Could not Create APIs using Azure Management APIs

Anonymous
2023-09-15T05:44:43.1433333+00:00

Hello Team ,

Am trying to create APIs using Azure Management APIs but am not able to create them . Have given necessary permissions to the app as well as the users but still receiving the same error. Kindly advise on the error below ,

{
    "error": {
        "code": "AuthorizationFailed",
        "message": "The client 'xxxxxxxxxxxxxxxxxxxxxxxxxxx' with object id 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.ApiManagement/service/apis/write' over scope '/subscriptions/xxxxxxxxxxxxxx/resourceGroups/coetg/providers/Microsoft.ApiManagement/service/xxxxxxxxxxxxxxxxxxxxxx/apis/SampleAPI' or the scope is invalid. If access was recently granted, please refresh your credentials."
    }
}
Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,067 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,156 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JananiRamesh-MSFT 26,311 Reputation points
    2023-09-15T06:14:22.57+00:00

    Hi praveen Thanks for reaching out. From the error message, it seems that the client with the object ID you specified does not have the necessary permissions to perform the 'Microsoft.ApiManagement/service/apis/write' action over the specified scope.

    You mentioned that you have given the necessary permissions to the app and users, but it seems that the permissions are not sufficient. Please ensure that the client has the 'Microsoft.ApiManagement/service/apis/write' permission over the specified scope.

    You can check the permissions of the client by going to the Azure portal, selecting the API Management service instance, and then selecting 'Access control (IAM)' from the left-hand menu. From there, you can check the permissions of the client by searching for its object ID.

    https://learn.microsoft.com/en-us/azure/role-based-access-control/check-access

    If the client does not have the necessary permissions, you can add the 'Microsoft.ApiManagement/service/apis/write' permission to the client by assigning the 'Contributor' role to it at the API Management service instance level.

    Reference: https://techcommunity.microsoft.com/t5/azure-paas-blog/usage-of-custom-rbac-roles-in-azure-api-management/ba-p/1560571

    I hope this helps! Let me know if you have any further questions.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.