ArcGIS for Server v10.3 Secured Services

Customers who are upgrading to ArcGIS for Server v10.3 should be aware of a change that affects services secured with short-lived tokens and which may prevent certain applications from working. At 10.3 token requests using the GET method are not possible for security reasons, only the POST method is now supported. See http://resources.arcgis.com/en/help/arcgis-rest-api/index.html#/Generate_Token/02r3000000ts000000/

This change affects both LocatorHub and LocalView Fusion with ArcGIS for Server 10.3 secured services and may affect other applications as well.

The impact on LocatorHub is that locators which are built upon secured 10.3 map services, feature services or locator services will not work, regardless of whether the connection to the map or feature service is over HTTP or HTTPS. These locators will work as expected if the services are unsecured. We are working on a hot fix for this issue which will be available in May 2015.

The impact in LocalView Fusion is that you are unable to access 10.3 secured services from within LocalView. We are currently working on a bug fix release which will be available by the end of May 2015.

Customers who have other applications which consume secured ArcGIS for Server services should look into modifying them to use POST instead of GET to request tokens.

Note, as this change only affects services secured using short-lived tokens a potential workaround to the problem is to switch to using long-lived tokens (fixed or embedded).