FRAMES | NO FRAMES Description | Request | Response | Examples
Generate Token (Operation)
URL https://<host>:<port>/<site>/tokens/generateToken

Description

This operation generates an access token in exchange for user credentials that can be used by clients to access secured ArcGISServer services. You should always make this request over HTTPS and use HTTP POST.

This operation is supported if Server Info resource includes tokenServicesUrl.

The access token represents the authenticated user for a certain amount of time to all other API functionality. Developers using the API must take care to protect the token against malicious use just as they would the original credentials, and must be prepared to renew the token. Expired tokens will be rejected by the server.

Request Parameters

Parameter Details
f Description: The response format. The default response format is HTML.
username Description: username of user who wishes to get a token.
password Description: password of user who wishes to get a token.
client Description: The client identification type for which the token is to be generated.
  • If the value is specified as referer, the referer parameter must be specified.
  • If the value is specified as ip, the ip parameter must be specified.
  • If the value is specified as requestip, the IP address from where the request originated is used.

referer Description: The base url of the webapp that will invoke the request to access secured resource. This parameter must be specified if the value of the client parameter is referer

Example: referer=http://myserver/mywebapp
ip Description: The IP address of the machine that will invoke the request to access secured resource. This parameter must be specified if the value of the client parameter is ip

Example: ip=###.###.###.###
expiration Description: The token expiration time in minutes. The default is 60 minutes.
Example: expiration=60 (1 hour)

The maximum value of the expiration time is controlled by the server. Requests for tokens larger than this time will return a token for the maximum allowed expiration time. Applications are responsible for renewing expired tokens, expired tokens will be rejected by the server on subsequent requests that use the token.

Response Properties

Property Details
token The generated token.
expires The expiration time of the token in milliseconds since Jan 1st, 1970.

Example Usage

Example 1: http://sampleserver6.arcgisonline.com/arcgis/tokens/generateToken

username=user1
password=user1
referer=http://www.arcgis.com

JSON Response Syntax

{
  "token": "<token generated>",
  "expires": <date shown in EPOCH time>
}

JSON Response Example

{
    "token": "E60M4Gsc-h4Q8plqQ26PgOmVUKIwR6kOAHiAFl7cGzI.",
    "expires": 1345142184717
}