Need details on how to receive a Bearer Token to call the Azure API Gateway Management APIs

Question

Need details on how to receive a Bearer Token to call the Azure API Gateway Management APIs

RapidJames 1

Can someone help me by providing me with an example CURL command to get a Bearer token to call the Azure API Gateway Management APIs? Similar to what gets created in the bottom-right of the following screenshot:

1 answer

Your answer

Answer 1

JananiRamesh-MSFT 29,276

@RapidJames Thanks for reaching out, The authorize url https://login.microsoftonline.com/common/oauth2/authorize will provide the refresh token and it gets redirect to token endpoint https://login.microsoftonline.com/{Tenant id}/oauth2/token to get the bearer token.

please find the sample curl command below to fetch the bearer token to call the rest api's.

provide the client id, client secret accordingly

curl --location --request POST 'https://login.microsoftonline.com/{Tenant id}/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: buid=0.ARoAv4j5cvGGr0GRqy180BHbR1m5UcQoBoBDr_2HE2393hMaAAA.AQABAAEAAAD--DLA3VO7QrddgJg7Wevrp1BuXyTtIceV0cVvUsX3XKuTcfl-2PAd2pPZJXdJlOldWOlRbQqBVQ2nfTsWC5otMhFCOl0508uw2C4J1aLfpJXxLjK6cWDKDrAy6fneInQgAA; esctx=AQABAAAAAAD--DLA3VO7QrddgJg7Wevr6LQosMsDuwEVGWro_cPd1IFZwgM08OlG_t20yFRLJGG4pQ_AcFDIFI18jv16nvtgMI0lQw4bec1ZB9Xa2Bz6D1O87BgZ5CjLA1RBj9wnIRtc5nRRmgWRvaWGhlVAwtfr71oB3VgDmpfBOEMROdYOpmfP1RTgVMdhUBqFOI2A3RIgAA; fpc=ArX3vpYIIelCocVLKfBRzbXzHjBSAwAAAFLdYNoOAAAA; stsservicecookie=estsfd; x-ms-gateway-slice=estsfd' \
--data-urlencode 'client_id={clinetid}' \
--data-urlencode 'resource=https://management.core.windows.net' \
--data-urlencode 'client_secret={clientsecret}' \
--data-urlencode 'grant_type=client_credentials'

please let me know incase of further queries, I would be happy to assist you.

To benefit the community find the right answers, please do mark the post which was helpful by clicking on ‘Accept Answer’ & ‘Up-Vote’.

RapidJames 1 Reputation point

2022-07-13T22:15:08.043+00:00

Thank you for the info. Where do I find the values for 'Cookie' header, client_id, and client_secret? I am receiving a bearer token but when I use it to make a call:

curl "https://management.azure.com/subscriptions/a231b6ad-5dd0-42ec-b92a-52aff6f3f3d6/resourceGroups/RapidAPI/providers/Microsoft.ApiManagement/service/MyAzureAPIGateway/reports/byRequest?$filter=timestamp%20ge%20datetime%272022-07-02T00%3A00%3A00%27&api-version=2017-03-01" \
-H 'Ocp-Apim-Subscription-Key: d4785cb8147848439ca4da24bb247b5f' \
-H 'Authorization: Bearer {token value}'

I am getting the following error:

{"error":{"code":"AuthorizationFailed","message":"The client '15bdb8f9-6fa1-4977-b4d4-b12395c03b25' with object id '15bdb8f9-6fa1-4977-b4d4-b12395c03b25' does not have authorization to perform action 'Microsoft.ApiManagement/service/reports/read' over scope '/subscriptions/a231b6ad-5dd0-42ec-b92a-52aff6f3f3d6/resourceGroups/RapidAPI/providers/Microsoft.ApiManagement/service/MyAzureAPIGateway/reports/byRequest' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
JananiRamesh-MSFT 29,276 Reputation points

2022-07-15T09:01:26.403+00:00

Hi @RapidJames Thanks for getting back. When you click on try it button from the document check the browser trace to fetch the client id using the client id you can search your app registrations in AAD to get the client secret.

This error indicates that it could be a permission issue, or you might be providing a wrong resource or RG or subscription. could you please confirm if you have a reader/contributor access?
RapidJames 1 Reputation point

2022-07-15T16:54:30.26+00:00

Hi @JananiRamesh-MSFT I can see that the object id "15bdb8f9-6fa1-4977-b4d4-b12395c03b25" in the error message belongs to my Enterprise Application "MyAPIApp" (see screenshot). I have gotten the client id and secret from the app registration "MyAPIApp" but I have no idea where or what object I need to provide a resource, RG, or subscription access as a reader/contributor. Can you advise?

Share via

Need details on how to receive a Bearer Token to call the Azure API Gateway Management APIs

1 answer

Your answer