Share via

What are the API permissions of an app who is trying to get DNS record sets?

Roland Barreto 66 Reputation points
2021-12-10T13:51:49.233+00:00

I'm trying to get record sets of a DNS zone in azure. The first thing was to get a access token to make a query. Then, I use this Get method to get all the record sets GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/dnsZones/{zoneName}/recordsets?api-version=2018-05-01 But when I try to do it I get a 401 error. Authentication Failed. ![156648-image.png][1] [1]: /api/attachments/156648-image.png?platform=QnA

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
774 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. suvasara-MSFT 10,076 Reputation points Moderator
    2021-12-14T06:45:26.347+00:00

    anonymous user, I have tested this API call internally using postman where I am able to pass through with only bearer token. Could you please check your variables provided in place of subscription ID and client ID. Also, please do check whether there are any exclusive role permissions added per user in your organization.
    157338-image.png

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

  2. Eddynson Vega 152 Reputation points
    2021-12-14T20:24:53.07+00:00

    Hello @suvasara-MSFT ,

    To obtain the token, an application was registered in Azure Active Directory (AAD) and the Tenant ID, Client ID, and Secret ID parameters were obtained, with the aim of having the token to query the DNS API. Regarding this point, what permissions the application should have, since I return an authentication error.

    157529-microsoftteams-image-1.png157539-microsoftteams-image.png

    0 comments
  3. suvasara-MSFT 10,076 Reputation points Moderator
    2021-12-15T09:47:58.757+00:00

    @Anonymous , anonymous user . I quickly explored the thunder client extension that you were using in your environment. Here are my observations,

    1. You need to create a service principle with contributor role access. az ad sp create-for-rbac --role Contributor

    2.Set the ENV variables as shown below,

    157799-image.png

    Here is a reference blog explaining the configuration setup of thunder client with VS Code.

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments
  4. Nelson Cerros 1 Reputation point
    2021-12-21T20:27:03.137+00:00

    Hello @suvasara-MSFT

    We are automating a DNS zone hosted in Azure using Logic Apps, when we made the logic app we have used the same parameters and attributes that we use locally with thunderclient, but taking into account all the above we are presented with a problem related to it header, specifically the Hostname.
    159461-image.png

    159442-image.png

    159432-image.png

    159481-image.png

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.