive content	`portal:user:receiveItems`	Allow application to receive content assigned to them by another member.
Content	Create and run data pipelines	`portal:publisher:createDataPipelines`	Allow application to create, edit, and run data pipelines.
Content	Publish livestream video	`portal:publisher:publishLivestreamVideo`	Allow application to publish livestream videos.
Content	Publish real-time analytics	`portal:publisher:publishRealTimeAnalytics`	Allow application to publish real-time analytics to analyze and process real-time data using ArcGIS Velocity.
Content	Publish server-based layers	`portal:publisher:publishServerServices`	Allow application to publish server-based layers.
Content	Publish video	`portal:publisher:publishVideo`	Allow application to publish videos.
Content	Register data stores	`portal:publisher:registerDataStores`	Allow application to register video stores.
Content	View hosted feature services	`portal:user:viewHostedFeatureServices`	Allow application to view hosted feature services.
Content	View hosted tile services	`portal:user:viewHostedTileServices`	Allow application to view hosted tile services.
Content	Categorize items	`portal:user:categorizeItems`	Allow application to set the category of items you own.
Content	Manage feature layer webhooks	`portal:publisher:createFeatureWebhook`	Allow application to manage webhooks for feature layers.
Content	Bulk publish from data stores	`portal:publisher:bulkPublishFromDataStores`	Allow application to bulk publish data from data stores.
Content	Publish big data analytics	`portal:publisher:publishBigDataAnalytics`	Allow application to publish big data analytics and process historical observation data using ArcGIS Velocity.
Content	Publish feeds	`portal:publisher:publishFeeds`	Allow application to publish feeds.
Content	Publish knowledge graphs	`portal:publisher:publishKnowledgeGraph`	Allow application to publish knowledge graphs.
Sharing	Share with groups	`portal:user:shareToGroup`	Allow application to share content to groups.
Sharing	Share with organization	`portal:user:shareToOrg`	Allow application to share content to your organization.
Sharing	Share with public	`portal:user:shareToPublic`	Allow application to share their content publicly if permitted by the organization's public sharing policy.
Sharing	Make groups visible to organization	`portal:user:shareGroupToOrg`	Allow application to make groups discoverable by your organization.
Sharing	Make groups visible to public	`portal:user:shareGroupToPublic`	Allow application to make groups discoverable by the public.
Sharing	Make groups available to Open Data	`opendata:user:designateGroup`	Allow application to designate groups as being available for use in Open Data sites.
Features	Edit	`features:user:edit`	Allow application to edit features in editable layers that are not public, based on the edit options enabled on the layer.
Features	Edit with full control	`features:user:fullEdit`	Allow application to add, delete, and update features in an editable, hosted feature layer, regardless of the editing options enabled on the layer.
Features	Manage feature layer versions	`features:user:manageVersions`	Allow application to manage feature layer version control settings.
Premium content	Create notebooks	`premium:publisher:createNotebooks`	Allow application to create and edit interactive notebooks.
Premium content	Schedule notebooks	`premium:publisher:scheduleNotebooks`	Allow application to schedule future automated runs of a notebook.
Premium content	Create advanced notebooks	`premium:publisher:createAdvancedNotebooks`	Allow application to import and use ArcPy modules in ArcGIS Notebooks.
Premium content	Demographic maps	`premium:user:demographics`	Allow application to access demographic maps in ArcGIS Living Atlas.
Premium content	Feature report	`premium:user:featurereport`	Allow application to create feature reports in ArcGIS Survey123.
Premium content	Run web tools	`portal:user:runWebTool`	Allow application to run web tools.

