/generateToken: Generate Token

URL:: https://[root]/generateToken
Methods:: POST

Example usage

The following is a sample ArcGIS Enterprise POST request for the generateToken operation. For more examples, see the Additional example usage section below.

Use dark colors for code blocksCopy
POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=referer&ip=&referer=https://myserver/mywebapp&expiration=60&f=pjson

Description

Note

In ArcGIS Enterprise, this operation has been superceded by the OAuth Token resource; generateToken is no longer the default.

The generateToken operation generates an access token in exchange for user credentials that can be used by clients. The access token represents the authenticated user for a certain amount of time to all other API functionality. Developers using the API must take care to protect the token against malicious use just as they would the original credentials, and they must be prepared to renew the token. Expired tokens will be rejected by the server. This operation also supports generation of a server-token in exchange for a portal token. This server-token is required for clients to access resources from a federated server. The parameters token and serverUrl are required to generate a server-token.

The default token length when using OAuth is two weeks. The esri_auth cookie containing that token is set as a session cookie by default, or set to two weeks if the Keep me signed in check box is checked.

Organizations that choose to implement higher levels of security for their organizations can set the allSSL setting to true for their organization or portal. The effect of setting allSSL to true is that all non-HTTPS requests for resources belonging to the organization will be rejected. Setting allSSL to true guarantees that all transmissions of access tokens as well as data between clients and servers is over a secure encrypted channel and provides protection to tokens and data in transit. When generateToken is called for a user in such an organization, it returns a response property of ssl as true , and the token must always be passed back via HTTPS to the portal.

The call is only allowed over HTTPS.

Request parameters

Parameter	Details
`username`	The case-sensitive username of the user who wants to get a token. Example Use dark colors for code blocksCopy `1 username=admin`
`password`	The password of the user who wants to get a token. Example Use dark colors for code blocksCopy `1 password=test1234`
`client`	The client type that will be granted access to the token. Users will be able to specify whether the token will be generated for a client application's base URL, a user-specified IP address, or the IP address that is making the request. Values: `ip` \| `referer` \| `requestip`
`ip`	The IP address that will be using the created token for access. On the Generate Token page, the IP address is specified in the IP Address field. This is required when `client` has been set as `ip` . Example Use dark colors for code blocksCopy `1 ip=11.11.111.111`
`referer`	The base URL of the client application that will use the token. On the Generate Token page, the referer URL is specified in the Webapp URL field. This is required when `client` has been set as `referer` . Example Use dark colors for code blocksCopy `1 referer=https://myserver/mywebapp`
`expiration`	The token expiration time in minutes. The default is 60 minutes (one hour). The maximum expiration period is 15 days. The maximum value of the expiration time is controlled by the server. Requests for tokens larger than this time will be rejected. Applications are responsible for renewing expired tokens; expired tokens will be rejected by the server on subsequent requests that use the token. Example Use dark colors for code blocksCopy `1 expiration=60`
`token`	Portal token generated in exchange for user credentials for use by clients working with a federated server. This parameter is required only when generating a server-token. User name, password, client, referer, and expiration parameters are not required for generating a server-token. The referer and expiration time of the portal token will be applied to the server-token. Use dark colors for code blocksCopy `1 token=G6943LMReKj_kqdAVrAiPbpRloAfE1fqp0eVAJ-IChQcV-kv3gW-gBAzWztBEdFY`
`serverURL`	URL of a federated server for which a server-token needs to be generated. A server-token will be returned only if the `serverUrl` contains the URL of a server that is registered with the portal. A server-token will not be generated for a server that is not registered with the portal. Example Use dark colors for code blocksCopy `1 serverUrl=<https://myserver.esri.com/arcgis>`
`f`	The response format. The default response format is `html` . Values: `html` \| `json` \| `pjson`

Response properties

Property Details

Property	Details
`token`	The generated token. Example Use dark colors for code blocksCopy `1 "token": "6hrFDATxrG9w14QY9wwnmVhLE0Wg6LIvwOwUaxz761m1JfRp4rs8Mzozk5xhSkw0_MQz6bpcJnrFUDwp5lPPFC157dHxbkKlDiQ9XY3ZIP8zAGCsS8ruN2uKjIaIargX"`
`expires`	The expiration time of the token in milliseconds since January 1, 1970 (UTC). Example Use dark colors for code blocksCopy `1 "expires": "1582930261424"`
`ssl`	This property will show as `true` if the token must always pass over ssl. Values: `true` \| `false`

token

The generated token.

Example

Use dark colors for code blocksCopy
"token": "6hrFDATxrG9w14QY9wwnmVhLE0Wg6LIvwOwUaxz761m1JfRp4rs8Mzozk5xhSkw0_MQz6bpcJnrFUDwp5lPPFC157dHxbkKlDiQ9XY3ZIP8zAGCsS8ruN2uKjIaIargX"

expires

The expiration time of the token in milliseconds since January 1, 1970 (UTC).

Example

Use dark colors for code blocksCopy
"expires": "1582930261424"

ssl

This property will show as true if the token must always pass over ssl.

Values: true | false

Additional example usage

The examples below illustrate three ways in which users can generate tokens with this operation.

Example one: IP address

The following example demonstrates how an ArcGIS Enterprise user can generate a token with a user-specified IP address:

Use dark colors for code blocksCopy
POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=ip&ip=11.11.111.111&referer=&expiration=60&f=json

Example two: Referer

The following example demonstrates how an ArcGIS Enterprise user can generate a token with a client application's base URL:

Use dark colors for code blocksCopy
POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=referer&ip=&referer=https://myserver/mywebapp&expiration=60&f=json

Example three: Request IP

The final example demonstrates how an ArcGIS Enterprise user can generate a token with the IP address that is performing the Generate Token request:

Use dark colors for code blocksCopy
POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=requestip&ip=&referer=&expiration=60&f=json

JSON Response syntax

Use dark colors for code blocksCopy
{
  "token": "<token generated>",
  "expires": <date shown in UNIX time>,
  "ssl": false | true
}

JSON Response example

Use dark colors for code blocksCopy
{
  "token": "6hrFDATxrG9w14QY9wwnmVhLE0Wg6LIvwOwUaxz761m1JfRp4rs8Mzozk5xhSkw0_MQz6bpcJnrFUDwp5lPPFC157dHxbkKlDiQ9XY3ZIP8zAGCsS8ruN2uKjIaIargX",
  "expires": 1582930261424,
  "ssl": true
}