In this quick post, I will try to explain how easily we can create a bearer token and use it to authenticate on Azure REST API.
Prerequisites
- Azure Active Subscription
- Azure CLI or Cloud Shell
- Postman
Create The Bearer Token
For the demo purposes, we are going to use Azure CLI to create the Bearer Token.
Step 1. Az-Login Command
Open elevated CMD, type az login and press Enter.
Step 2. Authenticate to Azure
Open in a web browser the page https://microsoft.com/devicelogin, enter the code ######## to authenticate the device on azure.
Step 3. Set The Azure Subscription
After we authenticate the device to connect Azure we can continue with the next commands and the first is used to set the default subscription.
az account set –subscription “########-####-####-####-############”
Step 4. Create Azure Service Principal
Type the following commands to create the Azure Service Principal, az ad sp create-for-rbac -n “YOUR AZURE PRINCIPAL NAME”
Info: Copy the values for the appId, password, and tenant into a text file, because it will be used to next steps. |
Create Azure REST API Collection
Following the steps below we’ll be able to create a new collection in Postman called Azure REST API.
Step 1. Manage Environments
Open Postman, and click the button Manage Environments.
Step 2. Add New Manage Environment
Select Add, to Add a new Manage Environment
Step 3. Add The Variables, Initial And Current Values
At the next step, we have to add the variables (tenantId, clientId, clientSecret, resource, subscriptionId) with the initial and current values.
Get the Azure Active Directory Token
To get the Azure Active Directory token we have to do:
- Select the “Azure REST API” manage environment
- Select the POST method
- Type the request https://login.microsoftonline.com/{{tenantId}}/oauth2/token
and click the button Send.
As we can see below the Bearer Token has been created and we can use it to execute requests using Azure REST API.
Using The Azure REST API
At the final step, we are able to execute a request using Azure REST API to get the Resource Groups.
To get the Azure Active Directory token we have to do:
- Select the GET method
- Type the request https://management.azure.com/subscriptions/{{subscriptionId}}/resourcegroups?api-version=2017-05-10
- Select Authorization Type “Bearer Token”, and paste the token that we have been created on the previous step