Hey Jon, great tutorial. Sadly it seems that changes have caused this to break in 2022. My attempts to execute the GET response receive the following error: The client 'xxxxxxxxxxxx with object id 'xxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/xxxxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials." The bearer token as well as the "bearerTokenExpiresOn" fields are all populated but It still isnt working. Would appreciate some guidance!
@@robertkirwan29 one thing you can do Robert is add the application as a contributor to whichever scope you want to have access to (either a certain resource group or a subscription). This resolved the issue for me
@@harshavardhan637 Hi Harsha, you only need to change the permission of your application in your active directory. Give the application registration the "contributor" role to your subscription and this will work
@@arestlessmindband Under my subscription-> my permissions I have contributor - is it where I should be looking at ? Is there is a way we could connect ?
"AuthorizationFailed" is sticking, cant get rid of it, I tried every suggestion in the comments below. Authorization / access settings is not mentioned in the video, does it mean it should just work?
I follow instructions in video but got this error: The client '...' with object id '...' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/...' or the scope is invalid. If access was recently granted, please refresh your credentials. What should i do?
I've played with the built in oauth support over the years and never found a solution. I believe it is because of this issue: github.com/postmanlabs/postman-app-support/issues/4391 Please let me know if you find a way to get it to work
Thank you for the video! When I send the request (at 5:49), however, I get the following error returned: "error": { "code": "InvalidSubscriptionId", "message": "The provided subscription identifier 'resourcegroups' is malformed or invalid." } Any idea what's going on?
Hello Jon, awesome video! However, I still have one question regarding authentication: The generated bearer tokens are valid for an hour. In a production environment, when I am calling the APIs, should I generate a token before each API call, or should I run a script to save the token centrally every hour? Is there maybe another way to authenticate the API with a "permanent" API key or token in order to avoid the overhead of creating a new token each time?
I just published an updated pre-request script that should only request a new token if we don't already have a token or if the token has expired. Please have a look, try it out, and let me know if you run into any issues. Thanks! Jon blog.jongallant.com/2021/02/azure-rest-apis-postman-2021/#Pre-request-Script
I am using rest api to access logic app runs but getting error that resource not found but resource is already there have checked everything but not sure why its happening could you please help
I'm getting: { "error": { "code": "InvalidSubscriptionId", "message": "The provided subscription identifier 'resourcegroups' is malformed or invalid." } } I have checked both in cli and the portal. It is the correct subscriptionId I have entered in Postman. The other variables is correct aswell.
@@GregorSuttie In postman variables there are two values, one for current value and other for inital value. Set it to the current value will fix the error
You can use the REST API docs to create the requests you need: For delete blog: docs.microsoft.com/en-us/rest/api/storageservices/delete-blob I'm working on getting a Postman collection that has more of the REST API commands.
Great video, sadly Microsoft dropped the Ruby support. Would be great to at least offer a limited Ruby on Rails support for Azure AD and Graph. Improvement: Put the secrets into Environment variables that can be kept secret. Collection Variables are not hidden.
{ "error": { "code": "AuthenticationFailed", "message": "Authentication failed. The 'Authorization' header is missing." } } getting this error. :( . i had made a typo in setting environment variable, "clientId". i changed it, however i still get the same error. could you please help after sending the request, along with above error in the "Body" tab, I get the following error in the "Test Results" tab. Check for collectionVariables | AssertionError: clientId variable not set: expected '' not to be empty I have fixed the typo, even then i get this error
@@JonGallant I am also looking for the blueprint as I want to create blueprint on the Management group level so the owner will not able to delete blueprint.
hello can you help me connect my azure model to an android app interface i use kotlin but you can do a step by step tutorial even in java am having errors following the documentation
@@JonGallant a sample with personalised token would be very helpful, because service principals authorised for multiple tenants has a higher risk than personalised token limited to only the user's tenants. and the token can be issued via a strong authN (e.g. MFA), while client_credentials not. Do you have any doc links to this setup if a sample is not yet planned?
