Voiced by Amazon Polly |
Overview
This article will show how we can programmatically connect to the Azure portal and generate a token for REST API to perform actions. Microsoft provides many ways to connect to the Azure portal. One of them is Azure REST APIs. We will also see how to create app registration and generate a secret value to get authenticated by the authentication service. We will also assign RBAC role to app registration which will help us to perform an action in the Azure subscription.
App Registration and Generate Credentials
App Registration provides authorization and authentication to Azure Active Directory. We can provide roles to app registration and get access to the Azure portal. Using App registration, we can get access to any subscription in an Azure AD. This is a very efficient and secure way to authenticate and authorize any external client in Azure. Users can assign any role to app registration and use its credentials to authenticate to the Azure portal.
Credentials in App Registration:
We have a total of 3 IDs in APP registration to get authenticated.
- Subscription ID: This ID is required to authenticate and verify the subscription we are trying to access.
- Client ID: This ID is an app registration unique ID in the Azure directory. We call it as an application ID.
- Tenant ID: This is the Directory ID where the app registration gets created.
Customized Cloud Solutions to Drive your Business Success
- Cloud Migration
- Devops
- AIML & IoT
Steps to Create App Registration
Note: We need administrator access to Azure AD to create App Registration.
- Log in to Azure portal http://portal.azure.com/
- Search for App Registration.
- Click + New Registration.
- Give a unique name.
- Select supported account types for App registration.
- Leave everything as default and Click Register.
Generating a Secret Value
The secret value is a confidential credential that helps the application authenticate itself to the Azure portal authentication service.
We can generate Secret values or Certificates for authentication. Users can set the time period to a secret value.
Note: Secret value is a very sensitive credential, and never share this with any external user who does not need it or never makes it public.
Providing RBAC Role to App Registration
RBAC: Role-Based access control is a system that helps us provide required or fine-grained access to customers or users according to their jobs. We can create a custom role in Azure and assign it to App Registration.
This article will provide reader access to App registration to list resources in the portal.
Generating Bearer Token using REST API
To access the Azure portal, we need to generate a Bearer access token which will be active for one hour.
Azure provides REST API to generate Bearer tokens using APP Registration Credentials.
To know more about Azure REST APIs, follow: Azure API Management REST API | Microsoft Learn
To generate a bearer token, we can use this REST API and pass the Tenant ID in the API URL: https://login.microsoftonline.com/{TENANT_ID}/oauth2/token
We need to send a post request using the above API to generate an access token. We also need to pass the other three credentials (Client ID, Tenant ID, and Secret ID) in the body of the API.
Get access to the Azure portal Using REST API
Microsoft provides many ways to get access to the Azure portal, and one of them is using Azure REST APIs.
Using REST APIs, we can perform many tasks in the Azure portal, such as listing, creating, and deleting services. We must provide an authorization token in the REST API header to access Azure portals. Also, in the scope section, we must pass the subscription ID where we want to perform those actions.
Example: We are taking one API which will perform listing.
Scope: subscription/{subscription_id}, where subscription_id is your subscription ID.
Conclusion
We have performed many actions in this article to help us understand how to connect to the Azure portal. We created one App Registration Credential that will help us authenticate by azure authentication service. This article will help to generate a Bearer token and perform an action on the Azure portal using REST API. We can list, delete and create services in Azure using Azure REST APIs.
Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.
- Cloud Training
- Customized Training
- Experiential Learning
About CloudThat
CloudThat is also the official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft gold partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.
Drop a query if you have any questions regarding Azure, REST APIs and I will get back to you quickly.
To get started, go through our Consultancy page and Managed Services Package that is CloudThat’s offerings.
FAQs
1. Can we create multiple App registration in the Azure portal?
ANS: – Yes, we can create as many as we want.
2. What role do we need to create App Registration in the Azure portal?
ANS: – We need an Administrator role on a subscription account to create App Registration.
3. What action can we perform in Azure using Azure REST APIs?
ANS: – We can perform listing, delete and create Azure services using Azure REST APIs.
WRITTEN BY Kishan Singh
Kishan Singh works as Research Associate (Infra, Migration, and Security) at CloudThat. He is Azure Administrator and Azure Developer certified. He is highly organized and an excellent communicator with good experience in Cyber Security and Cloud technologies. He works with a positive attitude and has a good problem-solving approach.
Praveen Kumar
Feb 24, 2023
Great kishan! Keep it up
Himanshu Kumar
Feb 24, 2023
Really excellent blog!
Amazing content!
Mm
Click to Comment