Community

Using Python to generate access token for an account that uses organization login

15298
13
01-13-2022 01:22 PM
FelipeDias
by
Emerging Contributor
‎01-13-2022 01:22 PM

Hi there!

I've been trying to generate a REST API access token for an item on ArcGIS online through a basic Python script and I'm having a hard time.

Here are the URLs of the item that I want to access:

Note: You won't be able to access the item above because it's not shared publicly (which is why I want to generate an access token in the first place). 

I followed the instructions found here (Generate Token in REST) and arrived at the following Python code (substituting the placeholders with my actual username and password):

 

 

import requests
tokenURL = 'https://services9.arcgis.com/sharing/rest/generateToken'
params = {'f': 'pjson', 
          'username': 'placeholder_username', 
          'password': 'placeholder_password', 
          'referer': 'http://www.arcgis.com'}
response = requests.post(tokenURL, data = params, verify = False)
token = response.json()['token']

 

 

 

 

The problem is that the code above doesn't work. When I investigate the response object, I notice two things: 

  • It doesn't have a "token" key.
  • It tells me that the URL I used is invalid.

 

 

 

print(response.json()) 
# {'error': {'code': 400, 'message': 'Invalid URL', 'details': ['Invalid URL']}}

 

 

 

So I tried using tokenURL='https://www.arcgis.com/sharing/rest/generateToken', but that didn't work either: 

 

 

 

print(response.json()) 
# {'error': {'code': 400, 'message': 'Unable to generate token.', 'details': ['Invalid username or password.']}}

 

 

 

 I believe this might be because I typically log into ArcGIS online through my organization's URL: mycompany.maps.arcgis.com (as seen below):

 

FelipeDias_0-1677171213329.png

 

So I finally tried to use tokenURL='https://mycompany.maps.arcgis.com/sharing/rest/generateToken', but that didn't work either:

 

 

 

print(response.json()) 
# {'error': {'code': 400, # 'message': 'Unable to generate token.', # 'details': ['Invalid username or password.']}}

 

 

 

Does anyone know what I need to do to successfully generate an access token for the item above? 

0 Kudos
13 Replies
DCWORK_GIS
by
Regular Contributor
‎12-05-2023 10:56 AM

Hi Mark, would you mind sharing your method of accessing the token with a built-in user, not using user/pass. I had been accessing it using: 

gis=GIS('home')
token=gis._con.token

but that code isn't working anymore, and I'm at a loss to find why, or a workaround.

 

0 Kudos
MarkGambordella
by
Regular Contributor
‎12-05-2023 11:27 AM

I was able to find a work around for now.  you cannot use your SAML account but instead have to create a built-in account.  Use the built-in account for your user:password in the geoprocessing tool found in the link below.  the tool creates a URL for only the first attachment (which is the only one I needed), the URL with a token is added to the attribute table.  because the token expires, you can then run a script to update the token once a week.  the links below were helpful in setting it up.  

Show Attachments in Web Map Popup - Esri Community

Attachments to Popup - YouTube

Schedule a Python Script using Windows Task Scheduler - YouTube

0 Kudos
DurmusCesar
by
Emerging Contributor
‎02-13-2026 05:04 AM

Exactly or use interactive login with clientID (this works in case of SAML accounts)

0 Kudos
DurmusCesar
by
Emerging Contributor
‎02-13-2026 05:03 AM

Unless you use the built-in accounts only way to do this is to interactive login

https://community.esri.com/t5/arcgis-enterprise-questions/unable-to-generate-tokens-using-saml-enter...

see excerpt below

User authentication with OAuth 2.0

The ArcGIS Python API supports OAuth 2.0 as an authentication method, and acts as a serverless native application when using OAuth 2.0 authorization with ArcGIS.

To use this mode of authorization, you need a client id. If you already have a client id, you can skip the following section.

Obtaining a client id

The steps below show how a client id can be obtained by registering a new application with your GIS. Only one client id is required, so if your GIS has one already, you may use it instead of creating a new application.

  • Log in to your ArcGIS Online or ArcGIS Enterprise organization.
  • Go to the Content tab.
  • Click 'New item', then select 'Application'.
  • On the 'New item' dialog, select 'Other application' and click 'Next'.
  • Type in a title for the application item. Optionally, specify the folder, tags, and summary.
  • Click 'Save' to add the item.
  • On the item details page of this newly created application, browse to the Credentials section and find the Client ID. The string listed is the value that you will pass in as the client_id parameter when creating the GIS object.

You can then log on to your org using the Python API using the code shown below:

Interactive Login Experience

This uses interactive sign-in experience: you would be redirected to your organization's sign-in page using the configured identity provider. Upon signing in, you would get a code that you can paste back to complete the sign-in process:

gis = GIS("https://pythonapi.playground.esri.com/portal", client_id='f8cRxbP3NO8bf9ag')
print("Successfully logged in as: " + gis.properties.user.username)
Please sign in to your GIS and paste the code that is obtained below.
If a web browser does not automatically open, please navigate to the URL below yourself instead.
Opening web browser to navigate to: https://pythonapi.playground.esri.com/portal/sharing/rest/oauth2/authorize?client_id=f8cRxbP3NO8bf9ag&response_type=code&expiration=-1&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob
Enter code obtained on signing in using SAML: ········
Successfully logged in as: arcgis_python
Non-Interactive Login Experience

The recommended suggestion for non-interactive login scripts is to use the built-in identity provider instead of SAML.

0 Kudos