By default, when you create an SP, it does not have permissions to do anything. Make sure you assign the right RBAC role to your Service principal you created and try again. Hope this helps!
Thank you for this video and the link to your tutorial! Because of you, I was able to figure out how to automate with the Azure API in Python. I might post a tutorial myself on how to do it on Medium.
We need to add IAM Role Assignment (e.g. Contributor role) to the app (service principle ) and then the APIs work... otherwise it gives unauthorized error.
I need to code the postman collection in python, my question is if there is another way to get the bearertoken other than through the pre-script since I don't know how to pass it to my project and I can't depend on the collection in postman it must be something independent in my project, any ideas?
Hi Jon, I'm getting this error when I hit Send on the GET request "There was an error in evaluating the Pre-request Script: TypeError: Cannot read property 'get' of undefined"
@@justair07 Okay, please use this method instead if you need to use an old version of Postman that doesn't support collection variables. blog.jongallant.com/2017/11/azure-rest-apis-postman/
@@JonGallant i am trying to build an MFA application and i wanted to integrate it with azure authentication. Is there a way to pass the username and password without interacting with UI and then perform the MFA with azure on the UI?
@@codex4483 Do you want to call the rest endpoints on behalf of a user? Typically people wrap the Azure REST API in their own API. Then they do user auth against their API with Azure AD B2C. Either way you’d need to create an Azure AD app and control MFA with that.
@@JonGallant yes i want to do it on behalf of a user.. like i will be passing my username and password in the request and will the get the response accordingly..is that possible?
SubscriptionId topic is quite complicated; Azure does all sorts of crap that you need a subscription, and you cannot have access to shell because your subscription is not linked to your target Directory, you want to assign a subscription and its is not allowed. After some re-shuffle I could see the option and it insists on generating disk space. I was like WHAT THE HELL !! 💀
for those of you getting errors, you need to first give your service principal contributor permissions on the subscription you are trying to work with. Next, In postman variables there are two values, one for current value and other for initial value. Set it to the current value will fix the error. I had put the variables in the "initial value" column and it wasn't working because of that. Just wanted to share in case this helps someone else.
Hey Jon, great tutorial. Sadly it seems that changes have caused this to break in 2022. My attempts to execute the GET response receive the following error: The client 'xxxxxxxxxxxx with object id 'xxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/xxxxxxxx' or the scope is invalid. If access was recently granted, please refresh your credentials." The bearer token as well as the "bearerTokenExpiresOn" fields are all populated but It still isnt working. Would appreciate some guidance!
Same error here
@@robertkirwan29 one thing you can do Robert is add the application as a contributor to whichever scope you want to have access to (either a certain resource group or a subscription). This resolved the issue for me
@@arestlessmindband I am having the same issue - How to do that ? Please advice
@@harshavardhan637 Hi Harsha, you only need to change the permission of your application in your active directory. Give the application registration the "contributor" role to your subscription and this will work
@@arestlessmindband Under my subscription-> my permissions I have contributor - is it where I should be looking at ? Is there is a way we could connect ?
Microsoft feature this video in their docs, not disappointed.
Didn't know about the SDK's! That is going to make everything much easier!!
"AuthorizationFailed" is sticking, cant get rid of it, I tried every suggestion in the comments below. Authorization / access settings is not mentioned in the video, does it mean it should just work?
Nice content man! You're almost at 1000 subs haha
Thank you! We are there!
@@JonGallant Congrats! Hitting 1000 gave me the motivation to keep going.. at least I was getting paid a bit 😂
Thank you Jon, it was very helpful! It was very precise and well explained.
Thanks so much, just saved me a chunk of time as I'd started recreating this.
Glad I could help!
I follow instructions in video but got this error: The client '...' with object id '...' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/...' or the scope is invalid. If access was recently granted, please refresh your credentials. What should i do?
same here
I got the same error, is there a way around it ?
Do you have an example using certificates? Thank you so much.
