{error: {code: 498, message: "Token Invalid.", ...}

FarrukhZahid · ‎03-11-2025

HI,

I am currently using ArcGIS Enterprise 11.4 (Portal-Federated Server) with a developer account subscription. When generating a simple basic API key, I repeatedly encounter a white screen. Checking the network reveals error 498. I have attempted this in different environments, yet the issue persists. Although my environment is secured, I am facing this problem on my local machine (Secured Environment) where the portal is installed. Each time, the key appears as an invalid token.

{
"error": {
"code": 498,
"message": "Token Invalid.",
"details": [
"The required authentication information is invalid. The token is either invalid or has expired."
],

JoshuaBixby · ‎03-11-2025

If the software is consistently telling you the token is invalid, there is likely something wrong with either the credentials or how the token is being generated. Unless you provide more information about how you setup the "simple basic API key" and how exactly you are using the key to generate a token, there isn't much for anyone to comment on here.

FarrukhZahid · ‎03-11-2025

I am following this link for API key generation "https://developers.arcgis.com/documentation/security-and-authentication/api-key-authentication/tutor...

and to test my API key, I am using this simple base map "https://developers.arcgis.com/javascript/latest/tutorials/change-the-basemap-style/"

LaurenBoyd · ‎03-12-2025

Hi @FarrukhZahid -

The JavaScript Maps SDK currently only supports using API keys with ArcGIS Online and ArcGIS Location Platform users as outlined here: https://developers.arcgis.com/javascript/latest/secure-resources/#api-keys

API keys generated with an ArcGIS Enterprise user is planned to be supported at the next release (version 4.33). In the meantime, you could utilize RequestInterceptor to append the API key generated with your Enterprise account as the token parameter to all requests before the request is sent to the basemap service.

Lauren

DeanWilson

Hi @LaurenBoyd and @John-Foster ,

I've been having similar issues to @FarrukhZahid as far as using API keys. The documentation you linked was the first time I seen that note, because all of the docs I've been going through kept mentioning that you get api key auth if you're using enterprise server 11.4. Since the Maps SDK, at least per that obscure note that I wouldn't have looked for in the Arcgis Portal section of the Maps sdk, doesn't allow auth via api keys yet, does that include Experience Builder as well?

I was hoping this was the fix for my portal sharing problem where I have secure services built in the portal, and when I try to access popups publicly, it asks for a login.

Sorry if that sounds curt, I've been going rounds with these auth issues for awhile.

Thanks in advance!

John-Foster · ‎03-17-2025

@FarrukhZahidan api key generated on ArcGIS Enterprise can only authorize services on that Enterprise instance, so if you are using a key generated on ArcGIS Enterprise to authorize services on ArcGIS Online then you will expect to see error 498 Invalid Token. You will need to log in with an ArcGIS Online account and generate and API key there in order to authorize services from ArcGIS Online.

--jf

TimWestern · ‎03-18-2025

I'm curious, You mentioned a Portal Federated Server (For these dashboards are users logging in through that federation? If so I'm wondering why an APIKey vs an OAuth2 key is preferred here for your purposes.

John-Foster

@TimWesternthe use case for the API key would be when the end user does not have an ArcGIS account to authenticate or the app does not want to prompt a user to log in to authenticate access with the services so the api key access token is used. OAuth will require a user to log in to generate the access token.

--jf

TimWestern

That's a very clear explanation, @John-Foster, Thank you.

John-Foster

@DeanWilsoncurrently ArcGIS Experience Builder does not support API key authentication

--jf