Introduction

In this quick post, I will try to create a bearer token and use it to authenticate on Azure REST API.

Prerequisites

Create The Bearer Token

For the demo purposes, we are going to use Azure CLI to create the Bearer Token.

Step 1. Az-Login Command

Open elevated CMD, type az login and press Enter.

Microsoft Windows [Version 10.0.18362.476]
(c) 2019 Microsoft Corporation. All rights reserved.
 
C:\WINDOWS\system32>az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code ######### to authenticate.

Step 2. Authenticate to Azure

Open in a web browser the page https://microsoft.com/devicelogin, enter the code ######## to authenticate the device on azure.



Step 3. Set The Azure Subscription

After we authenticate the device to connect Azure we can continue with the next commands and the first is used to set the default subscription.

az account set  --subscription "########-####-####-####-############"

Step 4. Create Azure Service Principal

Type the following commands to create the Azure Service Principal, 

C:\WINDOWS\system32>az ad sp create-for-rbac -n "Azure_Service_Principal_Name"
Retrying role assignment creation: 1/36
Retrying role assignment creation: 2/36
{
  "appId": "########-#####-####-####-############",
  "displayName": "test_aztable_spn",
  "password": "########-#####-####-####-############",
  "tenant": "########-#####-####-####-############",
}

Info: Copy the values for the appId, password, and tenant into a text file, because it will be used to next steps.

Create Azure REST API Collection

Following the steps below we'll be able to create a new collection in Postman called Azure REST API.

Step 1. Manage Environments


Open Postman, and click the button Manage Environments 

Step 2. Add New Manage Environment

Select Add, to Add a new Manage Environment



Step 3. Add The Variables, Initial And Current Values

At the next step, we have to add the variables (tenantId, clientId, clientSecret, resource, subscriptionId) with the initial and current values.



Get the Azure Active Directory Token

To get the Azure Active Directory token we have to do:

  1. Select the "Azure REST API" manage environment
  2. Select the POST method
  3. Type the request https://login.microsoftonline.com/{{tenantId}}/oauth2/token

and click the button Send.



As we can see below the Bearer Token has been created and we can use it to execute requests using Azure REST API.



Using The Azure REST API

At the final step, we are able to execute a request using Azure REST API to get the Resource Groups.

To get the Azure Active Directory token we have to do:

  1. Select the GET method
  2. Type the request https://management.azure.com/subscriptions/{{subscriptionId}}/resourcegroups?api-version=2017-05-10
  3. Select Authorization Type "Bearer Token", and paste the token that we have been created on the previous step


Conclusion

To do a sum up all of the above, we read how quick and easy we can create a bearer token to use Azure REST API. We need to have in the back of our minds that Azure subscription is a mandatory requirement to do a complete demo.

See Also