Azure provides a REST API to manage resources. If you have a specific need and don’t want to use ‘Azure-Cli‘ or their ‘Powershell module‘, you can use pure HTTP calls using their REST API. it’s platform agnostic and easy to use.
First thing first, we need a way to authenticate against Azure REST API. For this, we can use a service principle.
Create a Service Principle using Azure-Cli
Login into Azure-Cli and select your subscription. Once done run :
az ad sp create-for-rbac –name AzureRestApiServicePrinciple
You can change “AzureRestApiServicePrinciple” with any name you want. This command creates a service principle and configures it to access Azure Resources.
Once done, you will see a window like below, copy the appId ( which is our clientId) , password and tenant.
Getting a token
Now that we have all the credential, we can obtain a token for request authentication. We will make a POST request to “https://login.microsoftonline.com/{{tenantId}}/oauth2/token“, replace {{tenantId}} with your tenantId ( you can find it from output of Service principal creation), setting content type to “application/x-www-form-urlencoded“.
Set the following Key/Value for the request:
grant_type = client_credentials
client_id = your “appId”
client_secret = service principal password
resource = https://management.azure.com/
And send the request, we will get a JSON output containing access token.
{
"token_type": "Bearer",
"expires_in": "3600",
"ext_expires_in": "0",
"expires_on": "1538121382",
"not_before": "1538117482",
"resource": "https://management.azure.com/",
"access_token": "your token will be here"
}
Now we can use this token to perform operations on Azure Resources.
Here are POSTMAN scripts for Request and Environment:
Environment
{
"id": "14429f59-e631-441c-af71-d5ca877895cc",
"name": "MyAzureEnv",
"values": [
{
"key": "tenantId",
"value": "value",
"enabled": true
},
{
"key": "clientId",
"value": "value",
"enabled": true
},
{
"key": "clientSecret",
"value": "value",
"enabled": true
},
{
"key": "resource",
"value": "https://management.azure.com/",
"enabled": true
},
{
"key": "subscriptionId",
"value": "value",
"enabled": true
}
],
"_postman_variable_scope": "environment",
"_postman_exported_at": "2018-09-28T06:59:08.834Z",
"_postman_exported_using": "Postman/6.3.0"
}
Request
{
"info": {
"_postman_id": "07c11fdb-7904-4ee8-b92a-6371d437403c",
"name": "AzureREST",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "Get Token",
"event": [
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
"pm.test(pm.info.requestName, () => {",
" pm.response.to.not.be.error;",
" pm.response.to.not.have.jsonBody('error');",
"});",
"pm.globals.set(\"bearerToken\", pm.response.json().access_token);"
]
}
}
],
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/x-www-form-urlencoded"
}
],
"body": {
"mode": "urlencoded",
"urlencoded": [
{
"key": "grant_type",
"value": "client_credentials",
"type": "text"
},
{
"key": "client_id",
"value": "{{clientId}}",
"type": "text"
},
{
"key": "client_secret",
"value": "{{clientSecret}}",
"type": "text"
},
{
"key": "resource",
"value": "{{resource}}",
"type": "text"
}
]
},
"url": {
"raw": "https://login.microsoftonline.com/{{tenantId}}/oauth2/token",
"protocol": "https",
"host": [
"login",
"microsoftonline",
"com"
],
"path": [
"{{tenantId}}",
"oauth2",
"token"
]
}
},
"response": []
}
]
}
2 thoughts on “Azure REST API : Getting a bearer token”