Agent API access

Question

“I’m using Azure AI Foundry and my agent works in Playground, but API access with the project key is returning 401 Unauthorized. Please confirm whether external access to the Foundry project API is enabled for my subscription.”

Answer 1

Hello Lisa MM,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand you’re facing a 401 Unauthorized error when accessing your Azure AI Foundry API, despite your agent working in the Playground.

This generally indicates that while your project key and agent are valid for internal testing, external API access may not be enabled on your subscription, and it's a common scenario with Azure OpenAI’s limited access model.

You should first verify that your subscription has been approved for external API access by checking your Azure OpenAI resource settings and ensuring you have the necessary IAM roles (Owner, Contributor, or Cognitive Services Contributor) as detailed in the Azure Access Request documentation - https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/request-access and role-based access control guidelines - https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles Next, confirm that you are using the correct API endpoint and header format; for example, your endpoint should follow a structure similar to:

curl https://<your-resource-name>.openai.azure.com/openai/deployments/<deployment-name>/chat/completions?api-version=2024-02-15-preview \
  -H "Content-Type: application/json" \
  -H "api-key: <your_api_key>" \
  -d '{"messages": [{"role": "user", "content": "Hello"}], "max_tokens": 10}'

Avoid using "Authorization": "Bearer <key>" unless explicitly required by the API. Testing your setup with tools such as Postman or curl can help isolate whether the issue stems from network restrictions, misconfigured endpoints, or key inaccuracies. If all configuration steps are verified and the error persists, reaching out to Azure support may be necessary to ensure external API access is indeed enabled for your subscription. This approach not only rectifies the 401 error by addressing key setup and endpoint validation but also aligns with best practices to mitigate potential intermittent DNS or connector issues.

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

Answer 2

Hi Lisa MM

If you're encountering a 401 Unauthorized error in Azure AI Foundry, follow these steps:

• Check API Access Settings: Go to Azure Portal → AI Foundry Project → Networking and confirm external access settings.
• Verify API Key & Headers: Ensure the request includes -H "api-key: " instead of Authorization.
• Confirm Subscription & Permissions: Check that your subscription is active and has the correct RBAC roles.
• Review API Documentation: Refer to Azure AI Foundry API Access Guide for authentication details.
• Test & Debug: Try an API call in Playground, validate headers, and check endpoint correctness.

I Hope this helps. Do let me know if you have any further queries. If this answers your query, please do click Accept Answer and Yes for was this answer helpful.

Thank you!

Answer 3

Hi there Lisa MM

Thanks for using QandA platform

If your agent works in Playground but API access via project key returns a 401 Unauthorized, it’s possible that external API access for your Foundry project is not enabled by default.

We cant check it for you please check if your Azure subscription and Foundry project settings permit external API access. Also, verify that the project key is correct, the API endpoint is Correct

If this helps kindly accept the answer thanks much.