Azure Data Factory API returning 401 error when bearer token from pipeline is used

GeoJoseph 46 Reputation points
2023-07-13T19:52:03.0866667+00:00

I am using Azure Data Factory pipeline to call a rest api in my web app. I am able to create bearer token using clientid, client secret and tenant in pipeline webactivity. But when I try to use that token in my webactivity Api call in pipeline, it's not working. That bearer token is not working even in the postman. The Api call from ADF works when I use bearer token generated while logging into my app using browser. Please help me Or guide me in this issue. Thanks in advance

Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,237 questions
{count} votes

Accepted answer
  1. KranthiPakala-MSFT 46,602 Reputation points Microsoft Employee
    2023-07-20T01:40:48.7933333+00:00

    @GeoJoseph

    I'm glad that you were able to resolve your issue and thank you for posting your findings so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to accept the answer .

    Error Message:

    • "Invoking Web Activity failed with HttpStatusCode - '401: Unauthorized', message - 'Client request has not been completed because it lacks valid authentication credentials for the requested endpoint(url)."

    Issue:

    • While trying to API data using Web Activity in ADF, experiencing above error. Even test from Postman fails with same error message.

    Solution:

    • Looks like the bearer token generated isn't valid which is why resulting in unauthorized error.
    • To generate the bearer token, we use a service principal and it details along with scope for which the bearer token is for. Hence we need ensure these two details are entered correct in the body section of the POST request from ADF Web activity.
    • As per the OP of the post, ensuring the correct scope is configured resolved the issue.

    If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.

    I hope this information helps other readers of this post.

    If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.


    Please don’t forget to Accept Answer and Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members.93-7390-4edf-a2e5-81369cee7715)

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. KranthiPakala-MSFT 46,602 Reputation points Microsoft Employee
    2023-07-17T02:01:30.4733333+00:00

    @GeoJoseph Welcome to Microsoft Q&A forum and thanks for reaching out here.

    As per your description, it sounds like the bearer token you have generated is not correct which is why the authentication/authorization is failing. what authentication is being used to generate the bearer token ? does that user account has permissions on the API you are trying to make a call? Was the body of your POST request to retrieve the token is a valid one?

    Please ensure to pass:

    1. Valid user account/Service principal details
    2. Ensure that the scope mentioned is a correct one as shown below:
    tenant=tenantid&client_id=objectid(applicationid)&client_secret=clientsecret&grant_type=client_credentials&scope=https://graph.microsoft.com/.default
    

    For more info please refer to this blog by a community member - Azure Data factory retrieve token from Azure AD using OAUTH 2.0

    It would be great if you could share the error message that you are seeing so that it would help us to understand better and assist you accordingly.

    Thank you

    1 person found this answer helpful.
    0 comments No comments

  2. GeoJoseph 46 Reputation points
    2023-07-18T18:22:28.23+00:00

    Issue Resolved. The issue was with the scope used in the webactivity bearer token. Make sure the client secret, scope and clientid are correct and not expired.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.