This documentation is for ArcGIS REST JS 3.x which is no longer maintained. For the latest 4.x documentation see ArcGIS REST JS on the ArcGIS Developer website.



Validates that the user has access to the application and if they user should be presented a "View Only" mode

This is only needed/valid for Esri applications that are "licensed" and shipped in ArcGIS Online or ArcGIS Enterprise. Most custom applications should not need or use this.

import { validateAppAccess } from '@esri/arcgis-rest-auth';

return validateAppAccess('your-token', 'theClientId')
.then((result) => {
   if (!result.value) {
     // redirect or show some other ui
   } else {
     if (result.viewOnlyUserTypeApp) {
       // use this to inform your app to show a "View Only" mode
.catch((err) => {
 // two possible errors
 // invalid clientId: {"error":{"code":400,"messageCode":"GWM_0007","message":"Invalid request","details":[]}}
 // invalid token: {"error":{"code":498,"message":"Invalid token.","details":[]}}

Note: This is only usable by Esri applications hosted on *, * or within an ArcGIS Enterprise installation. Custom applications can not use this.

  • validateAppAccess(token: string, clientId: string, portal: string) : Promise<IAppAccess>


Parameter Type Default Notes
token Required string

platform token

clientId Required string

application client id

portal Optional string ""



Property Type Notes
valid boolean

Verifies that the token is valid and the user has access to the specified app (clientId)

viewOnlyUserTypeApp boolean

Should the app present the current user with a "View Only" mode

Function defined in packages/arcgis-rest-auth/src/validate-app-access.ts:53