- URL:
- https://[root]/oauth2/token
- Methods:
- GET
Example usage
https://www.arcgis.com/sharing/rest/oauth2/tokenDescription
The first step of an authorization grant is the authorization, and the access token step of that flow is described below. In addition to issuing user access tokens as part of the authorization grant, this end point can also be used to refresh access tokens and issue application tokens. The overall OAuth2 authentication flow is described in Authentication.
The type of token issued is based on the grant_ parameter as follows:
- authorization_- code 
- client_- credentials 
- exchange_- refresh_ - token 
- refresh_- token 
The required request parameters vary based on the grant_ as specified in the following table:
| Grant type | Required parameters | 
|---|---|
| 
 | 
 | 
| 
 | 
 | 
| 
 | 
 | 
| 
 | 
 | 
Request parameters
| Parameter | Details | 
|---|---|
| 
 (Required) | The ID of the registered application. This is also referred to as APPID. Example:  | 
| 
 (Required) | The type of grant requested. The type of token issued is based on the  
 Example:  | 
| 
 (Required when  | The secret of the registered application. This is also referred to as APPSECRET. Example:  | 
| 
 (Required when  | The authorization code obtained as a result of the authorization step. Example:  | 
| 
 (Required when  | The URI specified during the authorization step. The URIs must match; otherwise, authorization will be rejected. Example:  | 
| 
 (Required when  | The  Example:  | 
| 
 | The code verifier for the PKCE request that was generated before the authorization request. If the verifier matches the expected value, the server issues an access token. Otherwise, the server responds with following error:  | 
JSON Response example
{
  "access_token": "2YotnFZFEjr1zCsicMWpAA",
  "expires_in": 1800, // expiration in seconds from now
  "username": "jsmith", //signed-in username
  "ssl" :true, //Returned true for ArcGIS Online
  "refresh_token": "GysTpIui-oxWTTIs" // ONLY returned when grant_type=authorization_code or grant_type=exchange_refresh_token
  "refresh_token_expires_in": 604799 // expiration in seconds from now
}Examples
This end point is used for all examples:
https://www.arcgis.com/sharing/rest/oauth2/tokengrant_type=authorization_code
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=authorization_code&
redirect_uri=https://app.example.com/cb&
code=KIV31WkDhY6XIWXmWAc6UPKCE flow
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=authorization_code&
redirect_uri=https://app.example.com/cb&
code=KIV31WkDhY6XIWXmWAc6U
code_verifier=fasdfads7645fassd33asddfasdfgrant_type=client_credentials
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=client_credentials&
client_secret=57e2f75cd56346bf9d5654c3338a1250grant_type=exchange_refresh_token
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=exchange_refresh_token&
redirect_uri=https://app.example.com/cb&
refresh_token=GysTpIui-oxWTTIsgrant_type=refresh_token
Assume these parameters:
client_id=GGjeDjEY6kKEiDmX&
grant_type=refresh_token&
refresh_token=GysTpIui-oxWTTIs