An access token is an authorization string that provides access to secure ArcGIS resources such as ArcGIS applications, ArcGIS services, ArcGIS Location Services, and ArcGIS portal services. You can get an access token by implementing a type of authentication. You use an access token to make HTTP requests to authenticated services. The services the token can access and the operations it can perform are determined by the privileges associated with the token.
Below is an example of an API key access token:
Use dark colors for code blocks Copy
1
AAPT85fOqywZsicJupSmVSCGrjmBjlVZupd64H9kjIjy5FrwIJkpxFMIvd88p32f1vWWpuyzGx7-1nPCMc4XljyuVu-fQSxU4r1Nq17OQo5kjJBVcAw1bKKYM9GYeB98hlK9cwRNzi8H7z3SNb8hCLYvrNwKhXPJo971vH22psnikowztg6ckFD-1zi3TasXKe0e3sSNrmBRunl0SLM7hPgNzuPQkvVES1fDgDL-Thsc2XU.AT2_WilXzfTaThere are three types of access tokens that you can create: API keys, user tokens, and app tokens. The type of access token created depends on the type of authentication you use to create it. The main difference between the tokens is how you create them, the duration they are valid for, the account they are associated with, and who is billed for service usage.
NoteAccess tokens are always tied to an ArcGIS account. Services and resources accessed by a token are billed to the ArcGIS subscription of the associated account.
Type of token Description Created from Duration Account Billing API key (API token) A static, long-lived API key created with API key credentials. API key authentication Valid for up to one year. Developer's ArcGIS account Developer's ArcGIS subscription User token A unique, short-lived token generated for each user that signs into a custom application with user authentication. User authentication Valid for 30 minutes by default, or up to 2 weeks. User's ArcGIS account ArcGIS subscription of the user's organization App token An access token generated using OAuth credentials with aclient_credentials token request. App authentication Valid for 2 weeks. Developer's ArcGIS account Developer's ArcGIS subscription Best practices
client_secret.To learn more best practices for access tokens, go to Best practices.
How to use an access tokenYou can use an access token to make HTTP requests to ArcGIS services. To do so, you need to set the token parameter of the request to include the access token. If the token is authenticated successfully, the request is granted access to the service operation or resource.
Steps to use an access token:
Get an access token by implementing authentication.
Find the ArcGIS service URL you want to access.
Set the token parameter.
Access the ArcGIS service endpoint or operation.
Use dark colors for code blocks Copy
1
https://<ARCGIS_SERVICE_URL>?token=<YOUR_ACCESS_TOKEN>To see examples of how to access different ArcGIS services, go to Code examples.
Access token privilegesAccess tokens have privileges associated with them that determine the ArcGIS services, service operations, and content items they can access. Privileges are assigned to access tokens as part of the authentication process.
The privileges of an access token are based on the privileges of the account used to create it. With API key and app authentication, specific privileges from your account can be assigned to access tokens. With user authentication, access tokens inherit all of the privileges of the signed-in user's account.
Type of token Creation method How privileges are assigned API key Created by the developer Developer assigns specific privileges to API keys using API key credentials in your portal. User token Created when a user signs in User tokens inherit all privileges of the signed-in user's ArcGIS account. App token Created programmatically Developer assigns specific privileges to app tokens using OAuth credentials in your portal. TopicTo learn more, go to Privileges.
View access token propertiesYou can view the properties and capabilities of an access token by making a /self request to the portal service. This allows you to get information such as the:
The steps to get an access token's properties are:
/self request.token and appInfoToken parameters to your access token.The information returned depends on the type of access token you provide and the privileges assigned to it. Access tokens with personal privileges will return additional properties. See Properties of token with personal privileges below.
URL requestUse dark colors for code blocks Copy
1
https://<PORTAL_URL>/self?token=<YOUR_ACCESS_TOKEN>&appInfoToken=<YOUR_ACCESS_TOKEN>&f=pjsonf The format of the data returned. Must be set to view output. f=json f=pjson token A valid access token (API key or OAuth 2.0). token=<ACCESS_TOKEN> appInfoToken The access token you want to view information about. Can be valid or expired. appInfoToken=<ACCESS_TOKEN> Properties of token with standard privileges
This example shows a sample response from a /self request when your access token has standard privileges.
