Create a bearer token with managed identity using REST API for accessing Azure Media Services assets

Question

I am currently attempting to use the Azure Media Services rest api to access the assets. When attempting to make this request. I get an error letting me know that I need an authorization token in the header of my request.

How can I get/create that token using Managed Identity I have associated with that media service resource with the REST API?

The examples I have found focus on using a Service Principal and Azure Active Directory (which I am not using in this project)

Answer 1

The Media Services ARM API can be accessed using a Managed Identity. For this to work, the Managed Identity must be granted access to the Media Services account.

First you would need to get a token. The process to get tokens depends on the Managed Identity provider, here are some examples:

• Azure App Services
• Azure Virtual Machines

When requesting tokens to call the Media Services ARM API, the resource should be set to https://management.azure.com/.

Once you have a token, you can call the ARM API by specifying the token in the Authorization header, for example:

https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/myrg/providers/Microsoft.Media/mediaservices/mymedia/assets?api-version=2021-11-01  
Authorization: Bearer <token-goes-here>  

Answer 2

The user-assigned managed identity I have was created as part of the process of setting up the media services account. In that case, what is the "Managed Identity provider" that you mention above? I don't have a VM or App Service for this (that I am aware of, at least)

Through the portal UI, I have attempted to make sure that the managed identity has access to the media services account. However, that specific scope does not appear to be available(see image). For now, I have given it access to the subscription as a Contributor in hopes that will provide it access to the media services account. Will that work?