When ArcGIS Server services are secured using ArcGIS token-based authentication, every request to a resource must be accompanied by a valid token. Tokens can be acquired using the tokens endpoint (using steps below) or through an HTTP POST request using the ArcGIS REST API.
- Ensure that your site has allowed tokens to be acquired through an HTTP GET request.
- Open the URL https://gisserver.domain.com:6443/arcgis/tokens in a web browser.
- Enter the following information:
- User name—The name of a user authorized to access the resource.
- Password—The user's password.
- Client—This parameter enforces restrictions on how the token may be used.
- IP Address—When this option is chosen, the issued token can only be used in requests made from the specified IP address.
- IP address of this request's origin—When this option is chosen, the issued token can only be used in requests made from the IP address used to acquire the token.
If there is a proxy server between the client application or browser and the ArcGIS Server site, tokens generated using the IP Address and IP address of this request's origin options must be bound to the IP address of the proxy server. If there are multiple load balancing proxy servers between the client application or browser and the ArcGIS Server, the HTTP Referer option should be used.
- Expiration—The duration, from the time of issue of the token, for which the token is valid.
The expiration time specified must be less than or equal to the value configured for the life-span of long-lived tokens. To see the current token properties in Manager, click Security > Settings, and click the edit button next to Token Settings.
- Format—This parameter specifies the format of the response from the server to this token request.
- HTML—This option displays the token issued by the server in string format. To use the token, copy the string and append it to requests made to secured ArcGIS Server web services.
- JSON—This option returns the token and token expiration in JSON format. This option is used when a token is requested through a web application instead of a web browser. The token expiration matches the Unix epoch time in milliseconds when the token will expire.
- Click Generate Token to get the token.