How to automate token bearer, without using Azure AD

Question

I'm working on application that will register users internally in our local database.
Then it will use APIM REST API to create users in APIM and subscribe them to our APIs in Azure.
All calls to APIM REST API require token bearer, which I can request using cli commands "az login" and "az account get-access-token".
Is there a way to automate the token bearer?
All documentation I read requires to create a Service Principal in Azure AD, but we don't use Active Directory anywhere, and would like to keep it that way.

Answer 1

@SKate Thank you for reaching out to Microsoft Q&A. Based on my understanding, you want to acquire access token to call APIM Management endpoint and would like to do without involving Azure AD.

These APIs are protected resources, and this will require identity with authorized access to these resources in azure. When you use az login CLI command, it in turn initiates authorization code flow (or device code flow) and authenticate your credentials in azure. Refer Sign in with Azure CLI for more info and as you mentioned it requires service principal in Azure AD for automated tools when using CLI.

Other than CLI, you can also use Rest API (or MSAL SDK) to acquire access token using authentication flows such as Client Credentials, Implicit, Authorization Code etc. Check out Scenarios and supported authentication flows and for your scenario, use Client Credentials flow but it involves App Registration in Azure AD. So, to answer your question, I don't think you can automate without using Azure AD. Tagging Azure AD experts also.

I was wondering if this is for developer portal, have you checked Delegate authentication? Please ignore if you are already familiar with that.

Feel free to add a comment if you have any other questions. We would be happy to assist you. Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community.