Get an access token
To use the DICOMĀ® service, users and applications need to prove their identity and permissions by getting an access token. An access token is a string that identifies a user or an application and grants them permission to access a resource. Using access tokens enhances security by preventing unauthorized access and reducing the need for repeated authentication.
Use the Azure command-line interface
You get an access token using the Azure command-line interface (CLI). Azure CLI is a set of commands used to create and manage Azure resources. You can use it to interact with Azure services, including the DICOM service. You can install Azure CLI on your computer or use it in the Azure Cloud Shell.
Assign roles and grant permissions
Before you get an access token, configure access control for the DICOM service using Azure role-based access control (Azure RBAC). Azure RBAC is a system that allows you to define who can access what resources and what actions they can perform on them.
To assign roles and grant access to the DICOM service:
Register a client application in Microsoft Entra ID that acts as your identity provider and authentication mechanism. Use Azure portal, PowerShell, or Azure CLI to register an application.
Assign one of the built-in roles for the DICOM data plane to the client application. The roles are:
- DICOM Data Owner. Gives full access to DICOM data.
- DICOM Data Reader. Allows read and search operations on DICOM data.
Get a token
To get an access token using Azure CLI:
Sign in to Azure CLI with your user account or a service principal.
Get the object ID of your user account or service principal by using the commands
az ad signed-in-user showoraz ad sp list, respectively.Get the access token by using the command
az account get-access-token --resource=https://dicom.healthcareapis.azure.com.Copy the access token from the output of the command.
Use the access token in your requests to the DICOM service by adding it as a header with the name
Authorizationand the valueBearer <access token>.
Store a token in a variable
The DICOM service uses a resource or Audience with uniform resource identifier (URI) equal to the URI of the DICOM server https://dicom.healthcareapis.azure.com. You can obtain a token and store it in a variable (named $token) with the following command:
$token=$(az account get-access-token --resource=https://dicom.healthcareapis.azure.com --query accessToken --output tsv)
Tips for using a local installation of Azure CLI
If you're using a local installation, sign in to the Azure CLI with the az login command. To finish authentication, follow the on-screen steps. For more information, see Sign in with the Azure CLI.
If prompted, install Azure CLI extensions on first use. For more information, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Use a token with the DICOM service
You can use a token with the DICOM service using cURL. Here's an example:
-X GET --header "Authorization: Bearer $token" https://<workspacename-dicomservicename>.dicom.azurehealthcareapis.com/v<version of REST API>/changefeed
Note
DICOMĀ® is the registered trademark of the National Electrical Manufacturers Association for its Standards publications relating to digital communications of medical information.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for