ArcGIS Server web services

An ArcGIS Server web service represents a GIS resource—such as a map or image—that is located on an ArcGIS Server site and is made available to client apps such as Map Viewer.

You can add ArcGIS Server web services to ArcGIS Online to use them in apps throughout the ArcGIS platform. How you add a service depends on how you need to use it.

  • If you want to create a reference to an ArcGIS Server web service to make it easier for others to access and discover the service, add the web service as an item. When an ArcGIS Server web service is added as a layer item, you can store layer configurations such as customized pop-ups and styling with the layer item. The layer configuration is used when you add the layer item to a map or scene.
  • You can also add ArcGIS Server web service directly to Map Viewer or Scene Viewer, and configure the service layer within a specific map or scene. The maps and scenes you save with those layer configurations can be used in apps.

Creating items that reference services

To help people discover and use your ArcGIS Server web services in their apps, add them as items to My Content. You can store settings and information on the items, configure the item style and pop-ups, and use these items in maps, apps, and scenes.

When you share the configured items, it allows other people to take advantage of the settings you made and allows them to use the items in their own maps, apps, and scenes.

The following tables show the types of items created for each type of ArcGIS Server web service you add. Note that not all ArcGIS Server web services are supported as items.

When you add the services listed in the following table, ArcGIS Online creates layer items that allow you to visualize the data. Store configuration settings with the item layers, such as styles and pop-ups, making these settings available to anyone who can access the layer.

ArcGIS Server web serviceLayer item

Feature service (map service with feature access enabled)

Feature layer

If you published the feature service from a nonspatial table, the item is a table layer.

Image service (cached and dynamic)

Imagery layer

Image service (cached, type LERC)

Elevation layer

Map service (dynamic)

Map image layer

Map service (cached)

Tile layer

Stream service*

*Requires ArcGIS GeoEvent Server

Feature layer

The services listed in the following table create items in the organization.

ArcGIS Server web serviceItem type

Geocoding service


Geometry service

Geometry Service

Geoprocessing service

Geoprocessing service layer

Network Analysis service

Network Analysis Service

The organization administrator can use this to configure a Directions and Routing utility service.

Adding services directly to maps and scenes

You can add web services to Map Viewer and Scene Viewer directly using the REST endpoint URL of the service.

When you add ArcGIS Server web services to a map or scene using the service URL, you configure settings for the web service layer within the map or scene. Those settings are stored in and are specific to that individual map or scene. You can add the following to a map or scene using the service URL:

  • Feature service (map service with feature access enabled)
  • Image service, cached or dynamic
  • Image service, cached, type LERC creates an elevation layer in Scene Viewer
  • Map service, cached or dynamic
  • Stream service (Map Viewer only)
  • OGC services


If you need to change the URL for an ArcGIS Server web service after it has been saved in a map, you can do that from the layer settings of the web map's item page.

Secure services

ArcGIS Online supports ArcGIS Server authentication, including web-tier authentication such as Integrated Windows Authentication (IWA) and a public key infrastructure (PKI), for adding and accessing secure services. When you add a secure ArcGIS Server web service to a map, you will be prompted for credentials. Credentials are not stored in the map. ArcGIS Online obtains a token for authentication; there is nothing additional you need to do. You should not attempt to append a token to the URL when you add a service to a map.

Map Viewer, ArcGIS Web AppBuilder, and ArcGIS Configurable Apps support editing feature services secured with web-tier authentication. To take advantage of this support, administrators must configure trusted servers that allow ArcGIS Online to automatically pass through credentials.

When you add a secure ArcGIS Server service as an item in ArcGIS Online, you choose whether to store the credentials necessary to access the service with the layer item. Only built-in ArcGIS Enterprise or built-in ArcGIS Server credentials can be stored with a service. If the credentials are not stored, you may be prompted for credentials when you access the service. If the credentials are stored with the layer item, you won't be prompted. To change credentials after adding the item, you can edit the item details and enter a different user name or password. Storing credentials with the item is only supported for token-based services.

You cannot alter the source URL for items that store credentials to access a secure service.


It is recommended that you make all services accessible using HTTPS only, which encrypts the information in the service when it is transmitted over the internet. If you own or have privileges to administer secure services with embedded credentials and your secure service's data source is using the HTTP protocol, you can replace http with https in the URL on the Settings tab of the service item's item page.

User names may be case sensitive depending on how your identity systems are managed.


When you store your credentials for a secure service, the layer item behaves like a proxy, in that all requests to the service go through ArcGIS Online. This proxy adds some delay when accessing the service and is slower than going directly to the service.

If you use Microsoft Internet Explorer to access secure services, you may need to add the domains of your organization’s trusted servers to your browser’s trusted sites list. Check with your organization's administrator for the trusted servers configured for your organization.

When you use secure services, you may want to limit use of these items by limiting the URL or IP addresses that can access them.

Limit usage of secured services

If you want to share secure service items with the public, for example, as part of a public web app, store the credentials with the item so the public is not required to log in to access your app. You may also want to limit usage to control how many times and by whom the service is accessed. You can specify the rate limit, and to further restrict usage, designate the specific referrer URLs or IPs that can access your service, for example, the URL of your organization.


Designating specific referrers ensures that the specified URLs or IP addresses can connect to the service, but it does not prevent someone from intercepting the proxy call to the secure service and changing it.

Once you add your secure service as an item and store credentials but before you share it, follow these steps to limit use of the item:

  1. Open the item page for the secure service or app.
  2. Click the Settings tab and scroll down to the Limit Usage section. Click Limit Usage.
  3. Check the Enable rate limiting check box and set up the limits: a maximum number of requests allowed for a specific period of time or the referrer URLs and IPs that can access your service—for example, the URL to your organization such as You can also limit the rate and the referrer.

    Your referrer URLs and IPs can be fully qualified URLs (, wildcards to include all subdomains (https://*, or the IP address ( You need to specify ports and add http and https if you want to allow access to both. For sharing services in apps hosted in your organization, you can provide either the URL to your app, or if you plan to have multiple apps that use the service, the URL to the organization's app directory (for example,

  4. Click OK.
  5. Share the item with those intended to have access to it: your organization, everyone (public), or specific groups to which you belong.