{{tag>microsoft azure rest api}}

====== Connect to Azure REST API ======
This uses so-called [[https://docs.microsoft.com/en-us/rest/api/azure/#client-credentials-grant-non-interactive-clients|client credentials grant]] for accessing the API. There are also [[https://docs.microsoft.com/en-us/rest/api/azure/#authorization-code-grant-interactive-clients|authorization via code]] to get the token mentioned below.


In your account open the azure shell. After connecting create the principal

  az ad sp create-for-rbac --role Contributor --scope /subscriptions/<your subscription id>
  
Subscription id can be obtained from URL when you are logged in to portal.azure.com or with this command
  az account show --query id -o tsv

You should get the following similar info
  {
    "appId": "257xxxxxxxxxxxxxxxxxxxxxx",
    "displayName": "azure-cli-2022-08-30-10-52-10",
    "password": "xxxxxxxxxxxxxxxxxxxxx",
    "tenant": "4aedxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  }

This data can now be used to get query the API but you still need the **BearerToken** which can be obtained via [[https://docs.microsoft.com/en-us/rest/api/sql/2021-02-01-preview/firewall-rules/list-by-server?tabs=HTTP|this script]], which can be used in Postman as a //"Pre-request Script"//

You can also get the token via curl see [[https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token|this]]

====== Renew/generate new token i.e. client secret ======

  -  In the Azure portal, in App registrations, select your application.
  - Select Certificates & secrets > Client secrets > New client secret.
  - Add a description for your client secret.
  - Select an expiration for the secret or specify a custom lifetime. Client secret lifetime is limited to two years (24 months) or less. You can't specify a custom lifetime longer than 24 months. Microsoft recommends that you set an expiration value of less than 12 months.
  - Select Add.
  - Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.


====== Tested on ======
  * Microsoft Azure accessed on 2022-08-30

====== See also ======
  * [[wiki:updateing_azure_database_firewall_via_api|Updateing Azure database firewall via Azure API]]
====== References ======
  * https://blog.jongallant.com/2021/02/azure-rest-apis-postman-2021/
  * https://docs.microsoft.com/en-us/rest/api/azure/
  * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token