Create token and access feature Layer

kapalczynski

I have this code snip below.

Trying to get a token
return that token
and use gis.content.get(feature_layer_id) to secure access to a service

Line 14 The variable "custom_token" prints with no issues
Line 18 prints fine as well "Token successfully generated! Expires at timestamp: 1780364453189"
Line 21 prints back NONE
and Line 23 gives error: Exception: You do not have permissions to access this resource or perform this operation.
(Error Code: 403)

The user Name and password are owner level permissions and have access to everything in our Enterprise... so im confused.

AND confused why line 21 returns NONE

The reson I am going this route is I need to increase the token expiration time... not sure how to do it any other way...

otherwise I would just do this

if portal_username == '' and portal_password == '':
    gis = GIS(profile='Survey123_prof')
else:
    gis = GIS(portal_url, portal_username, portal_password)
    
token = gis._con.token
item_object = gis.content.get(feature_layer_id)

ANY thoughts?

token_url = f"{portal_url}/sharing/rest/generateToken"
payload = {
    "username": portal_username,
    "password": portal_password,
    "client": "referer",
    "referer": portal_url,
    "expiration": expiration_minutes,
    "f": "json"
}

response = requests.post(token_url, data=payload)
token_data = response.json()
custom_token = token_data["token"]
print("custom token " + custom_token)

gis = GIS(url=portal_url, credentials={"token": custom_token})

print(f"Token successfully generated! Expires at timestamp: {token_data['expires']}")

tokenvalue = gis._con.token
print(tokenvalue)

item_object = gis.content.get(feature_layer_id)
print(item_object)

CodyPatterson

Hey @kapalczynski

That looks pretty good! The timestamp doesn't expire soon and the URLs look fine, it's just the tokens are still missing for some reason.

Try to assemble the GIS object like this here:

gis = GIS(
    url=portal_url,
    token=custom_token,
    referer=portal_url,
    use_gen_token=True,
    verify_cert=True # I'd try this with false as well
)

Personally, I've not used the credentials argument you're using, I've only done the method I've sent above, along with manually passing username and password in.

Also on line 30 you're reprinting the tokenvalue variable, instead of token.

Cody

kapalczynski

OK looks like that is working but another weird thing is going on... In my payload I am setting the expiration to 1440 minutes... BUT when I get the return the token expiration date is NOT 1 day out...

token_url = f"{portal_url}/sharing/rest/generateToken"
payload = {
    "username": portal_username,
    "password": portal_password,
    "client": "referer",
    "referer": portal_url,
    "expiration": 1440,
    "f": "json"
}

print(f"Token successfully generated! Expires at timestamp: {token_data['expires']}")

response = requests.post(token_url, data=payload)

# Example Esri epoch timestamp
esri_timestamp = token_data['expires'] 

# Convert to a readable date object
date_obj = datetime.fromtimestamp(esri_timestamp / 1000)
print(date_obj.strftime('%Y-%m-%d %H:%M:%S'))

I get

Token successfully generated! Expires at timestamp: 1780585244830
----------------------------
2026-06-04 11:00:44

CodyPatterson

Hey @kapalczynski

Using your timestamp, it's showing me that it's one day out from my current timezone, so around 10AM CT. I may be misunderstanding what you're saying though.

Cody

kapalczynski

If I run it with this:

gis = GIS(url=portal_url, token=custom_token)

Instead of this

gis = GIS(url=portal_url, credentials={"token": custom_token})

I get this error

....snip

ing\script2.py", line 70, in <module>
gis = GIS(url=portal_url, token=custom_token)

....snip

File "C:\Program Files\ArcGIS\Pro\bin\Python\envs\arcgispro-py3\lib\site-packages\arcgis\gis\_impl\_con\_connection.py", line 648, in _handle_json_error
raise Exception(errormessage)
Exception: Invalid token.
(Error Code: 498)

BrianLomas

I have run into token issues like this with portal in the past. Below is the basic method that has worked for me. .

gis = GIS("https://xyz:7443/arcgis", "xxUNxx", "xxPWxx", verify_cert=False)
token = gis.session.auth.token
auth_info = (gis.session.auth)

After this, I place the token in a dictionary {"token": token}, then store it in a csv for other scripts to access or just use it in my active python requests. Good luck. I know this issue can be frustrating.

kapalczynski

@BrianLomas doesn't the token expire on you though

I am not sure what this is and how that would play into my script.... how would that work with the simple example below
Or the more elaborate one in this post...

if portal_username == '' and portal_password == '':
    gis = GIS(profile='Survey123_prof')
else:
    gis = GIS(portal_url, portal_username, portal_password)
    
token = gis._con.token
item_object = gis.content.get(feature_layer_id)

Or the more elaborate one below...

token_url = f"{portal_url}/sharing/rest/generateToken"
payload = {
    "username": portal_username,
    "password": portal_password,
    "client": "referer",
    "referer": portal_url,
    "expiration": expiration_minutes,
    "f": "json"
}

response = requests.post(token_url, data=payload)
token_data = response.json()
custom_token = token_data["token"]

print("custom token " + custom_token)

#gis = GIS(url=portal_url, token=custom_token)
gis = GIS(url=portal_url, credentials={"token": custom_token})

print(f"Token successfully generated! Expires at timestamp: {token_data['expires']}")

print("Portal: ", portal_url)
print("Referer: ", payload.get("referer"))
print("GIS Referrer: ", getattr(gis, '_referer', 'Not set'))

tokenvalue = gis._con.token
print(tokenvalue)

token = custom_token
print(tokenvalue)

item_object = gis.content.get(feature_layer_id)
print(item_object)