Use dark colors for code blocks Copy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
"appInfo": {
"appId": "<CREDENTIAL_CLIENT_ID>",
"itemId": "<CREDENTIAL_ITEM_ID>",
"appOwner": "<USERNAME_OF_OWNER>",
"orgId": "<ORGANIZATION_ID>",
"appTitle": "<CREDENTIAL_TITLE>",
"privileges": [
"premium:user:basemaps",
"premium:user:elevation",
This example shows a sample response from a /self request when your access token has personal privileges. Some of the additional properties returned include:
Use dark colors for code blocks Copy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
{
"username": "<USERNAME>",
"udn": null,
"id": "<USER_ID>",
"fullName": "<USER_FULL_NAME>",
"categories": [],
"emailStatus": "notverified",
"firstName": "<USER_LASTNAME>",
"lastName": "<USER_FIRSTNAME>",
"preferredView": null,
Access tokens with a personal scope should not be used in public applications as it creates a security vulnerability.
Code examplesThe following code examples show how to use access tokens to make requests to ArcGIS services.
Access the basemap styles serviceThis example accesses the ArcGIS Outdoor basemap style from the basemap styles service.
cURL cURL HTTP
Use dark colors for code blocks Copy
1
2
curl https://basemapstyles-api.arcgis.com/arcgis/rest/services/styles/v2/styles/arcgis/outdoor? \
-d "token=<YOUR_ACCESS_TOKEN>"Use dark colors for code blocks Copy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
{
"glyphs":"https://basemaps-api.arcgis.com/arcgis/rest/services/World_Basemap_v2/VectorTileServer/resources/fonts/{fontstack}/{range}.pbf?token=YOUR_API_KEY",
"layers":[
{
"filter":["in","_symbol",0],
"id":"Land",
"layout":{},
"minzoom":0,
"paint": {
"fill-color": {
This example performs a forward geocode by making a request to the geocoding service.
cURL cURL HTTP
Use dark colors for code blocks Copy
1
2
3
4
curl https://geocode-api.arcgis.com/arcgis/rest/services/World/GeocodeServer/findAddressCandidates \
-d "f=pjson" \
-d "address=1600 Pennsylvania Ave NW, DC" \
-d "token=<YOUR_ACCESS_TOKEN>"Use dark colors for code blocks Copy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
{
"spatialReference": {
"wkid": 4326,
"latestWkid": 4326
},
"candidates": [
{
"address": "1600 Pennsylvania Ave NW, Washington, District of Columbia, 20500",
"location": {
"x": -77.036548499999995,
This example retrieves features from a feature service.
cURL cURL HTTP
Use dark colors for code blocks Copy
1
2
3
4
5
curl https://services3.arcgis.com/GVgbJbqm8hXASVYi/arcgis/rest/services/LA_County_Parcels/FeatureServer/0/query? \
-d "where=1=1" \
-d "outFields=*" \
-d "f=json" \
-d "token=<YOUR_ACCESS_TOKEN>"Use dark colors for code blocks Copy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
{
"objectIdFieldName":"OBJECTID",
"uniqueIdField":{"name":"OBJECTID","isSystemMaintained":true},
"globalIdFieldName":"",
"geometryProperties":{"shapeAreaFieldName":"Shape__Area","shapeLengthFieldName":"Shape__Length","units":"esriMeters"},
"geometryType":"esriGeometryPolygon",
"spatialReference":{"wkid":102100,"latestWkid":3857},
"fields":[
{
"name":"OBJECTID",
This example accesses a private item hosted in ArcGIS.com and retrieves its properties.
cURL cURL HTTP
Use dark colors for code blocks Copy
1
2
3
curl https://www.arcgis.com/sharing/rest/content/items/<ITEM_ID> \
-d 'f=pjson' \
-d 'token=<YOUR_ACCESS_TOKEN>'Use dark colors for code blocks Copy
1
2
3
4
5
6
7
8
9
10
11
{
"id": "ITEM_ID",
"owner": "OWNER",
"orgId": "ORG_ID",
"created": "DATE_CREATED",
"modified": "DATE_MODIFIED",
"guid": null,
"name": null,
"title": "ITEM_TITLE",
"type": "ITEM_TYPE"
To learn how to make requests to additional ArcGIS services, go to the Mapping and location services developer guide.
Tutorials Create an API keyCreate and configure API key credentials to get a long-lived API key access token.
Create and configure OAuth credentials to set up user authentication.
Create and configure OAuth credentials to set up app authentication.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4