The Microsoft Azure Cost Management Query site offers an interactive panel to test out its REST APIs on the browser. It all works just fine, however I can’t figure out how the website retrieves the prepopulated Authorization bearer token to allow me to replicate the call on my computer. Or more so – what do I need to do to retrieve this token?
What I have attempted:
I have been recommended to register a new app and use its credentials to generate a new token, however that token still appears to give me an error when using it in the request above (I tried to copy the token from the above example and the request works when I use it, so I know the problem is 100% on my token generation approach). How I got my token:
Retrieving the token endpoint url:
Using it along with the other credentials in Postman to retrieve the token:
Then using the resultant bearer token to create a new request (like the example in the browser) which yields the ERROR below (this does work if I copy the token from the example…):
Adding the body and header content for reference:
More attempts:
Based on @Heidi Tran suggestion, I have created a user_impersonation
API permission, but unfortunately that did not change the result:
Based on @RithwikBojja suggestion, I have updated the token retrieval scope property to https://management.azure.com/.default
. When I generate the token and use it in the original request (1st image), I now get the following error (It is worth noting that the token presented by the browser does work in Postman so the scope is valid and the problem is still the token retrieval):
I have also made sure that I have read access as well as owner access to my subscription (which yield the same error as above):
2
Answers
The token was obtained by using Azure Active Directory OAuth2 Flow. Specifically, it’s OAuth2 implicit flow with the authorization URL: https://login.microsoftonline.com/common/oauth2/authorize and "user_impersonation" scope (Source). This flow only requires user sign in to get an access token.
You can learn more about this flow here https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow
However, if you only want the token to test it out quickly on your computer, you can copy it from the Request Review window.
Click on the Copy button on the top left corner of the Request Review window like example photo here and paste it to a notepad
It would look something like this:
where
Copy everything after
Bearer
, that’s your access token. Then you make your http request usingcurl
or JavaScriptI have reproduced in my environment and got expected results as below:
As @Skin commented you need to create Azure AD App registration and use its client Id and secret for generating access token.
Firstly you need to create one Azure AD App registration as below:
Now in Postman:
Here I got Post
url
(token endpoint url) from below:In postman I have got bearer token as below:
Now use the above access token and run to get the details you want: