How to authenticate in Azure REST API with Postman

There is always a moment when PowerShell, Azure CLI or ARM Template are not enough. Azure API come handy at that point.

This article will show you how to authenticate to the API using Azure Active Directory and client application.

You will need:

  • Azure subscription
  • Postman
  1. Go to Azure Active Directory and Create new App:

  1. Copy Application ID for later:

  1. Create Key(Copy the value of the key because later you will not be able to see it again.):

  1. Go to Subscription and grant access to App.

  1. We need one more thing. Go to Azure Active Directory and copy Directory ID:

  1. Open Postman and create POST Tab.
URL: https://login.microsoftonline.com/{DirectoryID}/oauth2/token

In Body:

grant_type: client_credentials
client_id: {Application ID}
client_secret: {Key}
resource: https://management.azure.com/

It should look like this:

  1. Check response and copy access_token:
{
    "token_type": "Bearer",
    "expires_in": "3599",
    "ext_expires_in": "0",
    "expires_on": "1519599500",
    "not_before": "1519595600",
    "resource": "https://management.azure.com/",
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlNTUWRoSTFjS3ZoUUVEU0p4RTJnR1lzNDBRMCIsImtpZCI6IlNTUWRoSTFjS3ZoUUVEU0p4RTJnR1lzNDBRMCJ9.eyJhdWQiOiJodHRwczovL21hbmFnZW1lbnQuYXp1cmUuY29tLyIsImlzcyI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0L2I0YjUwNzg5LTBjNzktNGY1YS1iOWRjLWVjOWZmYjcyMTNiNS8iLCJpYXQiOjE1MTk1OTU2MDAsIm5iZiI6MTUxOTU5NTYwMCwiZXhwIjoxNTE5NTk5NTAwLCJhaW8iOiJZMk5nWURCbm0vSkw2OTgrb1NBRzBWVmZleTUwQVFBPSIsImFwcGlkIjoiZGQxN2JlMmItODZlNy00ZWM3LWIwYTctZGExYzcyOTg3MmRlIiwiYXBwaWRhY3IiOiIxIiwiaWRwIjoiaHR0cHM6Ly9zdHMud2luZG93cy5uZXQvYjRiNTA3ODktMGM3OS00ZjVhLWI5ZGMtZWM5ZmZiNzIxM2I1LyIsIm9pZCI6Ijk2YTVjNDM3LTQ1N2YtNDIwNC04NjQzLTgxOTVkZGExYzM1ZSIsInN1YiI6Ijk2YTVjNDM3LTQ1N2YtNDIwNC04NjQzLTgxOTVkZGExYzM1ZSIsInRpZCI6ImI0YjUwNzg5LTBjNzktNGY1YS1iOWRjLWVjOWZmYjcyMTNiNSIsInV0aSI6IldKd2dEMlVWcTBHaFIwX0VFQzBOQUEiLCJ2ZXIiOiIxLjAifQ.VdbyhU0jJ1sbxFBC_oxb-BrRQBRTMF6iG3r6s5tVYrdZlqGc4UGp7xoFUdGUddJvxDH5L9t0ZKNt9uxv0t3AokeQ4NE2qBrAM3WNIoUL1J4Te0_ncVNR14aHS2ATWEB7dBbTOltAJ0_rKwDyzPjEUyyKXgjBSAOoRy7nAshFm2imdGneiMSRb-6f_qtvDDO9SZZ4KSB48elO2fBd2G2hkC2qnp_un5AiwEj9-V_HRQZ67EtkDdvaWX0FDYsajqncCJ7le_eII1N8TOp4mPr8qKwEIUDQEAK6gw0etiMIvh7n7_i-6G2T1BJI_Bx6klmjuiLD1RcWQm4D7rDCZrHcMg"
}

Pro tip: go to http://jwt.ms/and try decode token ;)

  1. Let create some GET to Azure API.
URL: https://management.azure.com/subscriptions/{SubscriptionID}/resourcegroups?api-version=2017-05-10

In Headers:

Authorization: Bearer {Token}

It should look like this:

Now you know how to use Azure API. For more fun please visit https://docs.microsoft.com/en-us/rest/api/ :)