Azure : “My first REST API Call”-tutorial

Introduction

For today’s post, we’re going to do a REST call towards an Azure API. For this we’re going to create a “Servce Principal” and afterwards use the credentials from this object to get an access token (via the Oauth2 Client Credentials Grant) for our API.

 

Protocol Flow

What’s the flow going to be?

1. The application does a clients_credential call. Here it’ll provide ;
   1.  it’s application id as a client_id
   2. it’s secret as the client_secret
   3. choose “clients_credentials” as the grant_type
   4. set the “resource” to “https://management.azure.com”
2. AAD will return an access token
3. You can now call the API adding an additional header ;
   1. Header Name = Authorization
   2. Header Value = “Bearer *accesstoken*”
4. The API will return a response

(Source : https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service )

 

Now let’s see how that would look in reality?

Continue reading “Azure : “My first REST API Call”-tutorial” →

Azure : Using PHP to go all oauth2 on the management API!

Introduction

As a hobby effort, I wanted to create a small poc where any user would be able to login with their AAD user, grant access to an application, after which that application could query their subscriptions.

In all honesty, I’ve been struggling more than I like to admit with getting this working… So this post will cover all the steps that you need to do to get this working!

 

Oauth & Azure AD

Before getting our hands dirty, read up on the following post ; Authorize access to web applications using OAuth 2.0 and Azure Active Directory

Ready it thoroughly! To be honest, I didn’t at first and it cost me a lot of time. 😉

Anyhow, the flow looks as follows…

So basically;

• We’ll redirect the user to sign-in (and if this hasn’t been done, grant our application access)
• If all went well, we’ll receive an authorization code
• We’ll use this code to get a bearer (and refresh) token
• Next up we’ll use the bearer code to connect to the Azure REST API for getting the list of subscriptions for that user.

Continue reading “Azure : Using PHP to go all oauth2 on the management API!” →

Azure : Billing Automation / Integration via the REST

Introduction
If you are an internal service provider needing to do chargebacks, or get an insight into your spending. Or if you are a cloud service provider in need to bill your customers for their Azure usage… You’ll find your self in need to get the raw usage data of your subscription(s). So today we’ll delve into getting your usage data from Azure via the REST api.

 

Environment Setup
For today’s post, we’ll be using “postman“. A very nice tool suggested by a co-worker of mine (Robin) and it’s really user-friendly to work with! What does the tool do? Basically it’ll let you craft REST calls without the need for custom scripts / coding effort. Why do we need it? Because we’re going to need to do authentication with each call, and let’s say… It isn’t that straightforward if you aren’t accustomed with it (like me at this time). 🙂

In order to set up your environment, I would suggest that you go through the following guide. So basically setup your environment …

and your header preset ; Continue reading “Azure : Billing Automation / Integration via the REST” →