Skip to content

Instantly share code, notes, and snippets.

@richardjortega

richardjortega/curl_rest_api.md

Last active March 2, 2021 14:14
Show Gist options
  • Save richardjortega/0cc2f1108bccf60f38ea249366886c25 to your computer and use it in GitHub Desktop.
Save richardjortega/0cc2f1108bccf60f38ea249366886c25 to your computer and use it in GitHub Desktop.
Download ZIP
cURL REST API for Azure Resource Manager (ARM)
Raw
curl_rest_api.md

Using cURL and Azure REST API to access Azure Resource Manager (non-interactive)

Note: This guide assumes Azure CLI 2.0 is installed and familiarity with Azure concepts.

Register Client App and Obtain Service Principal (via CLI)

The APP_ID_URI needs to match what is expected in client request calls.

$ az ad sp create-for-rbac --name [APP_ID_URI] --password [PASSWORD]

## Example:
$ az ad sp create-for-rbac --name "testMyApp" --password "123456"

Optionally, you could use the portal via: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

A response will provide an appId for a tenantId. We'll need both of those moving forward.

Request an App Access Token

Main Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token

To get the app token we'll need the following information:

  • APP_ID
  • TENANT_ID
  • PASSWORD
  • RESOURCE
    • URI encode of Azure Resource Management API: https://management.azure.com/ (with the forward slash)
      • Use https%3A%2F%2Fmanagement.azure.com%2F as the RESOURCE (properly URI-encoded)
    • Note: Must be URI-encoded and must match the URL of the domain we will request information from.
    • Example: https://management.azure.com/ would be
$ curl -X POST \
       -d 'grant_type=client_credentials&client_id=[APP_ID]&client_secret=[PASSWORD]&resource=https%3A%2F%2Fmanagement.azure.com%2F' \
     https://login.microsoftonline.com/[TENANT_ID]/oauth2/token

The response object will contain an ACCESS_TOKEN, we will use this in the Resource Call.

Example Call: List all Web Apps within a Subscription

API Reference for WebApps: https://docs.microsoft.com/en-us/rest/api/appservice/webapps#WebApps_List

API Notes:

  • Required Headers:
    • "Content-Type: application/json"
    • "Authorization: Bearer [ACCESS_TOKEN]"
  • Required in URI:
    • Must include the api-version query param with the host
      • Usually in the form of: YYYY-MM-DD
      • Example: 2016-08-01
    • Must include the SUBSCRIPTION_ID in the URI
curl -X GET \
     -H "Authorization: Bearer [ACCESS_TOKEN]" \
     -H "Content-Type: application/json" \
     https://management.azure.com/subscriptions/[SUBSCRIPTION_ID]/providers/Microsoft.Web/sites?api-version=[API_VERSION]

Troubeshooting

  • If you receive an error like a 400 for a bad header, make sure when you copy/paste your Access Token that there are no space (sometimes this occurs depending on which terminal you are copy/pasting from/to)
  • If you need additional information about a request, use verbose mode in cURL by passing the -v flag.
@brucezlata
Copy link

az ad sp create-for-rbac -n "testAPP"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment