Hey Jon, great tutorial. Sadly it seems that changes have caused this to break in 2022. My attempts to execute the GET response receive the following error: The client 'xxxxxxxxxxxx with object id 'xxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/xxxxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials." The bearer token as well as the "bearerTokenExpiresOn" fields are all populated but It still isnt working. Would appreciate some guidance!
@@robertkirwan29 one thing you can do Robert is add the application as a contributor to whichever scope you want to have access to (either a certain resource group or a subscription). This resolved the issue for me
@@harshavardhan637 Hi Harsha, you only need to change the permission of your application in your active directory. Give the application registration the "contributor" role to your subscription and this will work
@@arestlessmind780 Under my subscription-> my permissions I have contributor - is it where I should be looking at ? Is there is a way we could connect ?
"AuthorizationFailed" is sticking, cant get rid of it, I tried every suggestion in the comments below. Authorization / access settings is not mentioned in the video, does it mean it should just work?
I follow instructions in video but got this error: The client '...' with object id '...' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/...' or the scope is invalid. If access was recently granted, please refresh your credentials. What should i do?
Great video, sadly Microsoft dropped the Ruby support. Would be great to at least offer a limited Ruby on Rails support for Azure AD and Graph. Improvement: Put the secrets into Environment variables that can be kept secret. Collection Variables are not hidden.
We need to add IAM Role Assignment (e.g. Contributor role) to the app (service principle ) and then the APIs work... otherwise it gives unauthorized error.
Hello Jon, awesome video! However, I still have one question regarding authentication: The generated bearer tokens are valid for an hour. In a production environment, when I am calling the APIs, should I generate a token before each API call, or should I run a script to save the token centrally every hour? Is there maybe another way to authenticate the API with a "permanent" API key or token in order to avoid the overhead of creating a new token each time?
I just published an updated pre-request script that should only request a new token if we don't already have a token or if the token has expired. Please have a look, try it out, and let me know if you run into any issues. Thanks! Jon blog.jongallant.com/2021/02/azure-rest-apis-postman-2021/#Pre-request-Script
Thank you for this video and the link to your tutorial! Because of you, I was able to figure out how to automate with the Azure API in Python. I might post a tutorial myself on how to do it on Medium.
SubscriptionId topic is quite complicated; Azure does all sorts of crap that you need a subscription, and you cannot have access to shell because your subscription is not linked to your target Directory, you want to assign a subscription and its is not allowed. After some re-shuffle I could see the option and it insists on generating disk space. I was like WHAT THE HELL !! 💀
I'm getting: { "error": { "code": "InvalidSubscriptionId", "message": "The provided subscription identifier 'resourcegroups' is malformed or invalid." } } I have checked both in cli and the portal. It is the correct subscriptionId I have entered in Postman. The other variables is correct aswell.
@@GregorSuttie In postman variables there are two values, one for current value and other for inital value. Set it to the current value will fix the error
I've played with the built in oauth support over the years and never found a solution. I believe it is because of this issue: github.com/postmanlabs/postman-app-support/issues/4391 Please let me know if you find a way to get it to work
{ "error": { "code": "AuthenticationFailed", "message": "Authentication failed. The 'Authorization' header is missing." } } getting this error. :( . i had made a typo in setting environment variable, "clientId". i changed it, however i still get the same error. could you please help after sending the request, along with above error in the "Body" tab, I get the following error in the "Test Results" tab. Check for collectionVariables | AssertionError: clientId variable not set: expected '' not to be empty I have fixed the typo, even then i get this error
I am using rest api to access logic app runs but getting error that resource not found but resource is already there have checked everything but not sure why its happening could you please help
for those of you getting errors, you need to first give your service principal contributor permissions on the subscription you are trying to work with. Next, In postman variables there are two values, one for current value and other for initial value. Set it to the current value will fix the error. I had put the variables in the "initial value" column and it wasn't working because of that. Just wanted to share in case this helps someone else.
You can use the REST API docs to create the requests you need: For delete blog: docs.microsoft.com/en-us/rest/api/storageservices/delete-blob I'm working on getting a Postman collection that has more of the REST API commands.
hello can you help me connect my azure model to an android app interface i use kotlin but you can do a step by step tutorial even in java am having errors following the documentation
Thank you for the video! When I send the request (at 5:49), however, I get the following error returned: "error": { "code": "InvalidSubscriptionId", "message": "The provided subscription identifier 'resourcegroups' is malformed or invalid." } Any idea what's going on?
I need to code the postman collection in python, my question is if there is another way to get the bearertoken other than through the pre-script since I don't know how to pass it to my project and I can't depend on the collection in postman it must be something independent in my project, any ideas?
By default, when you create an SP, it does not have permissions to do anything. Make sure you assign the right RBAC role to your Service principal you created and try again. Hope this helps!
@@JonGallant I am also looking for the blueprint as I want to create blueprint on the Management group level so the owner will not able to delete blueprint.
@@JonGallant a sample with personalised token would be very helpful, because service principals authorised for multiple tenants has a higher risk than personalised token limited to only the user's tenants. and the token can be issued via a strong authN (e.g. MFA), while client_credentials not. Do you have any doc links to this setup if a sample is not yet planned?
Hi Jon, I'm getting this error when I hit Send on the GET request "There was an error in evaluating the Pre-request Script: TypeError: Cannot read property 'get' of undefined"
@@justair07 Okay, please use this method instead if you need to use an old version of Postman that doesn't support collection variables. blog.jongallant.com/2017/11/azure-rest-apis-postman/
@@JonGallant i am trying to build an MFA application and i wanted to integrate it with azure authentication. Is there a way to pass the username and password without interacting with UI and then perform the MFA with azure on the UI?
@@codex4483 Do you want to call the rest endpoints on behalf of a user? Typically people wrap the Azure REST API in their own API. Then they do user auth against their API with Azure AD B2C. Either way you’d need to create an Azure AD app and control MFA with that.
@@JonGallant yes i want to do it on behalf of a user.. like i will be passing my username and password in the request and will the get the response accordingly..is that possible?