Nice video, just wondering why you chose to use a pre-script for the auth rather than the native postman oauth2 functionality?
I've played with the built in oauth support over the years and never found a solution. I believe it is because of this issue: github.com/postmanlabs/postman-app-support/issues/4391
Please let me know if you find a way to get it to work
Another reason is that Postman doesn't automatically handle the token refresh if it expires.
Thank you for the video!
When I send the request (at 5:49), however, I get the following error returned:
"error": {
"code": "InvalidSubscriptionId",
"message": "The provided subscription identifier 'resourcegroups' is malformed or invalid."
}
Any idea what's going on?
I got the same error. Any updates on this?
@@DarrenJohnson42 - I hope you have saved the Variables values as current value not as Initial value and save it
I got authorization failed error, any suggestions to fix it ?
same here => "...does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read'"
Hello Jon, awesome video! However, I still have one question regarding authentication: The generated bearer tokens are valid for an hour. In a production environment, when I am calling the APIs, should I generate a token before each API call, or should I run a script to save the token centrally every hour? Is there maybe another way to authenticate the API with a "permanent" API key or token in order to avoid the overhead of creating a new token each time?
I just published an updated pre-request script that should only request a new token if we don't already have a token or if the token has expired. Please have a look, try it out, and let me know if you run into any issues. Thanks! Jon blog.jongallant.com/2021/02/azure-rest-apis-postman-2021/#Pre-request-Script
Is there any way to pull vulnerability from Azure using rest API
Followed everything , it says invalid authentication token
same here
I am using rest api to access logic app runs but getting error that resource not found but resource is already there have checked everything but not sure why its happening could you please help
I'm getting:
{
"error": {
"code": "InvalidSubscriptionId",
"message": "The provided subscription identifier 'resourcegroups' is malformed or invalid."
}
}
I have checked both in cli and the portal. It is the correct subscriptionId I have entered in Postman. The other variables is correct aswell.
@@vincentalm7161 Yes, that did the trick. Thank you very much!
I think initial value is not required. But I’ll keep note of that for next years video.
@@theduskyreaper how did u get this fixed as I am getting this error now.
@@GregorSuttie In postman variables there are two values, one for current value and other for inital value. Set it to the current value will fix the error
Is there a part 2? I'm looking for how to delete an azure blob in postman.
You can use the REST API docs to create the requests you need: For delete blog: docs.microsoft.com/en-us/rest/api/storageservices/delete-blob
I'm working on getting a Postman collection that has more of the REST API commands.
The bearer token doesn't work for azure service bus.
how to request my api diployed at azure with postman client?
I'm getting an error 'AccountTypeMissing' when I am trying to create a storage account using PUT request. Please help
Great video, sadly Microsoft dropped the Ruby support. Would be great to at least offer a limited Ruby on Rails support for Azure AD and Graph.
Improvement: Put the secrets into Environment variables that can be kept secret. Collection Variables are not hidden.
Thank you very much for the video. Are you planning on doing one abput how to get data files stored in Azure VMs using REST APIs?
I'm not planning on creating one. Can you try it and LMK if you get stuck and send code that you tried? jong.io/contact
{
"error": {
"code": "AuthenticationFailed",
"message": "Authentication failed. The 'Authorization' header is missing."
}
}
getting this error. :( . i had made a typo in setting environment variable, "clientId". i changed it, however i still get the same error. could you please help
after sending the request, along with above error in the "Body" tab, I get the following error in the "Test Results" tab.
Check for collectionVariables | AssertionError: clientId variable not set: expected '' not to be empty
I have fixed the typo, even then i get this error
Did you click the "Save button"?
thnx..I want to get Azure logs for a function, is it possible? pls explain...
Blueprints are not supported yet for js :(
What do you need to do with blueprints? Feel free to ping jong.io/contact to discuss.
@@JonGallant I am also looking for the blueprint as I want to create blueprint on the Management group level so the owner will not able to delete blueprint.
Do you know how to access Azure single sign on using Azure SDK?
