How to create/ delete user via API using grant type as client_credentials

Ron Weasley 0 Reputation points
2024-05-21T13:23:07.31+00:00

We are able to create token but unable to create and delete user.

{

"error": {

    "code": "AuthorizationFailed",

    "message": "The client 'f04c77f3-530e-416d-a165-42304fb90583' with object id 'f04c77f3-530e-416d-a165-42304fb90583' does not have authorization to perform action 'Microsoft.ApiManagement/service/users/write' over scope '/subscriptions/2d1e70f3-6530-480e-ab57-5c71915083af/resourceGroups/TestResorceGroupSub2/providers/Microsoft.ApiManagement/service/TestResourceSub2/users/Vivek' or the scope is invalid. If access was recently granted, please refresh your credentials."

}

}

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,185 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,006 Reputation points Microsoft Employee
    2024-05-23T09:12:15.8233333+00:00

    Hi @Ron Weasley ,

    Thanks for reaching out.

    The error is not related to the user but to the application. Kindly look for application/SPN name with client ID: 'f04c77f3-530e-416d-a165-42304fb90583'.

    Make sure to add proper RBAC role to above service principal before generating token.

    Navigate to the subscription > Choose the subscription > Add Role assignment > User Access Administrator (You can assign any role you want > assign to the application SPN

    User's image

    and then generate the token using client credential flow

    POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
    grant_type:client_credentials
    client_id:<appID>
    client_secret:<secret>
    scope: https://management.azure.com/.default
    
    
    

    Then I used this token to call Azure Management REST API.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments