Bypassing login screen when viewing private layers on map - is this allowed?

02-11-2021 01:49 PM
New Contributor

I want to be able to bypass the login screen that is shown when trying to view private layers on a map using the JS API. I've found this solution using application credentials that works using client_id and client_secret after registering an application: 


      var url = "";
      var token = "";
      esriRequest(url, {
        query: {
          client_id: "CLIENT_ID",
          client_secret: "CLIENT_SECRET",
          grant_type: "client_credentials"
        method: "post"
        .then((response) => {
          token =;
            server: "",
            token: token
        .catch((err) => {
          if ( === 'AbortError') {
            console.log('Request aborted');
          } else {
            console.error('Error encountered', err);


...but after checking here ( I'm unclear whether I'd be within the terms of use using this method. I see that under limitations I'm directed to use ArcGIS Identity to access private content, but that link details a method that requires login, which is what I'm trying to avoid (though I haven't tested the workflow that is described there). Can anyone verify whether the method above is within terms of use for the JS API? Thanks so much in advance. 

1 Reply
New Contributor III

Unfortunately, what you are describing is likely a violation of the terms of use...

If you are hardcoding a single user's credentials in an application that multiple people will use to access private content, then that will be a violation of the Terms of Use.

See section 2.5:



0 Kudos