azure devops api The user is not authorized to access this resource

ChrisJ
May 23, 2023
253 views
0 votes
2 Answers

I am trying to get a simple api sample project to work. Nothing works, as I just keep getting the same error: TF400813: The user ‘b370c683-bb42-626c-9a85-ec3a81c32fbf’ is not authorized to access this resource.",

I was able to get a Token from micrsoftonline.com but I’m guessing it could be a setup issue in the azure portal or Azure Devops. All the documentation is 100% useless, as every single piece of documentation from https://learn.microsoft.com/en-us/rest/api/azure/devops/?view=azure-devops-rest-7.1 has samples that are 4 years old! none of them work, and there are several walkthroughs that conflict one another. I’ve been trying to get the service principal linked to azure app registration. I thought I had that working, but every time I run the sample code, or try postman, it’s just the same error every time.

I’m using the following in Postman:

Get request as follows:

https://dev.azure.com/{Organization}/_apis/projects?api-version=7.0

Although, I almost never use Rest API’s ever, so that may be incorrect, but keep getting the same error:

Sample code is from here: https://github.com/microsoft/azure-devops-dotnet-samples

4 years ago, LOL, probably way out of date OH, By the way, I’m using azure 30 day trial, and just signed up for azure devops as well. But there’s no mention of any limitation. It cant be this difficult to use azure as an app registration point to automate tasks in azure devops can it?

Any idea what could be wrong?

Thank you.

Answers

- manish
- May 23, 2023 at 10:02 am
- 0 votes
0
Looks like you are using bearer token, but as per the documentation you should use PAT.
How to generate a PAT here

you can explore more from here about authentication here

Edit 1:
As mention on comment above, you can also try to change the auth type from basic to bearer.

Edit 2:
We can use rest api using oauth as mention on this
document.
follow this to create an application.

Login or Signup to reply.

- Sridevi
- May 23, 2023 at 12:27 pm
- 0 votes
0
Alternatively, you can make use of below procedure to get bearer token from Azure AD, in order to call DevOps API.

I registered one Azure AD application and granted DevOps API permission as below:

Now, I added redirect URI in application by selecting Web platform like below:

As the permission type is Delegated, you need to use Delegated
flows like authorization code flow, interactive flow, username
password etc… for generating access tokens.

To get authorization code, you can run below authorization request in browser before acquiring token:
```
https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/authorize
?client_id=<appID>
&response_type=code
&redirect_uri=http://localhost
&response_mode=query
&scope=499b84ac-1321-427f-aa17-267ca6975798/.default
&state=12345
```
When I ran above request in browser, I got code value successfully in address bar like this:

I generated access token using authorization code flow successfully via Postman by including above code in below request:
```
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:authorization_code
client_id: <appID>
client_secret: <secret>
scope: 499b84ac-1321-427f-aa17-267ca6975798/.default
code: <paste_code_from_above_request>
redirect_uri: http://localhost
```
Response:

When I used this token to call DevOps API, I got list of projects in my organization successfully like below:
```
GET https://dev.azure.com/<Organization>/_apis/projects?api-version=7.0
```
Response:
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.