Using tokens with secured services

06-20-2019 12:46 PM
Occasional Contributor II

I typically like to include a bit of self-deprecation in my varied GeoNet posts and this will be no different. I have no idea what I am doing.

Short version: I have several services published to ArcGIS Server. Because these are potentially publicly available to anyone with knowledge of the service URL, I decided to secure certain services. Nonetheless, I want to be able to use these in web maps I am developing with the JS API and do so in a manner in which a user doesn't need to login to view the map.

After doing some reading, I have concluded (perhaps erroneously), that using tokens is the way to go.

In order to do so, I followed the steps at this useful site.

  1. I went to (obviously, to my server...)
  2. I entered a user name, password, and selected HTTP Referer
  3. For the HTTP Referer, I entered the URL of the page from which the request is being made (the html page with the web map)
  4. I set expiration and format
  5. I generated the token

Once generated, I appended the generated token to the URL of the requested service (for example):

var  heritage = new FeatureLayer({
          url: ""

However, when I launch the page, I am still being prompted to enter the user name and password to access the service.

Again, allow me to repeat, I have no idea what I am doing. In all likelihood, I have gone about this completely wrong. Maybe there is a better way to do this; maybe I am making a really basic beginners error; maybe both of those are correct.

Regardless, I would like to solve this issue and your help is greatly appreciated.

0 Kudos
2 Replies
Occasional Contributor
0 Kudos
New Contributor II

Hey Todd,

In the url you've provided for your featurelayer, you've forgot to add the url param-key.

var  heritage = new FeatureLayer({
          url: ""