Azure REST API : Getting a bearer token

Azure provides a REST API to manage resources. If you have a specific need and don’t want to use ‘Azure-Cli‘ or their ‘Powershell module‘, you can use pure HTTP calls using their REST API. it’s platform agnostic and easy to use.

First thing first, we need a way to authenticate against Azure REST API. For this, we can use a service principle.

Create a Service Principle using Azure-Cli

Login into Azure-Cli and select your subscription. Once done run :

az ad sp create-for-rbac –name AzureRestApiServicePrinciple

You can change “AzureRestApiServicePrinciple” with any name you want. This command creates a service principle and configures it to access Azure Resources.

Once done, you will see a window like below, copy the appId ( which is our clientId) , password and tenant.

Getting a token

Now that we have all the credential, we can obtain a token for request authentication. We will make a POST request to “https://login.microsoftonline.com/{{tenantId}}/oauth2/token“, replace {{tenantId}} with your tenantId ( you can find it from  output of Service principal creation), setting content type to “application/x-www-form-urlencoded“.

Set the following Key/Value for the request:

grant_type = client_credentials

client_id = your “appId”

client_secret = service principal password

resource = https://management.azure.com/

And send the request, we will get a JSON output containing access token.

{
    "token_type": "Bearer",
    "expires_in": "3600",
    "ext_expires_in": "0",
    "expires_on": "1538121382",
    "not_before": "1538117482",
    "resource": "https://management.azure.com/",
    "access_token": "your token will be here"
}

Now we can use this token to perform operations on Azure Resources.

 

Here are POSTMAN scripts for Request and Environment:

Environment

{
  "id": "14429f59-e631-441c-af71-d5ca877895cc",
  "name": "MyAzureEnv",
  "values": [
    {
      "key": "tenantId",
      "value": "value",
      "enabled": true
    },
    {
      "key": "clientId",
      "value": "value",
      "enabled": true
    },
    {
      "key": "clientSecret",
      "value": "value",
      "enabled": true
    },
    {
      "key": "resource",
      "value": "https://management.azure.com/",
      "enabled": true
    },
    {
      "key": "subscriptionId",
      "value": "value",
      "enabled": true
    }
  ],
  "_postman_variable_scope": "environment",
  "_postman_exported_at": "2018-09-28T06:59:08.834Z",
  "_postman_exported_using": "Postman/6.3.0"
}

Request

{
  "info": {
    "_postman_id": "07c11fdb-7904-4ee8-b92a-6371d437403c",
    "name": "AzureREST",
    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
  },
  "item": [
    {
      "name": "Get Token",
      "event": [
        {
          "listen": "test",
          "script": {
            "type": "text/javascript",
            "exec": [
              "pm.test(pm.info.requestName, () => {",
              "    pm.response.to.not.be.error;",
              "    pm.response.to.not.have.jsonBody('error');",
              "});",
              "pm.globals.set(\"bearerToken\", pm.response.json().access_token);"
            ]
          }
        }
      ],
      "request": {
        "method": "POST",
        "header": [
          {
            "key": "Content-Type",
            "value": "application/x-www-form-urlencoded"
          }
        ],
        "body": {
          "mode": "urlencoded",
          "urlencoded": [
            {
              "key": "grant_type",
              "value": "client_credentials",
              "type": "text"
            },
            {
              "key": "client_id",
              "value": "{{clientId}}",
              "type": "text"
            },
            {
              "key": "client_secret",
              "value": "{{clientSecret}}",
              "type": "text"
            },
            {
              "key": "resource",
              "value": "{{resource}}",
              "type": "text"
            }
          ]
        },
        "url": {
          "raw": "https://login.microsoftonline.com/{{tenantId}}/oauth2/token",
          "protocol": "https",
          "host": [
            "login",
            "microsoftonline",
            "com"
          ],
          "path": [
            "{{tenantId}}",
            "oauth2",
            "token"
          ]
        }
      },
      "response": []
    }
  ]
}

 

 

 

 

2 thoughts on “Azure REST API : Getting a bearer token

Leave a Reply

Your email address will not be published. Required fields are marked *