ArcGIS uses token-based authentication. All service requests made to secure resources must include an access token for authorization.
The general steps to implement authentication in your application are:
1. Create developer credentials
The first step in authentication is to create a set of developer credentials. Developer credentials contain the properties and values required to get an access token, and allow you to configure the privileges of the token to define the services and items it can access.
API key authentication requires a set of API key credentials.
The steps to create API key credentials with an ArcGIS Location Platform account are:
-
Sign in to your ArcGIS portal.
-
Click Content > My content > New item and select Developer credentials.
-
In the Credential types menu, select API key credentials.
-
Set the credential privileges to determine the operations your access token will be authorized to perform.
-
Set the credential item access privileges to determine the items your access token will be authorized to access.
-
Review your selections and, when you are ready, click Generate token. Save the access token as you will not be able to view it again.
The steps to create API key credentials with an ArcGIS Online account are:
-
Sign in to your ArcGIS portal.
-
Click Content > My content > New item and select Developer credentials.
-
In the Credential types menu, select API key credentials. If your account does not have the Generate API keys privilege, this menu will not appear.
-
Set the credential privileges to determine the operations your access token will be authorized to perform.
-
Set the credential item access privileges to determine the items your access token will be authorized to access.
-
Review your selections and, when you are ready, click Generate token. Save the access token as you will not be able to view it again.
API key authentication is not supported in ArcGIS Enterprise 11.3 or earlier.
2. Get an access token
The next step is to get an access token by implementing a type of authentication. The implementation details depend on the type of authentication you choose:
3. Make a request
Once you have an access token, you can use it in your application to make requests to secure resources.
Mapping APIs
Display a basemap
If you use API key authentication with an ArcGIS API, the API key value is typically set once when the application is initialized and is applied every time a request is made to a location service.
The examples below show how to use an API key to access the basemap styles service.
esriConfig.apiKey= "YOUR_ACCESS_TOKEN";
const map = new Map({
basemap: "arcgis/topographic" // Basemap layer
});
const view = new MapView({
map: map,
center: [-118.805, 34.027],
zoom: 13, // scale: 72223.819286
container: "viewDiv",
constraints: {
snapToZoom: false
}
});
ArcGIS REST APIs
Access tokens returned from all three types of authentication can be used in REST API requests. To make a direct request to ArcGIS resources, you can use an HTTP request and include the access token as the token
parameter. The format to access most REST API endpoints is as follows:
https://<RESOURCE_URL>?token=<YOUR_ACCESS_TOKEN>
Geocode an address
This example shows how to authenticate a request to the geocoding service.
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"
Get item details
This example shows how to authenticate to get the details of an item from your organization's portal service.
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'
Tutorials
Create an API key
Sign in with user authentication
Create an application that requires users to sign in with an ArcGIS account.