A Guide to Access Azure Portal and App Registration using REST APIs

Overview

This article will show how we can programmatically connect to the Azure portal and generate a token for REST API to perform actions. Microsoft provides many ways to connect to the Azure portal. One of them is Azure REST APIs. We will also see how to create app registration and generate a secret value to get authenticated by the authentication service. We will also assign RBAC role to app registration which will help us to perform an action in the Azure subscription.

Customized Cloud Solutions to Drive your Business Success

Cloud Migration
Devops
AIML & IoT

Know More

App Registration and Generate Credentials

App Registration provides authorization and authentication to Azure Active Directory. We can provide roles to app registration and get access to the Azure portal. Using App registration, we can get access to any subscription in an Azure AD. This is a very efficient and secure way to authenticate and authorize any external client in Azure. Users can assign any role to app registration and use its credentials to authenticate to the Azure portal.

Credentials in App Registration:

We have a total of 3 IDs in APP registration to get authenticated.

Subscription ID: This ID is required to authenticate and verify the subscription we are trying to access.
Client ID: This ID is an app registration unique ID in the Azure directory. We call it as an application ID.
Tenant ID: This is the Directory ID where the app registration gets created.

Steps to Create App Registration

Note: We need administrator access to Azure AD to create App Registration.

Log in to Azure portal http://portal.azure.com/
Search for App Registration.
Click + New Registration.
Give a unique name.
Select supported account types for App registration.
Leave everything as default and Click Register.

app

Generating a Secret Value

The secret value is a confidential credential that helps the application authenticate itself to the Azure portal authentication service.

We can generate Secret values or Certificates for authentication. Users can set the time period to a secret value.

Note: Secret value is a very sensitive credential, and never share this with any external user who does not need it or never makes it public.

secret

Providing RBAC Role to App Registration

RBAC: Role-Based access control is a system that helps us provide required or fine-grained access to customers or users according to their jobs. We can create a custom role in Azure and assign it to App Registration.

This article will provide reader access to App registration to list resources in the portal.

rbac

Generating Bearer Token using REST API

To access the Azure portal, we need to generate a Bearer access token which will be active for one hour.

Azure provides REST API to generate Bearer tokens using APP Registration Credentials.

To know more about Azure REST APIs, follow: Azure API Management REST API | Microsoft Learn

To generate a bearer token, we can use this REST API and pass the Tenant ID in the API URL: https://login.microsoftonline.com/{TENANT_ID}/oauth2/token

We need to send a post request using the above API to generate an access token. We also need to pass the other three credentials (Client ID, Tenant ID, and Secret ID) in the body of the API.

token

Get access to the Azure portal Using REST API

Microsoft provides many ways to get access to the Azure portal, and one of them is using Azure REST APIs.

Using REST APIs, we can perform many tasks in the Azure portal, such as listing, creating, and deleting services. We must provide an authorization token in the REST API header to access Azure portals. Also, in the scope section, we must pass the subscription ID where we want to perform those actions.

Example: We are taking one API which will perform listing.

API: https://management.azure.com/scope/providers/Microsoft.Compute/virtualMachines?api-version=2022-08-01

Scope: subscription/{subscription_id}, where subscription_id is your subscription ID.

azure

Conclusion

We have performed many actions in this article to help us understand how to connect to the Azure portal. We created one App Registration Credential that will help us authenticate by azure authentication service. This article will help to generate a Bearer token and perform an action on the Azure portal using REST API. We can list, delete and create services in Azure using Azure REST APIs.

Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.

Cloud Training
Customized Training
Experiential Learning

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

FAQs

1. Can we create multiple App registration in the Azure portal?

ANS: – Yes, we can create as many as we want.

2. What role do we need to create App Registration in the Azure portal?

ANS: – We need an Administrator role on a subscription account to create App Registration.

3. What action can we perform in Azure using Azure REST APIs?

ANS: – We can perform listing, delete and create Azure services using Azure REST APIs.

WRITTEN BY Kishan Singh

Kishan Singh works as Research Associate (Infra, Migration, and Security) at CloudThat. He is Azure Administrator and Azure Developer certified. He is highly organized and an excellent communicator with good experience in Cyber Security and Cloud technologies. He works with a positive attitude and has a good problem-solving approach.