Azure provides a REST API to manage resources. If you have a specific need and don’t want to use ‘Azure-Cli‘ or their ‘Powershell module‘, you can use pure HTTP calls using their REST API. it’s platform agnostic and easy to use.
First thing first, we need a way to authenticate against Azure REST API. For this, we can use a service principle.
Create a Service Principle using Azure-Cli
Login into Azure-Cli and select your subscription. Once done run :
az ad sp create-for-rbac –name AzureRestApiServicePrinciple
You can change “AzureRestApiServicePrinciple” with any name you want. This command creates a service principle and configures it to access Azure Resources.
Once done, you will see a window like below, copy the appId ( which is our clientId) , password and tenant.
Getting a token
Now that we have all the credential, we can obtain a token for request authentication. We will make a POST request to “https://login.microsoftonline.com/{{tenantId}}/oauth2/token“, replace {{tenantId}} with your tenantId ( you can find it from output of Service principal creation), setting content type to “application/x-www-form-urlencoded“.
Set the following Key/Value for the request:
grant_type = client_credentials
client_id = your “appId”
client_secret = service principal password
resource = https://management.azure.com/
And send the request, we will get a JSON output containing access token.
{ "token_type": "Bearer", "expires_in": "3600", "ext_expires_in": "0", "expires_on": "1538121382", "not_before": "1538117482", "resource": "https://management.azure.com/", "access_token": "your token will be here" }
Now we can use this token to perform operations on Azure Resources.
Here are POSTMAN scripts for Request and Environment:
Environment
{ "id": "14429f59-e631-441c-af71-d5ca877895cc", "name": "MyAzureEnv", "values": [ { "key": "tenantId", "value": "value", "enabled": true }, { "key": "clientId", "value": "value", "enabled": true }, { "key": "clientSecret", "value": "value", "enabled": true }, { "key": "resource", "value": "https://management.azure.com/", "enabled": true }, { "key": "subscriptionId", "value": "value", "enabled": true } ], "_postman_variable_scope": "environment", "_postman_exported_at": "2018-09-28T06:59:08.834Z", "_postman_exported_using": "Postman/6.3.0" }
Request
{ "info": { "_postman_id": "07c11fdb-7904-4ee8-b92a-6371d437403c", "name": "AzureREST", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ { "name": "Get Token", "event": [ { "listen": "test", "script": { "type": "text/javascript", "exec": [ "pm.test(pm.info.requestName, () => {", " pm.response.to.not.be.error;", " pm.response.to.not.have.jsonBody('error');", "});", "pm.globals.set(\"bearerToken\", pm.response.json().access_token);" ] } } ], "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "client_credentials", "type": "text" }, { "key": "client_id", "value": "{{clientId}}", "type": "text" }, { "key": "client_secret", "value": "{{clientSecret}}", "type": "text" }, { "key": "resource", "value": "{{resource}}", "type": "text" } ] }, "url": { "raw": "https://login.microsoftonline.com/{{tenantId}}/oauth2/token", "protocol": "https", "host": [ "login", "microsoftonline", "com" ], "path": [ "{{tenantId}}", "oauth2", "token" ] } }, "response": [] } ] }
2 thoughts on “Azure REST API : Getting a bearer token”