Category	Label	Privilege string	Description
Members	View all	`portal:admin:viewUsers`	Allow application to view full member account information within your organization.
Members	Update	`portal:admin:updateUsers`	Allow application to reset passwords, update member account information, and update member categories within your organization.
Members	Delete	`portal:admin:deleteUsers`	Allow application to delete member accounts within your organization.
Members	Invite	`portal:admin:inviteUsers`	Allow application to invite members to your organization.
Members	Disable	`portal:admin:disableUsers`	Allow application to enable and disable member accounts within your organization.
Members	Change roles	`portal:admin:changeUserRoles`	Allow application to change the role a member account is assigned. Note, only members with the Administrator role can assign or unassign the Administrator role to other accounts.
Members	Manage licenses	`portal:admin:manageLicenses`	Allow application to assign licenses to members of your organization.
Members	Manage categories	`portal:admin:updateMemberCategorySchema`	Allow application to configure organization member categories.
Groups	View all	`portal:admin:viewGroups`	Allow application to view all groups within your organization.
Groups	Update	`portal:admin:updateGroups`	Allow application to update groups within your organization.
Groups	Delete	`portal:admin:deleteGroups`	Allow application to delete groups within your organization.
Groups	Reassign ownership	`portal:admin:reassignGroups`	Allow application to reassign groups to other members within your organization.
Groups	Assign members	`portal:admin:assignToGroups`	Allow application to assign your members to, update your member's group role, and remove your members from groups within your organization.
Groups	Link to organization-specific group	`portal:admin:manageEnterpriseGroups`	Allow application to link group membership to an organization-specific group.
Groups	Create with update capabilities	`portal:admin:createUpdateCapableGroup`	Allow application to create groups with update capabilities.
Groups	Create with leaving disallowed	`portal:admin:createLeavingDisallowedGroup`	Allow application to create and own groups that do not allow members to leave (administrative groups).
Content	View all	`portal:admin:viewItems`	Allow application to view all content within your organization.
Content	Update items	`portal:admin:updateItems`	Allow application to update and categorize content and edit hosted feature layers in your organization.
Content	Delete items	`portal:admin:deleteItems`	Allow application to delete content within your organization.
Content	Reassign item ownership	`portal:admin:reassignItems`	Allow application to reassign content to other members within your organization.
Content	Categorize items	`portal:admin:categorizeItems`	Allow application to set the categories of organization content.
Content	Manage categories	`portal:admin:updateItemCategorySchema`	Allow application to configure organization content categories.
Content	Publish web tools	`portal:publisher:publishServerGPServices`	Allow application to publish web tools.
Content	Geoprocessing webhook	`portal:admin:createGPWebhook`	Allow application to create geoprocessing webhooks.
Content	Manage servers	`portal:admin:manageServers`	Allow application to manage servers.
Content	Manage webhooks	`portal:admin:manageWebhooks`	Allow application to manage webhooks.
Content	Share member content with organization	`portal:admin:shareToOrg`	Allow application to share content owned by other members in your organization with the organization.
Content	Share member content with public	`portal:admin:shareToPublic`	Allow application to share content owned by other members in your organization with the public.
Content	Create and manage administrative reports	`portal:admin:createReports`	Allow application to create and manage administrative reports for your organization
ArcGIS Marketplace Subscriptions	Create and manage	`marketplace:admin:manage`	Allow application to create listings, list items, manage subscriptions within ArcGIS Marketplace, as well as manage purchasers and contact information for your organization. Use of this privilege depends on your organization obtaining listing and publishing access to the ArcGIS Marketplace.
ArcGIS Marketplace Subscriptions	Purchase and get free products	`marketplace:admin:purchase`	Allow application to send purchase requests and access free products from providers in ArcGIS Marketplace. To allow members to purchase products using credit cards, you must designate them as Marketplace purchasers. Learn more
ArcGIS Marketplace Subscriptions	Start trials	`marketplace:admin:startTrial`	Allow application to start trial subscriptions within ArcGIS Marketplace
Organization settings	Security and infrastructure	`portal:admin:manageSecurity`	Allow application to manage the organization's security and infrastructure settings.
Organization settings	Organization website	`portal:admin:manageWebsite`	Allow application to manage the organization's website settings.
Organization settings	Collaborations	`portal:admin:manageCollaborations`	Allow application to manage the organization's collaborations.
Organization settings	Credits	`portal:admin:manageCredits`	Allow application to manage the organization's credit budgeting settings.
Organization settings	Member roles	`portal:admin:manageRoles`	Allow application to manage the organization's member roles.
Organization settings	Utility services	`portal:admin:manageUtilityServices`	Allow application to manage the organization's utility service settings

Select the required privileges and click Next.

Select items (optional)

If your application will require access to specific private items, you will need to configure your developer credentials to access them. The Item access menu allows you to browse your portal's content and grant your key fine-grained access to specific items.

If your token does not require item access, click Skip.
In the Grant item access window, click Browse items.
Select the items you want to grant access to. You can select up to 100 items in this menu.

Warning
Certain privileges such as features:user:edit will grant global access to all items associated with your account. Setting fine-grained item access using this menu will override any global privileges you have set.
Click Add items.

Save the item

After configuring the properties of your API key credentials, you can save the credentials as a new item.

In the Create developer credentials window, set the following properties:
- Title: My OAuth credentials (for app authentication)
- Folder: Developer credentials (Create a new folder)
- Tags: Add tags related to the privileges of the credentials.
- Description: Describe the application that these developer credentials will be used in.
Click Next.
In the Summary window, review the properties, privileges, and item access you have set.
Click Create to create your OAuth credentials.

Copy the client ID and client secret

Your OAuth credentials contain client_id and client_secret parameters that are required to implement app authentication. Copy these values and paste them into your application or script.

On the item page of your OAuth credentials, scroll down to Credentials.
Copy the Client ID and Client Secret values and paste them into your application. Never expose the value of your client secret.

Manage your credentials

After creating an OAuth credentials item, its properties can be managed at any time by going to the item page. The Settings menu allows you to perform the following tasks:

Edit privileges: You can edit the privileges of your OAuth credentials to adjust the authorization level of your application.

Go to Settings on the item page of your OAuth credentials.
Under Application > Privileges, click the Edit privileges button.
Select new privileges for your API keys using the privileges window. To view a list of all available privileges, go to Privileges.
Click Save. In the warning that appears, click Yes. Your API keys will be reset.

Edit item access: You can edit the items that your OAuth credentials are authorized to access.

Go to Settings on the item page of your OAuth credentials.
Under Application > Privileges, click the Edit item access button.
Select items to grant your OAuth credentials access to.
Click Save.

Monitor credential usage: You can monitor the usage of your OAuth credentials to track their consumption of services and view billing information.

Go to Settings on the item page of your OAuth credentials.
Under Application > Application usage, click the View usage button.

Additional resources

Learn more about app authentication in the following topics: