Create a bearer token with managed identity using REST API for accessing Azure Media Services assets

nateClicks 66 Reputation points

I am currently attempting to use the Azure Media Services rest api to access the assets. When attempting to make this request. I get an error letting me know that I need an authorization token in the header of my request.

How can I get/create that token using Managed Identity I have associated with that media service resource with the REST API?

The examples I have found focus on using a Service Principal and Azure Active Directory (which I am not using in this project)

Azure Media Services
Azure Media Services
A group of Azure services that includes encoding, format conversion, on-demand streaming, content protection, and live streaming services.
298 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,628 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Jon Payne 1 Reputation point

    The Media Services ARM API can be accessed using a Managed Identity. For this to work, the Managed Identity must be granted access to the Media Services account.

    First you would need to get a token. The process to get tokens depends on the Managed Identity provider, here are some examples:

    When requesting tokens to call the Media Services ARM API, the resource should be set to

    Once you have a token, you can call the ARM API by specifying the token in the Authorization header, for example:  
    Authorization: Bearer <token-goes-here>  
    0 comments No comments

  2. nateClicks 66 Reputation points

    The user-assigned managed identity I have was created as part of the process of setting up the media services account. In that case, what is the "Managed Identity provider" that you mention above? I don't have a VM or App Service for this (that I am aware of, at least)

    Through the portal UI, I have attempted to make sure that the managed identity has access to the media services account. However, that specific scope does not appear to be available(see image). For now, I have given it access to the subscription as a Contributor in hopes that will provide it access to the media services account. Will that work?