/generateToken: Generate Token | ArcGIS REST APIs

/generateToken: Generate Token

URL:
https://[root]/generateToken
Methods:
POST

Example usage

The following is a sample ArcGIS Enterprise POST request for the generateToken operation. For more examples, see the Additional example usage section below.

Use dark colors for code blocksCopy
1
2
3
4
5
6
POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=referer&ip=&referer=https://myserver/mywebapp&expiration=60&f=pjson

Description

Organizations that choose to implement higher levels of security for their organizations can set the allSSL setting to true for their organization or portal. The effect of setting allSSL to true is that all non-HTTPS requests for resources belonging to the organization will be rejected. Setting allSSL to true guarantees that all transmissions of access tokens as well as data between clients and servers is over a secure encrypted channel and provides protection to tokens and data in transit. When generateToken is called for a user in such an organization, it returns a response property of ssl as true , and the token must always be passed back via HTTPS to the portal.

The call is only allowed over HTTPS.

Request parameters

ParameterDetails

username

The case-sensitive username of the user who wants to get a token.

Example

Use dark colors for code blocksCopy
1
username=admin

password

The password of the user who wants to get a token.

Example

Use dark colors for code blocksCopy
1
password=test1234

client

The client type that will be granted access to the token. Users will be able to specify whether the token will be generated for a client application's base URL, a user-specified IP address, or the IP address that is making the request.

Values: ip | referer | requestip

ip

The IP address that will be using the created token for access. On the Generate Token page, the IP address is specified in the IP Address field. This is required when client has been set as ip .

Example

Use dark colors for code blocksCopy
1
ip=11.11.111.111

referer

The base URL of the client application that will use the token. On the Generate Token page, the referer URL is specified in the Webapp URL field. This is required when client has been set as referer .

Example

Use dark colors for code blocksCopy
1
referer=https://myserver/mywebapp

expiration

The token expiration time in minutes. The default is 60 minutes (one hour). The maximum expiration period is 15 days. The maximum value of the expiration time is controlled by the server. Requests for tokens larger than this time will be rejected. Applications are responsible for renewing expired tokens; expired tokens will be rejected by the server on subsequent requests that use the token.

Example

Use dark colors for code blocksCopy
1
expiration=60

token

Portal token generated in exchange for user credentials for use by clients working with a federated server. This parameter is required only when generating a server-token. User name, password, client, referer, and expiration parameters are not required for generating a server-token. The referer and expiration time of the portal token will be applied to the server-token.

Use dark colors for code blocksCopy
1
token=G6943LMReKj_kqdAVrAiPbpRloAfE1fqp0eVAJ-IChQcV-kv3gW-gBAzWztBEdFY

serverURL

URL of a federated server for which a server-token needs to be generated. A server-token will be returned only if the serverUrl contains the URL of a server that is registered with the portal. A server-token will not be generated for a server that is not registered with the portal.

Example

Use dark colors for code blocksCopy
1
serverUrl=<https://myserver.esri.com/arcgis>

f

The response format. The default response format is html .

Values: html | json | pjson

Response properties

PropertyDetails

token

The generated token.

Example

Use dark colors for code blocksCopy
1
"token": "6hrFDATxrG9w14QY9wwnmVhLE0Wg6LIvwOwUaxz761m1JfRp4rs8Mzozk5xhSkw0_MQz6bpcJnrFUDwp5lPPFC157dHxbkKlDiQ9XY3ZIP8zAGCsS8ruN2uKjIaIargX"

expires

The expiration time of the token in milliseconds since January 1, 1970 (UTC).

Example

Use dark colors for code blocksCopy
1
"expires": "1582930261424"

ssl

This property will show as true if the token must always pass over ssl.

Values: true | false

Additional example usage

The examples below illustrate three ways in which users can generate tokens with this operation.

Example one: IP address

The following example demonstrates how an ArcGIS Enterprise user can generate a token with a user-specified IP address:

Use dark colors for code blocksCopy
1
2
3
4
5
6
POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=ip&ip=11.11.111.111&referer=&expiration=60&f=json

Example two: Referer

The following example demonstrates how an ArcGIS Enterprise user can generate a token with a client application's base URL:

Use dark colors for code blocksCopy
1
2
3
4
5
6
POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=referer&ip=&referer=https://myserver/mywebapp&expiration=60&f=json

Example three: Request IP

The final example demonstrates how an ArcGIS Enterprise user can generate a token with the IP address that is performing the Generate Token request:

Use dark colors for code blocksCopy
1
2
3
4
5
6
POST /webadaptor/sharing/rest/generateToken HTTP/1.1
Host: machine.domain.com
Content-Type: application/x-www-form-urlencoded
Content-Length: []

username=admin&password=test1234&client=requestip&ip=&referer=&expiration=60&f=json

JSON Response syntax

Use dark colors for code blocksCopy
1
2
3
4
5
{
  "token": "<token generated>",
  "expires": <date shown in UNIX time>,
  "ssl": false | true
}

JSON Response example

Use dark colors for code blocksCopy
1
2
3
4
5
{
  "token": "6hrFDATxrG9w14QY9wwnmVhLE0Wg6LIvwOwUaxz761m1JfRp4rs8Mzozk5xhSkw0_MQz6bpcJnrFUDwp5lPPFC157dHxbkKlDiQ9XY3ZIP8zAGCsS8ruN2uKjIaIargX",
  "expires": 1582930261424,
  "ssl": true
}

Your browser is no longer supported. Please upgrade your browser for the best experience. See our browser deprecation post for more details.