How to fix Error when requesting export database from REST API - "error": { "code": "InvalidAuthenticationTokenAudience" "message": "The access token has been obtained for wrong audience or resource" using postman

Brian Cress 0 Reputation points
2023-01-13T20:24:10.0566667+00:00

im getting an 401 error: "error": { "code": "InvalidAuthenticationTokenAudience" "message": "The access token has been obtained for wrong audience or resource"

while attempting the request via postman. I'm using oauth2 which doesn't use Audiences as suggested by the error message but uses scope.

POST https://management.azure.com/subscriptions/{{subscriptions}}/resourceGroups/Dominion-Production/providers/Microsoft.Sql/servers/{{servername}}/databases/{{databasename}}/export?api-version=2021-10-15-preview%0A

(parameters shown here to obscure names)

How to overcome this error?

Azure SQL Database
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,465 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alberto Morillo 32,886 Reputation points MVP
    2023-01-14T00:11:11.4233333+00:00

    Please try the following and replace the {subscriptionId}, {resourceGroupName} and {databaseName} by valid values.

    POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/export?api-version=2021-08-01-preview
    0 comments
  2. Alberto Morillo 32,886 Reputation points MVP
    2023-01-14T00:13:01.5666667+00:00

    Please try the following and replace the {subscriptionId}, {resourceGroupName} and {databaseName} by valid values.

    POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/export?api-version=2021-08-01-preview
    0 comments
  3. Brian Cress 0 Reputation points
    2023-01-16T01:31:09.1333333+00:00 
    I have valid values  that are substituted for the variables.  The full error is here:
{
    "error": {
        "code": "InvalidAuthenticationTokenAudience",
        "message": "The access token has been obtained for wrong audience or resource 'api://b0f9999-99c1-99fd-a999-9fdaab7aa23d'. It should exactly match with one of the allowed audiences 'https://management.core.windows.net/','https://management.core.windows.net','https://management.azure.com/','https://management.azure.com'."
    }
}
I followed these instructions for registering the app on AD:
https://dev.to/425show/calling-an-azure-ad-secured-api-with-postman-22co
    0 comments
  4. ShaktiSingh-MSFT 13,271 Reputation points Microsoft Employee
    2023-01-23T08:56:16.5066667+00:00

    Hi @Brian Cress ,

    Welcome to Microsoft Q&A forum.

    Could you please try below if this helps.

    1. Navigate to Azure Active Directory > App Registrations > click on your app > API Permissions > +Add a permission > click on Azure Service Management > Delegated permissions > select checkbox for user_impersonation permission > Grant Admin consent.
    2. 116932-image.png

    In your code, instead of using "api://{clientId}/access_as_user", use https://management.azure.com/user_impersonation scope.

    Additionally, take a look at [https://stackoverflow.com/questions/34384409/azure-the-access-token-has-been-obtained-from-wrong-audience-or-resource if this helps.

    If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.

    0 comments