https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/how-to-verify-a-valid-apikey-at-runtime/m-p/1167120#M4122 <P>I am finally moving our apps to use the <A href="https://developers.arcgis.com/documentation/mapping-apis-and-services/maps/services/basemap-layer-service/" target="_self">new vector basemap services</A> and have set up an <A href="https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/create-and-manage-an-api-key/" target="_self">ESRI API key</A> to access the data.&nbsp;</P><P>I would like to write a check at runtime that ensures that the token supplied for my app will indeed work. The logic I'm thinking is something like:</P><P>At Build: load api key token (from environment variables)</P><P>At Runtime: do a basic check that token works (isn't expired, lacking credits, works with referrer, supports the services I want to use it against (e.g. search, basemaps) etc)</P><P>- Make an `esriRequest` to some url endpoint that returns a brief description validating token or no and what services it works against.</P><P>- If token is invalid handle accordingly, fall back to other basemaps, disable search etc.</P><P>However I don't see anything anywhere in the ESRI API documentation discussing any such process. Of course I could test trying to fetch a particular basemap tile and see if an error message comes back but I'd rather just have a lightweight explicit "verify token" endpoint not just for a basemap but for the token itself.&nbsp;</P><P>What I tried so far:</P><P>This'll work and fail with a bad token, but would like something a bit more descriptive:</P><LI-CODE lang="javascript">require([ "esri/config", "esri/request", "esri/Map", "esri/views/MapView", "esri/widgets/Search", ], function (esriConfig, esriRequest, Map, MapView, Search) { esriConfig.apiKey = "some-invalid-key-here"; esriRequest( "https://basemaps-api.arcgis.com/arcgis/rest/services/styles/ArcGIS:Streets", { responseType: "json", } ) .then(function (response) { let data = response.data; console.log(data); }) .catch((err) =&gt; { console.log("whoops"); });</LI-CODE><P>&nbsp;</P><P>Wondering if anyone has any advice before I go bother ESRI Canada support and/or make an idea suggestion about this. I also welcome feedback as to why my above approach idea might not be a good idea or is ill-advised.</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 22 Apr 2022 17:39:31 GMT RyanSutcliffe 2022-04-22T17:39:31Z https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/how-to-verify-a-valid-apikey-at-runtime/m-p/1167120#M4122 <P>I am finally moving our apps to use the <A href="https://developers.arcgis.com/documentation/mapping-apis-and-services/maps/services/basemap-layer-service/" target="_self">new vector basemap services</A> and have set up an <A href="https://developers.arcgis.com/documentation/mapping-apis-and-services/security/tutorials/create-and-manage-an-api-key/" target="_self">ESRI API key</A> to access the data.&nbsp;</P><P>I would like to write a check at runtime that ensures that the token supplied for my app will indeed work. The logic I'm thinking is something like:</P><P>At Build: load api key token (from environment variables)</P><P>At Runtime: do a basic check that token works (isn't expired, lacking credits, works with referrer, supports the services I want to use it against (e.g. search, basemaps) etc)</P><P>- Make an `esriRequest` to some url endpoint that returns a brief description validating token or no and what services it works against.</P><P>- If token is invalid handle accordingly, fall back to other basemaps, disable search etc.</P><P>However I don't see anything anywhere in the ESRI API documentation discussing any such process. Of course I could test trying to fetch a particular basemap tile and see if an error message comes back but I'd rather just have a lightweight explicit "verify token" endpoint not just for a basemap but for the token itself.&nbsp;</P><P>What I tried so far:</P><P>This'll work and fail with a bad token, but would like something a bit more descriptive:</P><LI-CODE lang="javascript">require([ "esri/config", "esri/request", "esri/Map", "esri/views/MapView", "esri/widgets/Search", ], function (esriConfig, esriRequest, Map, MapView, Search) { esriConfig.apiKey = "some-invalid-key-here"; esriRequest( "https://basemaps-api.arcgis.com/arcgis/rest/services/styles/ArcGIS:Streets", { responseType: "json", } ) .then(function (response) { let data = response.data; console.log(data); }) .catch((err) =&gt; { console.log("whoops"); });</LI-CODE><P>&nbsp;</P><P>Wondering if anyone has any advice before I go bother ESRI Canada support and/or make an idea suggestion about this. I also welcome feedback as to why my above approach idea might not be a good idea or is ill-advised.</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 22 Apr 2022 17:39:31 GMT https://community.esri.com/t5/arcgis-rest-apis-and-services-questions/how-to-verify-a-valid-apikey-at-runtime/m-p/1167120#M4122 RyanSutcliffe 2022-04-22T17:39:31Z