Feel free to ping me here to discuss more jong.io/contact
Hi Jon, Is it possible to get the Office 365 subscription details like, subscription name, assgined user, etc via Azure APIs?
hello can you help me connect my azure model to an android app interface i use kotlin but you can do a step by step tutorial even in java am having errors following the documentation
Can it be done without a Service Principal? Only using my credentials?
Probably but I haven’t tried because you still need an app to authenticate your account to. Which is more setup.
@@JonGallant a sample with personalised token would be very helpful, because service principals authorised for multiple tenants has a higher risk than personalised token limited to only the user's tenants. and the token can be issued via a strong authN (e.g. MFA), while client_credentials not. Do you have any doc links to this setup if a sample is not yet planned?
Can we send any JSON files to any particular azure blob storage using this method?!
Yes you can do that with Azure REST - but using the Blob storage lib is much easier. What language? They are all here: aka.ms/azsdk
Hi,
I received '"code": "AuthorizationFailed"', seems to be rights issues. Which should be check first?
Thank you.
By default, when you create an SP, it does not have permissions to do anything. Make sure you assign the right RBAC role to your Service principal you created and try again. Hope this helps!
Thank you for the video
Thank you for this video and the link to your tutorial! Because of you, I was able to figure out how to automate with the Azure API in Python. I might post a tutorial myself on how to do it on Medium.
We need to add IAM Role Assignment (e.g. Contributor role) to the app (service principle ) and then the APIs work... otherwise it gives unauthorized error.
I need to code the postman collection in python, my question is if there is another way to get the bearertoken other than through the pre-script since I don't know how to pass it to my project and I can't depend on the collection in postman it must be something independent in my project, any ideas?
Can you use the Azure SDKs?
Hi Jon, I'm getting this error when I hit Send on the GET request "There was an error in evaluating the Pre-request Script: TypeError: Cannot read property 'get' of undefined"
What version of Postman are you using? I'm using v8.0.6
I just retested and everything works on my machine. Feel free to ping me here: jong.io/contact so we can try to repro together.
@@JonGallant Thank you, I just send you a message.
@@JonGallant 7.1
@@justair07 Okay, please use this method instead if you need to use an old version of Postman that doesn't support collection variables. blog.jongallant.com/2017/11/azure-rest-apis-postman/
Can i perform only the primary authentication using Rest
Can you explain that more?
@@JonGallant i am trying to build an MFA application and i wanted to integrate it with azure authentication. Is there a way to pass the username and password without interacting with UI and then perform the MFA with azure on the UI?
@@codex4483 Do you want to call the rest endpoints on behalf of a user? Typically people wrap the Azure REST API in their own API. Then they do user auth against their API with Azure AD B2C. Either way you’d need to create an Azure AD app and control MFA with that.
@@JonGallant yes i want to do it on behalf of a user.. like i will be passing my username and password in the request and will the get the response accordingly..is that possible?
@@codex4483 Look into Azure B2C with MFA
SubscriptionId topic is quite complicated; Azure does all sorts of crap that you need a subscription, and you cannot have access to shell because your subscription is not linked to your target Directory, you want to assign a subscription and its is not allowed. After some re-shuffle I could see the option and it insists on generating disk space. I was like WHAT THE HELL !! 💀
for those of you getting errors, you need to first give your service principal contributor permissions on the subscription you are trying to work with. Next, In postman variables there are two values, one for current value and other for initial value. Set it to the current value will fix the error.
I had put the variables in the "initial value" column and it wasn't working because of that. Just wanted to share in case this helps someone else.
Under subscription -> my permission I have contributor . I am still getting errors ! Can you please help ?
Worked for me. Had to find the app Display name in App Registration to add as contributor under the sub.
Make sure you put it under the correct sub!
@@ulgrimthemad That did the trick!
InvalidSubscriptionId, although it is correct. I just copy pasted it.
Make sure your initial and current values are both set with the value in the variable section of the collection.
Great video and awesome script. @jon gallant Thanks a ton for this informative video