ArcGIS uses token-based authentication. All service requests made to secure resources must include an access token for authorization.
The general steps to implement authentication in your application are:
1. Create developer credentials
The first step in authentication is to create a set of developer credentials. Developer credentials contain the properties and values required to get an access token, and allow you to configure the privileges of the token to define the services and items it can access.
API key authentication requires a set of API key credentials. The steps to create API key credentials are:
-
Sign in to your ArcGIS portal.
-
Click Content > My content > New item and select Developer credentials.
-
In the Credential types menu, select API key credentials.
-
Set the credential privileges to determine the operations your access token will be authorized to perform.
-
Set the credential item access privileges to determine the items your access token will be authorized to access.
-
Review your selections and, when you are ready, click Generate token. Save the access token as you will not be able to view it again.
User authentication requires a set of OAuth credentials. The steps to create OAuth credentials for user authentication are:
-
Sign in to your ArcGIS portal.
-
Click Content > My content > New item and select Developer credentials.
-
In the Credential types menu, select OAuth credentials.
-
Name the credentials and click Next to create them.
App authentication requires a set of OAuth credentials. The steps to create OAuth credentials for app authentication are:
-
Sign in to your ArcGIS portal.
-
Click Content > My content > New item and select Developer credentials.
-
In the Credential types menu, select OAuth credentials.
-
Set the credential privileges to determine the operations your access tokens will be authorized to perform.
-
Set the credential item access privileges to determine the items your access tokens will be authorized to access.
-
Review your selections and, when you are ready, click Generate credentials.
2. Get an access token
The next step is to get an access token by implementing a type of authentication. The implementation details depend on the type of authentication you choose:
3. Make a request
Once you have an access token, you can use it in your application to make requests to secure resources.
Mapping APIs
Display a basemap
If you are using an ArcGIS API, the API key value is typically set once when the application is initialized and is applied every time a request is made to a location service.
The examples below show how to use an API key to access the basemap styles service.
esriConfig.apiKey= "YOUR_ACCESS_TOKEN";
const map = new Map({
basemap: "arcgis-topographic" // Basemap layer
});
const view = new MapView({
map: map,
center: [-118.805, 34.027],
zoom: 13, // scale: 72223.819286
container: "viewDiv",
constraints: {
snapToZoom: false
}
});
If you use user authentication with an ArcGIS Maps SDK, the Authentication or Identity classes automatically handle authentication with the access token, requiring no additional action from you.
The examples below show how to display a map in apps that implement user authentication.
function handleSignedIn() {
map = new Map({
basemap: "arcgis/topographic" // basemap styles service
});
const view = new MapView({
map: map,
center: [-118.805, 34.027], // Longitude, latitude
zoom: 13, // Zoom level
container: "viewDiv" // Div element
});
}
The examples below show how to display a map using an access token.
esriConfig.apiKey= "YOUR_ACCESS_TOKEN";
const map = new Map({
basemap: "arcgis-topographic" // Basemap layer
});
const view = new MapView({
map: map,
center: [-118.805, 34.027],
zoom: 13, // scale: 72223.819286
container: "viewDiv",
constraints: {
snapToZoom: false
}
});
ArcGIS REST APIs
To make a direct request to ArcGIS resources, you can use an HTTP request and include the access token as the token parameter. The format to access most REST API endpoints is as follows:
https://<RESOURCE_URL>?token=<YOUR_ACCESS_TOKEN>Geocode an address
This example shows how to geocode an address with the geocoding service.
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"{
"spatialReference": {
"wkid": 4326,
"latestWkid": 4326
},
"candidates": [
{
"address": "1600 Pennsylvania Ave NW, Washington, District of Columbia, 20500",
"location": {
"x": -77.036548499999995,
Get item details
This example shows how to get the details of an item from your organization's portal service.
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'{
"id": "ITEM_ID",
"owner": "OWNER",
"orgId": "ORG_ID",
"created": "DATE_CREATED",
"modified": "DATE_MODIFIED",
"guid": null,
"name": null,
"title": "ITEM_TITLE",
"type": "ITEM_TYPE"
Tutorials
Create an API key
Sign in with user authentication
Create an application that requires users to sign in with an ArcGIS account.