How Can we Authenticate REST API Endpoint via API Authentication (API Access Token) in Azure Data Factory using Azure REST Linked Service in an integration with Azure Key Vault ??

Abhishek_Agrawal 21 Reputation points
2020-07-27T08:38:08.87+00:00

I am Trying to fetch Data From Third Party REST API which uses API Authorisation token (Authorisation Bearer Token) for authentication.I have saved the API credentials in Azure Key Vault. I am trying to copy data from REST Endpoint to my Storage via copy activity.However I want to authenticate my API directly with ADF REST Linked Service in integration with Azure Key Vault without explicitly fetching API credentials from KeyVault via Web Activity.

I followed some docs on REST Connector in ADF https://learn.microsoft.com/en-us/azure/data-factory/connector-rest . But As i find, It does not support authentication other than Anonymous, Basic, AadServicePrincipal and ManagedServiceIdentity.

Is there any way I could do API Authentication in REST Linked Service by implicitly fetching API credentials from Azure Key Vault and making connection to REST Endpoint without explicitly creating web activity to fetch API credentials from Key Vault ??

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,135 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
9,643 questions
0 comments
Accepted answer
  1. MartinJaffer-MSFT 26,036 Reputation points
    2020-07-29T14:24:52.513+00:00

    Hello @Abhishek_Agrawal and thank you for your question.

    I do not believe your ask is possible at this time.

    Bearer tokens expire, so putting the bearer token in the Linked Service does not work.

    You are correct in noting that Bearer token is not one of the options in the linked service. The way to authenticate with bearer token, is first select Anonymous as the authentication option. Then, in the copy activity, add additional header "Authentication", and use the Bearer token in the value.

    You get new Bearer tokens by first using a Web activity to the authentication endpoint with your credentials.

    In your wording, it sounded like you mainly wanted to avoid making web calls to the Key Vault. Is this the main issue, or have I misunderstood your ask?

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pradeep Kj 1 Reputation point
    2022-06-07T05:48:47.76+00:00

    Hi Martin,

    Can you please steps by step process for Bearer tokens by first using a Web activity to the authentication endpoint with your credentials.